diff options
Diffstat (limited to 'crypto/kerberosIV/appl/bsd')
31 files changed, 0 insertions, 9144 deletions
diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in deleted file mode 100644 index fdda8c1..0000000 --- a/crypto/kerberosIV/appl/bsd/Makefile.in +++ /dev/null @@ -1,136 +0,0 @@ -# $Id: Makefile.in,v 1.68 1999/03/27 17:05:34 joda Exp $ - -SHELL = /bin/sh - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -VPATH = @srcdir@ - -top_builddir = ../.. - -CC = @CC@ -LINK = @LINK@ -AR = ar -RANLIB = @RANLIB@ -DEFS = @DEFS@ -DBINDIR='"$(bindir)"' -CFLAGS = @CFLAGS@ $(WFLAGS) -WFLAGS = @WFLAGS@ -LD_FLAGS = @LD_FLAGS@ -INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -LIBS = @LIBS@ -LIB_DBM = @LIB_DBM@ -MKINSTALLDIRS = @top_srcdir@/mkinstalldirs - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -libdir = @libdir@ -libexecdir = @libexecdir@ -bindir = @bindir@ -transform=@program_transform_name@ -EXECSUFFIX=@EXECSUFFIX@ - -# Beware, these are all setuid root programs -PROG_SUIDBIN = rsh$(EXECSUFFIX) \ - rcp$(EXECSUFFIX) \ - rlogin$(EXECSUFFIX) \ - su$(EXECSUFFIX) -PROG_BIN = login$(EXECSUFFIX) -PROG_LIBEXEC = rshd$(EXECSUFFIX) \ - rlogind$(EXECSUFFIX) -PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC) - -SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \ - login.c klogin.c login_access.c su.c rlogind.c \ - login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \ - utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c \ - osfc2.c - -rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o -rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o osfc2.o -rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o -login_OBJS = login.o klogin.o login_fbtab.o login_access.o \ - sysv_default.o sysv_environ.o sysv_shadow.o \ - utmp_login.o utmpx_login.o stty_default.o tty.o osfc2.o -su_OBJS = su.o -rshd_OBJS = rshd.o encrypt.o rcmd_util.o osfc2.o -rlogind_OBJS = rlogind.o forkpty.o encrypt.o rcmd_util.o tty.o - - -all: $(PROGS) - -Wall: - make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" - -.c.o: - $(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< - -install: all - $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) - for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ - done - $(MKINSTALLDIRS) $(DESTDIR)$(bindir) - for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ - done - -for x in $(PROG_SUIDBIN); do \ - $(INSTALL_PROGRAM) -o root -m 04555 $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ - done - -uninstall: - for x in $(PROG_LIBEXEC); do \ - rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \ - done - for x in $(PROG_BIN); do \ - rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ - done - for x in $(PROG_SUIDBIN); do \ - rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ - done - -TAGS: $(SOURCES) - etags $(SOURCES) - -check: - -clean: - rm -f *.a *.o $(PROGS) - -mostlyclean: clean - -distclean: clean - rm -f Makefile *.tab.c *~ - -realclean: distclean - rm -f TAGS - -KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes -KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB) -OTPLIB=@LIB_otp@ -LIBROKEN=-L../../lib/roken -lroken - -LIB_security=@LIB_security@ - -rcp$(EXECSUFFIX): $(rcp_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security) - -rsh$(EXECSUFFIX): $(rsh_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -rshd$(EXECSUFFIX): $(rshd_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security) - -rlogin$(EXECSUFFIX): $(rlogin_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -rlogind$(EXECSUFFIX): $(rlogind_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -login$(EXECSUFFIX): $(login_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(LIB_security) - -su$(EXECSUFFIX): $(su_OBJS) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login deleted file mode 100644 index c072969..0000000 --- a/crypto/kerberosIV/appl/bsd/README.login +++ /dev/null @@ -1,20 +0,0 @@ -This login has additional functionalities. They are all based on (part of) -Wietse Venema's logdaemon package. - - -The following defines can be used: -1) LOGIN_ACCESS to allow access control on a per tty/user combination -2) LOGALL to log all logins - --Guido - -This login has some of Berkeley's paranoid/broken (depending on your point -of view) Kerberos code conditionalized out, so that by default it works like -klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code. -This define also controls whether a warning message is printed when logging -into a system with no krb.conf file, which usually means that Kerberos is -not configured. - --GAWollman - -(removed S/Key, /assar) diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h deleted file mode 100644 index c5be006..0000000 --- a/crypto/kerberosIV/appl/bsd/bsd_locl.h +++ /dev/null @@ -1,401 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */ -/* $FreeBSD$ */ - -#define LOGALL -#ifndef KERBEROS -#define KERBEROS -#endif -#define KLOGIN_PARANOID -#define LOGIN_ACCESS -#define PASSWD_FALLBACK - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -/* Any better way to test NO_MOTD? */ -#if (SunOS >= 50) || defined(__hpux) -#define NO_MOTD -#endif - -#ifdef HAVE_SHADOW_H -#define SYSV_SHADOW -#endif - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <ctype.h> -#include <setjmp.h> -#include <limits.h> - -#include <stdarg.h> - -#include <errno.h> -#ifdef HAVE_IO_H -#include <io.h> -#endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_LIBUTIL_H -#include <libutil.h> -#endif -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif -#ifdef TIME_WITH_SYS_TIME -#include <sys/time.h> -#include <time.h> -#elif defined(HAVE_SYS_TIME_H) -#include <sys/time.h> -#else -#include <time.h> -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - -#ifndef S_ISTXT -#ifdef S_ISVTX -#define S_ISTXT S_ISVTX -#else -#define S_ISTXT 0 -#endif -#endif - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#ifdef HAVE_DIRENT_H -#include <dirent.h> -#endif -#include <signal.h> -#ifdef HAVE_SYS_RESOURCE_H -#include <sys/resource.h> -#endif /* HAVE_SYS_RESOURCE_H */ -#ifdef HAVE_SYS_WAIT_H -#include <sys/wait.h> -#endif -#ifdef HAVE_SYS_PARAM_H -#include <sys/param.h> -#endif - -#ifndef NCARGS -#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */ -#endif -#ifdef HAVE_PWD_H -#include <pwd.h> -#endif - -#ifdef HAVE_GRP_H -#include <grp.h> -#endif -#ifdef HAVE_UTIME_H -#include <utime.h> -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include <sys/socket.h> -#endif -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include <netinet/in_systm.h> -#endif -#ifdef HAVE_NETINET_IP_H -#include <netinet/ip.h> -#endif -#ifdef HAVE_NETINET_TCP_H -#include <netinet/tcp.h> -#endif -#ifdef HAVE_ARPA_INET_H -#include <arpa/inet.h> -#endif -#ifdef HAVE_NETDB_H -#include <netdb.h> -#endif - -#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 -#include <sys/ioctl.h> -#endif -#ifdef HAVE_SYS_IOCCOM_H -#include <sys/ioccom.h> -#endif - -#ifdef HAVE_SYS_SOCKIO_H -#include <sys/sockio.h> -#endif - -#ifdef HAVE_SYS_SELECT_H -#include <sys/select.h> -#endif - -#ifdef HAVE_SYS_FILIO_H -#include <sys/filio.h> -#endif - -#ifdef HAVE_SYS_STREAM_H -#ifdef HAVE_SYS_UIO_H -#include <sys/uio.h> -#endif /* HAVE_SYS_UIO_H */ -#include <sys/stream.h> -#endif /* HAVE_SYS_STREAM_H */ - -#ifdef HAVE_SYS_PTYVAR_H -#ifdef HAVE_SYS_PROC_H -#include <sys/proc.h> -#endif -#ifdef HAVE_SYS_TTY_H -#include <sys/tty.h> -#endif -#ifdef HAVE_SYS_PTYIO_H -#include <sys/ptyio.h> -#endif -#include <sys/ptyvar.h> -#endif /* HAVE_SYS_PTYVAR_H */ - -/* Cray stuff */ -#ifdef HAVE_UDB_H -#include <udb.h> -#endif -#ifdef HAVE_SYS_CATEGORY_H -#include <sys/category.h> -#endif - -/* Strange ioctls that are not always defined */ - -#ifndef TIOCPKT_FLUSHWRITE -#define TIOCPKT_FLUSHWRITE 0x02 -#endif - -#ifndef TIOCPKT_NOSTOP -#define TIOCPKT_NOSTOP 0x10 -#endif - -#ifndef TIOCPKT_DOSTOP -#define TIOCPKT_DOSTOP 0x20 -#endif - -#ifndef TIOCPKT -#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */ -#endif - -#ifdef HAVE_LASTLOG_H -#include <lastlog.h> -#endif - -#ifdef HAVE_LOGIN_H -#include <login.h> -#endif - -#ifdef HAVE_TTYENT_H -#include <ttyent.h> -#endif - -#ifdef HAVE_STROPTS_H -#include <stropts.h> -#endif - -#ifdef HAVE_UTMP_H -#include <utmp.h> -#ifndef UT_NAMESIZE -#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name) -#endif -#endif - -#ifdef HAVE_UTMPX_H -#include <utmpx.h> -#endif - -#ifdef HAVE_USERPW_H -#include <userpw.h> -#endif /* HAVE_USERPW_H */ - -#ifdef HAVE_USERSEC_H -struct aud_rec; -#include <usersec.h> -#endif /* HAVE_USERSEC_H */ - -#ifdef HAVE_OSFC2 -#include "/usr/include/prot.h" -#endif - -#ifndef PRIO_PROCESS -#define PRIO_PROCESS 0 -#endif - -#include <err.h> - -#include <roken.h> - -#ifdef SOCKS -#include <socks.h> -/* This doesn't belong here. */ -struct tm *localtime(const time_t *); -struct hostent *gethostbyname(const char *); -#endif - -#define OPENSSL_DES_LIBDES_COMPATIBILITY -#include <openssl/des.h> -#include <krb.h> -#include <kafs.h> - -int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser, - char *remuser, char *cmd, int *fd2p, KTEXT ticket, - char *service, char *realm, CREDENTIALS *cred, - Key_schedule schedule, MSG_DAT *msg_data, - struct sockaddr_in *laddr, struct sockaddr_in *faddr, - int32_t authopts); - -int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd, - int *fd2p, char *realm); - -int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser, - char *cmd,int *fd2p, char *realm, - CREDENTIALS *cred, Key_schedule sched); - -int klogin(struct passwd *pw, char *instance, char *localhost, char *password); - -#if 0 -typedef struct { - int cnt; - char *buf; -} BUF; -#endif - -char *colon(char *cp); -int okname(char *cp0); -int susystem(char *s, int userid); - -int forkpty(int *amaster, char *name, - struct termios *termp, struct winsize *winp); - -int forkpty_truncate(int *amaster, char *name, size_t name_sz, - struct termios *termp, struct winsize *winp); - -#ifndef MODEMASK -#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) -#endif - -#ifdef HAVE_PATHS_H -#include <paths.h> -#endif -#ifdef HAVE_MAILLOCK_H -#include <maillock.h> -#endif -#include "pathnames.h" - -void stty_default (void); - -int utmpx_login(char *line, char *user, char *host); - -extern char **environ; - -void sysv_newenv(int argc, char **argv, struct passwd *pwd, - char *term, int pflag); - -int login_access(struct passwd *user, char *from); -void fatal(int f, const char *msg, int syserr); - -extern int LEFT_JUSTIFIED; - -/* used in des_read and des_write */ -#define DES_RW_MAXWRITE (1024*16) -#define DES_RW_BSIZE (DES_RW_MAXWRITE+4) - -void sysv_defaults(void); -void utmp_login(char *tty, char *username, char *hostname); -void sleepexit (int); - -#ifndef HAVE_SETPRIORITY -#define setpriority(which, who, niceval) 0 -#endif - -#ifndef HAVE_GETPRIORITY -#define getpriority(which, who) 0 -#endif - -#ifdef HAVE_TERMIOS_H -#include <termios.h> -#endif - -#ifndef _POSIX_VDISABLE -#define _POSIX_VDISABLE 0 -#endif /* _POSIX_VDISABLE */ -#if SunOS == 40 -#include <sys/ttold.h> -#endif - -#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H) -#include <sys/termio.h> -#endif - -#ifndef CEOF -#define CEOF 04 -#endif - -/* concession to Sun */ -#ifndef SIGUSR1 -#define SIGUSR1 30 -#endif - -#ifndef TIOCPKT_WINDOW -#define TIOCPKT_WINDOW 0x80 -#endif - -int get_shell_port(int kerberos, int encryption); -int get_login_port(int kerberos, int encryption); -int speed_t2int (speed_t); -speed_t int2speed_t (int); -void ip_options_and_die (int sock, struct sockaddr_in *); -void warning(const char *fmt, ...) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; - -char *clean_ttyname (char *tty); -char *make_id (char *tty); -#ifdef HAVE_UTMP_H -void prepare_utmp (struct utmp *utmp, char *tty, char *username, - char *hostname); -#endif - -int do_osfc2_magic(uid_t); - -void paranoid_setuid (uid_t uid); diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c deleted file mode 100644 index 9f835c6..0000000 --- a/crypto/kerberosIV/appl/bsd/encrypt.c +++ /dev/null @@ -1,305 +0,0 @@ -/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This file is part of an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL - * specification. This library and applications are - * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE - * as long as the following conditions are aheared to. - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. If this code is used in a product, - * Eric Young should be given attribution as the author of the parts used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Eric Young (eay@mincom.oz.au) - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "bsd_locl.h" - -RCSID("$Id: encrypt.c,v 1.4 1999/06/17 18:47:26 assar Exp $"); - -/* replacements for htonl and ntohl since I have no idea what to do - * when faced with machines with 8 byte longs. */ -#define HDRSIZE 4 - -#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \ - l|=((u_int32_t)(*((c)++)))<<16, \ - l|=((u_int32_t)(*((c)++)))<< 8, \ - l|=((u_int32_t)(*((c)++)))) - -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* This has some uglies in it but it works - even over sockets. */ -extern int errno; -int des_rw_mode=DES_PCBC_MODE; -int LEFT_JUSTIFIED = 0; - -int -des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) -{ - /* data to be unencrypted */ - int net_num=0; - unsigned char net[DES_RW_BSIZE]; - /* extra unencrypted data - * for when a block of 100 comes in but is des_read one byte at - * a time. */ - static char unnet[DES_RW_BSIZE]; - static int unnet_start=0; - static int unnet_left=0; - int i; - long num=0,rnum; - unsigned char *p; - - /* left over data from last decrypt */ - if (unnet_left != 0) - { - if (unnet_left < len) - { - /* we still still need more data but will return - * with the number of bytes we have - should always - * check the return value */ - memcpy(buf,&(unnet[unnet_start]),unnet_left); - /* eay 26/08/92 I had the next 2 lines - * reversed :-( */ - i=unnet_left; - unnet_start=unnet_left=0; - } - else - { - memcpy(buf,&(unnet[unnet_start]),len); - unnet_start+=len; - unnet_left-=len; - i=len; - } - return(i); - } - - /* We need to get more data. */ - if (len > DES_RW_MAXWRITE) len=DES_RW_MAXWRITE; - - /* first - get the length */ - net_num=0; - while (net_num < HDRSIZE) - { - i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); - if ((i == -1) && (errno == EINTR)) continue; - if (i <= 0) return(0); - net_num+=i; - } - - /* we now have at net_num bytes in net */ - p=net; - num=0; - n2l(p,num); - /* num should be rounded up to the next group of eight - * we make sure that we have read a multiple of 8 bytes from the net. - */ - if ((num > DES_RW_MAXWRITE) || (num < 0)) /* error */ - return(-1); - rnum=(num < 8)?8:((num+7)/8*8); - - net_num=0; - while (net_num < rnum) - { - i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); - if ((i == -1) && (errno == EINTR)) continue; - if (i <= 0) return(0); - net_num+=i; - } - - /* Check if there will be data left over. */ - if (len < num) - { - if (des_rw_mode & DES_PCBC_MODE) - des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, - num,sched,iv,DES_DECRYPT); - else - des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, - num,sched,iv,DES_DECRYPT); - memcpy(buf,unnet,len); - unnet_start=len; - unnet_left=num-len; - - /* The following line is done because we return num - * as the number of bytes read. */ - num=len; - } - else - { - /* >output is a multiple of 8 byes, if len < rnum - * >we must be careful. The user must be aware that this - * >routine will write more bytes than he asked for. - * >The length of the buffer must be correct. - * FIXED - Should be ok now 18-9-90 - eay */ - if (len < rnum) - { - char tmpbuf[DES_RW_BSIZE]; - - if (des_rw_mode & DES_PCBC_MODE) - des_pcbc_encrypt((des_cblock *)net, - (des_cblock *)tmpbuf, - num,sched,iv,DES_DECRYPT); - else - des_cbc_encrypt((des_cblock *)net, - (des_cblock *)tmpbuf, - num,sched,iv,DES_DECRYPT); - - /* eay 26/08/92 fix a bug that returned more - * bytes than you asked for (returned len bytes :-( */ - if (LEFT_JUSTIFIED || (len >= 8)) - memcpy(buf,tmpbuf,num); - else - memcpy(buf,tmpbuf+(8-num),num); /* Right justified */ - } - else if (num >= 8) - { - if (des_rw_mode & DES_PCBC_MODE) - des_pcbc_encrypt((des_cblock *)net, - (des_cblock *)buf,num,sched,iv, - DES_DECRYPT); - else - des_cbc_encrypt((des_cblock *)net, - (des_cblock *)buf,num,sched,iv, - DES_DECRYPT); - } - else - { - if (des_rw_mode & DES_PCBC_MODE) - des_pcbc_encrypt((des_cblock *)net, - (des_cblock *)buf,8,sched,iv, - DES_DECRYPT); - else - des_cbc_encrypt((des_cblock *)net, - (des_cblock *)buf,8,sched,iv, - DES_DECRYPT); - if (!LEFT_JUSTIFIED) - memcpy(buf, buf+(8-num), num); /* Right justified */ - } - } - return(num); -} - -int -des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) -{ - long rnum; - int i,j,k,outnum; - char outbuf[DES_RW_BSIZE+HDRSIZE]; - char shortbuf[8]; - char *p; - static int start=1; - - /* If we are sending less than 8 bytes, the same char will look - * the same if we don't pad it out with random bytes */ - if (start) - { - start=0; - srand(time(NULL)); - } - - /* lets recurse if we want to send the data in small chunks */ - if (len > DES_RW_MAXWRITE) - { - j=0; - for (i=0; i<len; i+=k) - { - k=des_enc_write(fd,&(buf[i]), - ((len-i) > DES_RW_MAXWRITE)?DES_RW_MAXWRITE:(len-i),sched,iv); - if (k < 0) - return(k); - else - j+=k; - } - return(j); - } - - /* write length first */ - p=outbuf; - l2n(len,p); - - /* pad short strings */ - if (len < 8) - { - if (LEFT_JUSTIFIED) - { - p=shortbuf; - memcpy(shortbuf,buf,(unsigned int)len); - for (i=len; i<8; i++) - shortbuf[i]=rand(); - rnum=8; - } - else - { - p=shortbuf; - for (i=0; i<8-len; i++) - shortbuf[i]=rand(); - memcpy(shortbuf + 8 - len, buf, len); - rnum=8; - } - } - else - { - p=buf; - rnum=((len+7)/8*8); /* round up to nearest eight */ - } - - if (des_rw_mode & DES_PCBC_MODE) - des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), - (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); - else - des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), - (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); - - /* output */ - outnum=rnum+HDRSIZE; - - for (j=0; j<outnum; j+=i) - { - /* eay 26/08/92 I was not doing writing from where we - * got upto. */ - i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j)); - if (i == -1) - { - if (errno == EINTR) - i=0; - else /* This is really a bad error - very bad - * It will stuff-up both ends. */ - return(-1); - } - } - - return(len); -} diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c deleted file mode 100644 index 891fb91..0000000 --- a/crypto/kerberosIV/appl/bsd/forkpty.c +++ /dev/null @@ -1,477 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -#ifndef HAVE_FORKPTY - -RCSID("$Id: forkpty.c,v 1.57 1999/12/02 16:58:28 joda Exp $"); - -/* Only CRAY is known to have problems with forkpty(). */ -#if defined(CRAY) -static int forkpty_ok = 0; -#else -static int forkpty_ok = 1; -#endif - -#ifndef HAVE_PTSNAME -static char *ptsname(int fd) -{ -#ifdef HAVE_TTYNAME - return ttyname(fd); -#else - return NULL; -#endif -} -#endif - -#ifndef HAVE_GRANTPT -#define grantpt(fdm) (0) -#endif - -#ifndef HAVE_UNLOCKPT -#define unlockpt(fdm) (0) -#endif - -#ifndef HAVE_VHANGUP -#define vhangup() (0) -#endif - -#ifndef HAVE_REVOKE -static -void -revoke(char *line) -{ - int slave; - RETSIGTYPE (*ofun)(); - - if ( (slave = open(line, O_RDWR)) < 0) - return; - - ofun = signal(SIGHUP, SIG_IGN); - vhangup(); - signal(SIGHUP, ofun); - /* - * Some systems (atleast SunOS4) want to have the slave end open - * at all times to prevent a race in the child. Login will close - * it so it should really not be a problem. However for the - * paranoid we use the close on exec flag so it will only be open - * in the parent. Additionally since this will be the controlling - * tty of rlogind the final vhangup() in rlogind should hangup all - * processes. A working revoke would of course have been prefered - * though (sigh). - */ - fcntl(slave, F_SETFD, 1); - /* close(slave); */ -} -#endif - - -static int pty_major, pty_minor; - -static void -pty_scan_start(void) -{ - pty_major = -1; - pty_minor = 0; -} - -static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv"; -/* there are many more */ -static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; - -static int -pty_scan_next(char *buf, size_t sz) -{ -#ifdef CRAY - if(++pty_major >= sysconf(_SC_CRAY_NPTY)) - return -1; - snprintf(buf, sz, "/dev/pty/%03d", pty_major); -#else - if(++pty_major == strlen(bsd_1)){ - pty_major = 0; - if(++pty_minor == strlen(bsd_2)) - return -1; - } -#ifdef __hpux - snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); -#else - snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); -#endif /* __hpux */ -#endif /* CRAY */ - return 0; -} - -static void -pty_scan_tty(char *buf, size_t sz) -{ -#ifdef CRAY - snprintf(buf, sz, "/dev/ttyp%03d", pty_major); -#elif defined(__hpux) - snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); -#else - snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); -#endif -} - -static int -ptym_open_streams_flavor(char *pts_name, - size_t pts_name_sz, - int *streams_pty) -{ - /* Try clone device master ptys */ - const char *const clone[] = { "/dev/ptc", "/dev/ptmx", - "/dev/ptm", "/dev/ptym/clone", 0 }; - int fdm; - const char *const *q; - - for (q = clone; *q; q++) { - fdm = open(*q, O_RDWR); - if (fdm >= 0) - break; - } - if (fdm >= 0) { - char *ptr1; - if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */ - /* Return name of slave */ - strlcpy(pts_name, ptr1, pts_name_sz); - else { - close(fdm); - return(-4); - } - if (grantpt(fdm) < 0) { /* Grant access to slave */ - close(fdm); - return(-2); - } - if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */ - close(fdm); - return(-3); - } - return(fdm); /* return fd of master */ - } - return -1; -} - -static int -ptym_open_bsd_flavor(char *pts_name, size_t pts_name_sz, int *streams_pty) -{ - int fdm; - char ptm[MaxPathLen]; - - pty_scan_start(); - - while (pty_scan_next(ptm, sizeof(ptm)) != -1) { - fdm = open(ptm, O_RDWR); - if (fdm < 0) - continue; -#if SunOS == 40 - /* Avoid a bug in SunOS4 ttydriver */ - if (fdm > 0) { - int pgrp; - if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1) - && (errno == EIO)) - /* All fine */; - else { - close(fdm); - continue; - } - } -#endif - pty_scan_tty(pts_name, sizeof(ptm)); -#if CRAY - /* this is some magic from the telnet code */ - { - struct stat sb; - if(stat(pts_name, &sb) < 0) { - close(fdm); - continue; - } - if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) { - chown(pts_name, 0, 0); - chmod(pts_name, 0600); - close(fdm); - fdm = open(ptm, 2); - if (fdm < 0) - continue; - } - } - /* - * Now it should be safe...check for accessability. - */ - if (access(pts_name, 6) != 0){ - /* no tty side to pty so skip it */ - close(fdm); - continue; - } -#endif - return fdm; /* All done! */ - } - - /* We failed to find BSD style pty */ - errno = ENOENT; - return -1; -} - -/* - * - * Open a master pty either using the STREAM flavor or the BSD flavor. - * Depending on if there are any free ptys in the different classes we - * need to try both. Normally try STREAMS first and then BSD. - * - * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys - * doesn't get initialized properly so we try them in different order - * until the problem has been resolved. - * - */ -static int -ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty) -{ - int fdm; - -#ifdef HAVE__GETPTY - { - char *p = _getpty(&fdm, O_RDWR, 0600, 1); - if (p) { - *streams_pty = 1; - strlcpy (pts_name, p, pts_name_sz); - return fdm; - } - } -#endif - -#ifdef STREAMSPTY - fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty); - if (fdm >= 0) - { - *streams_pty = 1; - return fdm; - } -#endif - - fdm = ptym_open_bsd_flavor(pts_name, pts_name_sz, streams_pty); - if (fdm >= 0) - { - *streams_pty = 0; - return fdm; - } - -#ifndef STREAMSPTY - fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty); - if (fdm >= 0) - { - *streams_pty = 1; - return fdm; - } -#endif - - return -1; -} - -static int -maybe_push_modules(int fd, char **modules) -{ -#ifdef I_PUSH - char **p; - int err; - - for(p=modules; *p; p++){ - err=ioctl(fd, I_FIND, *p); - if(err == 1) - break; - if(err < 0 && errno != EINVAL) - return -17; - /* module not pushed or does not exist */ - } - /* p points to null or to an already pushed module, now push all - modules before this one */ - - for(p--; p >= modules; p--){ - err = ioctl(fd, I_PUSH, *p); - if(err < 0 && errno != EINVAL) - return -17; - } -#endif - return 0; -} - -static int -ptys_open(int fdm, char *pts_name, int streams_pty) -{ - int fds; - - if (streams_pty) { - /* Streams style slave ptys */ - if ( (fds = open(pts_name, O_RDWR)) < 0) { - close(fdm); - return(-5); - } - - { - char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL }; - char *ptymodules[] = { "pckt", NULL }; - - if(maybe_push_modules(fds, ttymodules)<0){ - close(fdm); - close(fds); - return -6; - } - if(maybe_push_modules(fdm, ptymodules)<0){ - close(fdm); - close(fds); - return -7; - } - } - } else { - /* BSD style slave ptys */ - struct group *grptr; - int gid; - if ( (grptr = getgrnam("tty")) != NULL) - gid = grptr->gr_gid; - else - gid = -1; /* group tty is not in the group file */ - - /* Grant access to slave */ - if (chown(pts_name, getuid(), gid) < 0) - fatal(0, "chown slave tty failed", 1); - if (chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP) < 0) - fatal(0, "chmod slave tty failed", 1); - - if ( (fds = open(pts_name, O_RDWR)) < 0) { - close(fdm); - return(-1); - } - } - return(fds); -} - -int -forkpty_truncate(int *ptrfdm, - char *slave_name, - size_t slave_name_sz, - struct termios *slave_termios, - struct winsize *slave_winsize) -{ - int fdm, fds, streams_pty; - pid_t pid; - char pts_name[20]; - - if (!forkpty_ok) - fatal(0, "Protocol not yet supported, use telnet", 0); - - if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0) - return -1; - - if (slave_name != NULL) - /* Return name of slave */ - strlcpy(slave_name, pts_name, slave_name_sz); - - pid = fork(); - if (pid < 0) - return(-1); - else if (pid == 0) { /* Child */ - if (setsid() < 0) - fatal(0, "setsid() failure", errno); - - revoke(slave_name); - -#if defined(NeXT) || defined(ultrix) - /* The NeXT is severely broken, this makes things slightly - * better but we still doesn't get a working pty. If there - * where a TIOCSCTTY we could perhaps fix things but... The - * same problem also exists in xterm! */ - if (setpgrp(0, 0) < 0) - fatal(0, "NeXT kludge failed setpgrp", errno); -#endif - - /* SVR4 acquires controlling terminal on open() */ - if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0) - return -1; - close(fdm); /* All done with master in child */ - -#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux) - /* 44BSD way to acquire controlling terminal */ - /* !CIBAUD to avoid doing this under SunOS */ - if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0) - return -1; -#endif -#if defined(NeXT) - { - int t = open("/dev/tty", O_RDWR); - if (t < 0) - fatal(0, "Failed to open /dev/tty", errno); - close(fds); - fds = t; - } -#endif - /* Set slave's termios and window size */ - if (slave_termios != NULL) { - if (tcsetattr(fds, TCSANOW, slave_termios) < 0) - return -1; - } -#ifdef TIOCSWINSZ - if (slave_winsize != NULL) { - if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0) - return -1; - } -#endif - /* slave becomes stdin/stdout/stderr of child */ - if (dup2(fds, STDIN_FILENO) != STDIN_FILENO) - return -1; - if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO) - return -1; - if (dup2(fds, STDERR_FILENO) != STDERR_FILENO) - return -1; - if (fds > STDERR_FILENO) - close(fds); - return(0); /* child returns 0 just like fork() */ - } - else { /* Parent */ - *ptrfdm = fdm; /* Return fd of master */ - return(pid); /* Parent returns pid of child */ - } -} - -int -forkpty(int *ptrfdm, - char *slave_name, - struct termios *slave_termios, - struct winsize *slave_winsize) -{ - return forkpty_truncate (ptrfdm, - slave_name, - MaxPathLen, - slave_termios, - slave_winsize); -} - -#endif /* HAVE_FORKPTY */ diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c deleted file mode 100644 index 93b2b70..0000000 --- a/crypto/kerberosIV/appl/bsd/kcmd.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $"); - -#define START_PORT 5120 /* arbitrary */ - -static int -getport(int *alport) -{ - struct sockaddr_in sin; - int s; - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; - s = socket(AF_INET, SOCK_STREAM, 0); - if (s < 0) - return (-1); - for (;;) { - sin.sin_port = htons((u_short)*alport); - if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - return (s); - if (errno != EADDRINUSE) { - close(s); - return (-1); - } - (*alport)--; -#ifdef ATHENA_COMPAT - if (*alport == IPPORT_RESERVED/2) { -#else - if (*alport == IPPORT_RESERVED) { -#endif - close(s); - errno = EAGAIN; /* close */ - return (-1); - } - } -} - -int -kcmd(int *sock, - char **ahost, - u_int16_t rport, - char *locuser, - char *remuser, - char *cmd, - int *fd2p, - KTEXT ticket, - char *service, - char *realm, - CREDENTIALS *cred, - Key_schedule schedule, - MSG_DAT *msg_data, - struct sockaddr_in *laddr, - struct sockaddr_in *faddr, - int32_t authopts) -{ - int s, timo = 1; - pid_t pid; - struct sockaddr_in sin, from; - char c; -#ifdef ATHENA_COMPAT - int lport = IPPORT_RESERVED - 1; -#else - int lport = START_PORT; -#endif - struct hostent *hp; - int rc; - char *host_save; - int status; - char **h_addr_list; - - pid = getpid(); - hp = gethostbyname(*ahost); - if (hp == NULL) { - /* fprintf(stderr, "%s: unknown host\n", *ahost); */ - return (-1); - } - - host_save = strdup(hp->h_name); - if (host_save == NULL) - return -1; - *ahost = host_save; - h_addr_list = hp->h_addr_list; - - /* If realm is null, look up from table */ - if (realm == NULL || realm[0] == '\0') - realm = krb_realmofhost(host_save); - - for (;;) { - s = getport(&lport); - if (s < 0) { - if (errno == EAGAIN) - warnx("kcmd(socket): All ports in use\n"); - else - warn("kcmd: socket"); - return (-1); - } - sin.sin_family = hp->h_addrtype; - memcpy (&sin.sin_addr, h_addr_list[0], sizeof(sin.sin_addr)); - sin.sin_port = rport; - if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) - break; - close(s); - if (errno == EADDRINUSE) { - lport--; - continue; - } - /* - * don't wait very long for Kerberos rcmd. - */ - if (errno == ECONNREFUSED && timo <= 4) { - /* sleep(timo); don't wait at all here */ - timo *= 2; - continue; - } - if (h_addr_list[1] != NULL) { - warn ("kcmd: connect (%s)", - inet_ntoa(sin.sin_addr)); - h_addr_list++; - memcpy(&sin.sin_addr, - *h_addr_list, - sizeof(sin.sin_addr)); - fprintf(stderr, "Trying %s...\n", - inet_ntoa(sin.sin_addr)); - continue; - } - if (errno != ECONNREFUSED) - warn ("connect(%s)", hp->h_name); - return (-1); - } - lport--; - if (fd2p == 0) { - write(s, "", 1); - lport = 0; - } else { - char num[8]; - int s2 = getport(&lport), s3; - int len = sizeof(from); - - if (s2 < 0) { - status = -1; - goto bad; - } - listen(s2, 1); - snprintf(num, sizeof(num), "%d", lport); - if (write(s, num, strlen(num) + 1) != strlen(num) + 1) { - warn("kcmd(write): setting up stderr"); - close(s2); - status = -1; - goto bad; - } - { - fd_set fds; - FD_ZERO(&fds); - if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) { - warnx("file descriptor too large"); - close(s); - close(s2); - status = -1; - goto bad; - } - - FD_SET(s, &fds); - FD_SET(s2, &fds); - status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); - if(FD_ISSET(s, &fds)){ - warnx("kcmd: connection unexpectedly closed."); - close(s2); - status = -1; - goto bad; - } - } - s3 = accept(s2, (struct sockaddr *)&from, &len); - close(s2); - if (s3 < 0) { - warn ("kcmd: accept"); - lport = 0; - status = -1; - goto bad; - } - - *fd2p = s3; - from.sin_port = ntohs((u_short)from.sin_port); - if (from.sin_family != AF_INET || - from.sin_port >= IPPORT_RESERVED) { - warnx("kcmd(socket): " - "protocol failure in circuit setup."); - status = -1; - goto bad2; - } - } - /* - * Kerberos-authenticated service. Don't have to send locuser, - * since its already in the ticket, and we'll extract it on - * the other side. - */ - /* write(s, locuser, strlen(locuser)+1); */ - - /* set up the needed stuff for mutual auth, but only if necessary */ - if (authopts & KOPT_DO_MUTUAL) { - int sin_len; - *faddr = sin; - - sin_len = sizeof(struct sockaddr_in); - if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) { - warn("kcmd(getsockname)"); - status = -1; - goto bad2; - } - } - if ((status = krb_sendauth(authopts, s, ticket, service, *ahost, - realm, (unsigned long) getpid(), msg_data, - cred, schedule, - laddr, - faddr, - "KCMDV0.1")) != KSUCCESS) - goto bad2; - - write(s, remuser, strlen(remuser)+1); - write(s, cmd, strlen(cmd)+1); - - if ((rc = read(s, &c, 1)) != 1) { - if (rc == -1) - warn("read(%s)", *ahost); - else - warnx("kcmd: bad connection with remote host"); - status = -1; - goto bad2; - } - if (c != '\0') { - while (read(s, &c, 1) == 1) { - write(2, &c, 1); - if (c == '\n') - break; - } - status = -1; - goto bad2; - } - *sock = s; - return (KSUCCESS); -bad2: - if (lport) - close(*fd2p); -bad: - close(s); - return (status); -} diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c deleted file mode 100644 index df21dbf..0000000 --- a/crypto/kerberosIV/appl/bsd/klogin.c +++ /dev/null @@ -1,229 +0,0 @@ -/*- - * Copyright (c) 1990, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: klogin.c,v 1.27 1999/10/04 16:11:48 bg Exp $"); - -#ifdef KERBEROS - -#define VERIFY_SERVICE "rcmd" - -extern int notickets; -extern char *krbtkfile_env; - -static char tkt_location[MaxPathLen]; - -static int -multiple_get_tkt(char *name, - char *instance, - char *realm, - char *service, - char *sinstance, - int life, - char *password) -{ - int ret; - int n; - char rlm[256]; - - /* First try to verify against the supplied realm. */ - ret = krb_get_pw_in_tkt(name, instance, realm, service, realm, life, - password); - if(ret == KSUCCESS) - return KSUCCESS; - - /* Verify all local realms, except the supplied realm. */ - for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++) - if (strcmp(rlm, realm) != 0) { - ret = krb_get_pw_in_tkt(name, instance, rlm,service, rlm,life, password); - if (ret == KSUCCESS) - return KSUCCESS; - } - - return ret; -} - -/* - * Attempt to log the user in using Kerberos authentication - * - * return 0 on success (will be logged in) - * 1 if Kerberos failed (try local password in login) - */ -int -klogin(struct passwd *pw, char *instance, char *localhost, char *password) -{ - int kerror; - AUTH_DAT authdata; - KTEXT_ST ticket; - struct hostent *hp; - u_int32_t faddr; - char realm[REALM_SZ], savehost[MaxHostNameLen]; - extern int noticketsdontcomplain; - -#ifdef KLOGIN_PARANOID - noticketsdontcomplain = 0; /* enable warning message */ -#endif - /* - * Root logins don't use Kerberos. - * If we have a realm, try getting a ticket-granting ticket - * and using it to authenticate. Otherwise, return - * failure so that we can try the normal passwd file - * for a password. If that's ok, log the user in - * without issuing any tickets. - */ - if (strcmp(pw->pw_name, "root") == 0 || - krb_get_lrealm(realm, 1) != KSUCCESS) - return (1); - - noticketsdontcomplain = 0; /* enable warning message */ - - /* - * get TGT for local realm - * tickets are stored in a file named TKT_ROOT plus uid - * except for user.root tickets. - */ - - if (strcmp(instance, "root") != 0) - snprintf(tkt_location, sizeof(tkt_location), - "%s%u_%u", - TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid()); - else { - snprintf(tkt_location, sizeof(tkt_location), - "%s_root_%d", TKT_ROOT, - (unsigned)pw->pw_uid); - } - krbtkfile_env = tkt_location; - krb_set_tkt_string(tkt_location); - - /* - * Set real as well as effective ID to 0 for the moment, - * to make the kerberos library do the right thing. - */ - if (setuid(0) < 0) { - warnx("setuid"); - return (1); - } - - /* - * Get ticket - */ - kerror = multiple_get_tkt(pw->pw_name, - instance, - realm, - KRB_TICKET_GRANTING_TICKET, - realm, - DEFAULT_TKT_LIFE, - password); - - /* - * If we got a TGT, get a local "rcmd" ticket and check it so as to - * ensure that we are not talking to a bogus Kerberos server. - * - * There are 2 cases where we still allow a login: - * 1: the VERIFY_SERVICE doesn't exist in the KDC - * 2: local host has no srvtab, as (hopefully) indicated by a - * return value of RD_AP_UNDEC from krb_rd_req(). - */ - if (kerror != INTK_OK) { - if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) { - syslog(LOG_ERR, "Kerberos intkt error: %s", - krb_get_err_text(kerror)); - dest_tkt(); - } - return (1); - } - - if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) - syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); - - strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost)); - -#ifdef KLOGIN_PARANOID - /* - * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, - * don't allow kerberos login, also log the error condition. - */ - - kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33); - if (kerror == KDC_PR_UNKNOWN) { - syslog(LOG_NOTICE, - "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?", - krb_get_err_text(kerror), VERIFY_SERVICE, savehost); - notickets = 0; - return (1); - } - - if (kerror != KSUCCESS) { - warnx("unable to use TGT: (%s)", krb_get_err_text(kerror)); - syslog(LOG_NOTICE, "unable to use TGT: (%s)", - krb_get_err_text(kerror)); - dest_tkt(); - return (1); - } - - if (!(hp = gethostbyname(localhost))) { - syslog(LOG_ERR, "couldn't get local host address"); - dest_tkt(); - return (1); - } - - memcpy(&faddr, hp->h_addr, sizeof(faddr)); - - kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr, - &authdata, ""); - - if (kerror == KSUCCESS) { - notickets = 0; - return (0); - } - - /* undecipherable: probably didn't have a srvtab on the local host */ - if (kerror == RD_AP_UNDEC) { - syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror)); - dest_tkt(); - return (1); - } - /* failed for some other reason */ - warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE, - krb_get_err_text(kerror)); - syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE, - krb_get_err_text(kerror)); - dest_tkt(); - return (1); -#else - notickets = 0; - return (0); -#endif -} -#endif diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c deleted file mode 100644 index 8c3c6f3..0000000 --- a/crypto/kerberosIV/appl/bsd/krcmd.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $"); - -#define SERVICE_NAME "rcmd" - -/* - * krcmd: simplified version of Athena's "kcmd" - * returns a socket attached to the destination, -1 or krb error on error - * if fd2p is non-NULL, another socket is filled in for it - */ - -int -krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm) -{ - int sock = -1, err = 0; - KTEXT_ST ticket; - long authopts = 0L; - - err = kcmd( - &sock, - ahost, - rport, - NULL, /* locuser not used */ - remuser, - cmd, - fd2p, - &ticket, - SERVICE_NAME, - realm, - (CREDENTIALS *) NULL, /* credentials not used */ - 0, /* key schedule not used */ - (MSG_DAT *) NULL, /* MSG_DAT not used */ - (struct sockaddr_in *) NULL, /* local addr not used */ - (struct sockaddr_in *) NULL, /* foreign addr not used */ - authopts - ); - - if (err > KSUCCESS && err < MAX_KRB_ERRORS) { - warning("krcmd: %s", krb_get_err_text(err)); - return(-1); - } - if (err < 0) - return(-1); - return(sock); -} - -int -krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched) -{ - int sock, err; - KTEXT_ST ticket; - MSG_DAT msg_dat; - struct sockaddr_in laddr, faddr; - long authopts = KOPT_DO_MUTUAL; - - err = kcmd( - &sock, - ahost, - rport, - NULL, /* locuser not used */ - remuser, - cmd, - fd2p, - &ticket, - SERVICE_NAME, - realm, - cred, /* filled in */ - sched, /* filled in */ - &msg_dat, /* filled in */ - &laddr, /* filled in */ - &faddr, /* filled in */ - authopts - ); - - if (err > KSUCCESS && err < MAX_KRB_ERRORS) { - warnx("krcmd_mutual: %s", krb_get_err_text(err)); - return(-1); - } - - if (err < 0) - return (-1); - return(sock); -} diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c deleted file mode 100644 index f2f0873..0000000 --- a/crypto/kerberosIV/appl/bsd/login.c +++ /dev/null @@ -1,1118 +0,0 @@ -/*- - * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * login [ name ] - * login -h hostname (for telnetd, etc.) - * login -f name (for pre-authenticated login: datakit, xterm, etc.) - */ - -#include "bsd_locl.h" -#ifdef HAVE_CAPABILITY_H -#include <capability.h> -#endif -#ifdef HAVE_SYS_CAPABILITY_H -#include <sys/capability.h> -#endif - -RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $"); - -#ifdef OTP -#include <otp.h> -#endif - -#include "sysv_default.h" -#ifdef SYSV_SHADOW -#include "sysv_shadow.h" -#endif - -static void badlogin (char *); -static void checknologin (void); -static void dolastlog (int); -static void getloginname (int); -static int rootterm (char *); -static char *stypeof (char *); -static RETSIGTYPE timedout (int); -static int doremotelogin (char *); -void login_fbtab (char *, uid_t, gid_t); -#ifdef KERBEROS -int klogin (struct passwd *, char *, char *, char *); -#endif - -#define TTYGRPNAME "tty" /* name of group to own ttys */ - -/* - * This bounds the time given to login. Change it in - * `/etc/default/login'. - */ - -static u_int login_timeout; - -#ifdef KERBEROS -int notickets = 1; -int noticketsdontcomplain = 1; -char *instance; -char *krbtkfile_env; -int authok; -#endif - -#ifdef HAVE_SHADOW_H -static struct spwd *spwd = NULL; -#endif - -static char *ttyprompt; - -static struct passwd *pwd; -static int failures; -static char term[64], *hostname, *username, *tty; - -static char rusername[100], lusername[100]; - -static int -change_passwd(struct passwd *who) -{ - int status; - pid_t pid; - - switch (pid = fork()) { - case -1: - warn("fork /bin/passwd"); - sleepexit(1); - case 0: - execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0); - _exit(1); - default: - waitpid(pid, &status, 0); - return (status); - } -} - -#ifndef NO_MOTD /* message of the day stuff */ - -jmp_buf motdinterrupt; - -static RETSIGTYPE -sigint(int signo) -{ - longjmp(motdinterrupt, 1); -} - -static void -motd(void) -{ - int fd, nchars; - RETSIGTYPE (*oldint)(); - char tbuf[8192]; - - if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) - return; - oldint = signal(SIGINT, sigint); - if (setjmp(motdinterrupt) == 0) - while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) - write(fileno(stdout), tbuf, nchars); - signal(SIGINT, oldint); - close(fd); -} - -#endif /* !NO_MOTD */ - -#define AUTH_NONE 0 -#define AUTH_OTP 1 - -/* - * getpwnam and try to detect the worst form of NIS attack. - */ - -static struct passwd * -paranoid_getpwnam (char *user) -{ - struct passwd *p; - - p = k_getpwnam (user); - if (p == NULL) - return p; - if (p->pw_uid == 0 && strcmp (username, "root") != 0) { - syslog (LOG_ALERT, - "NIS attack, user %s has uid 0", username); - return NULL; - } - return p; -} - -int -main(int argc, char **argv) -{ - struct group *gr; - int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck; - int rootlogin, rval; - int rflag; - int changepass = 0; - uid_t uid; - char *domain, *p, passwd[128], *ttyn; - char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10]; - char localhost[MaxHostNameLen]; - char full_hostname[MaxHostNameLen]; - int auth_level = AUTH_NONE; -#ifdef OTP - OtpContext otp_ctx; -#endif - int mask = 022; /* Default umask (set below) */ - int maxtrys = 5; /* Default number of allowed failed logins */ - - set_progname(argv[0]); - - openlog("login", LOG_ODELAY, LOG_AUTH); - - /* Read defaults file and set the login timeout period. */ - sysv_defaults(); - login_timeout = atoi(default_timeout); - maxtrys = atoi(default_maxtrys); - if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777)) - syslog(LOG_WARNING, "bad umask default: %s", default_umask); - else - umask(mask); - - signal(SIGALRM, timedout); - alarm(login_timeout); - signal(SIGQUIT, SIG_IGN); - signal(SIGINT, SIG_IGN); - setpriority(PRIO_PROCESS, 0, 0); - - /* - * -p is used by getty to tell login not to destroy the environment - * -f is used to skip a second login authentication - * -h is used by other servers to pass the name of the remote - * host to login so that it may be placed in utmp and wtmp - * -r is used by old-style rlogind to execute the autologin protocol - */ - - *full_hostname = '\0'; - domain = NULL; - if (gethostname(localhost, sizeof(localhost)) < 0) - syslog(LOG_ERR, "couldn't get local hostname: %m"); - else - domain = strchr(localhost, '.'); - - fflag = hflag = pflag = rflag = 0; - uid = getuid(); - while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != -1) - switch (ch) { - case 'a': - if (strcmp (optarg, "none") == 0) - auth_level = AUTH_NONE; -#ifdef OTP - else if (strcmp (optarg, "otp") == 0) - auth_level = AUTH_OTP; -#endif - else - warnx ("bad value for -a: %s", optarg); - break; - case 'd': - break; - case 'f': - fflag = 1; - break; - case 'h': - if (rflag || hflag) { - printf("Only one of -r and -h allowed\n"); - exit(1); - } - if (uid) - errx(1, "-h option: %s", strerror(EPERM)); - hflag = 1; - strlcpy(full_hostname, - optarg, - sizeof(full_hostname)); - if (domain && (p = strchr(optarg, '.')) && - strcasecmp(p, domain) == 0) - *p = 0; - hostname = optarg; - break; - case 'p': - if (getuid()) { - warnx("-p for super-user only."); - exit(1); - } - pflag = 1; - break; - case 'r': - if (rflag || hflag) { - warnx("Only one of -r and -h allowed\n"); - exit(1); - } - if (getuid()) { - warnx("-r for super-user only."); - exit(1); - } - rflag = 1; - strlcpy(full_hostname, - optarg, - sizeof(full_hostname)); - if (domain && (p = strchr(optarg, '.')) && - strcasecmp(p, domain) == 0) - *p = 0; - hostname = optarg; - fflag = (doremotelogin(full_hostname) == 0); - break; - case '?': - default: - if (!uid) - syslog(LOG_ERR, "invalid flag %c", ch); - fprintf(stderr, - "usage: login [-fp]" -#ifdef OTP - " [-a otp]" -#endif - " [-h hostname | -r hostname] [username]\n"); - exit(1); - } - argc -= optind; - argv += optind; - - if (geteuid() != 0) { - warnx("only root may use login, use su"); - /* Or install login setuid root, which is not necessary */ - sleep(10); - exit(1); - } - /* - * Figure out if we should ask for the username or not. The name - * may be given on the command line or via the environment, and - * it may even be in the terminal input queue. - */ - if (rflag) { - username = lusername; - ask = 0; - } else - if (*argv && strchr(*argv, '=')) { - ask = 1; - } else - if (*argv && strcmp(*argv, "-") == 0) { - argc--; - argv++; - ask = 1; - } else - if (*argv) { - username = *argv; - ask = 0; - argc--; - argv++; - } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) { - getloginname(0); - ask = 0; - } else - ask = 1; - - /* Default tty settings. */ - stty_default(); - - for (cnt = getdtablesize(); cnt > 2; cnt--) - close(cnt); - - /* - * Determine the tty name. BSD takes the basename, SYSV4 takes - * whatever remains after stripping the "/dev/" prefix. The code - * below should produce sensible results in either environment. - */ - ttyn = ttyname(STDIN_FILENO); - if (ttyn == NULL || *ttyn == '\0') { - snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); - ttyn = tname; - } - if ((tty = strchr(ttyn + 1, '/'))) - ++tty; - else - tty = ttyn; - - for (cnt = 0;; ask = 1) { - char prompt[128], ss[256]; - if (ask) { - fflag = 0; - getloginname(1); - } - rootlogin = 0; - rval = 1; -#ifdef KERBEROS - if ((instance = strchr(username, '.')) != NULL) { - if (strcmp(instance, ".root") == 0) - rootlogin = 1; - *instance++ = '\0'; - } else - instance = ""; -#endif - if (strlen(username) > UT_NAMESIZE) - username[UT_NAMESIZE] = '\0'; - - /* - * Note if trying multiple user names; log failures for - * previous user name, but don't bother logging one failure - * for nonexistent name (mistyped username). - */ - if (failures && strcmp(tbuf, username)) { - if (failures > (pwd ? 0 : 1)) - badlogin(tbuf); - failures = 0; - } - strlcpy(tbuf, username, sizeof(tbuf)); - - pwd = paranoid_getpwnam (username); - - /* - * if we have a valid account name, and it doesn't have a - * password, or the -f option was specified and the caller - * is root or the caller isn't changing their uid, don't - * authenticate. - */ - if (pwd) { - if (pwd->pw_uid == 0) - rootlogin = 1; - - if (fflag && (uid == 0 || uid == pwd->pw_uid)) { - /* already authenticated */ - break; - } else if (pwd->pw_passwd[0] == '\0') { - /* pretend password okay */ - rval = 0; - goto ttycheck; - } - } - - fflag = 0; - - setpriority(PRIO_PROCESS, 0, -4); - -#ifdef OTP - if (otp_challenge (&otp_ctx, username, - ss, sizeof(ss)) == 0) - snprintf (prompt, sizeof(prompt), "%s's %s Password: ", - username, ss); - else -#endif - { - if (auth_level == AUTH_NONE) - snprintf(prompt, sizeof(prompt), "%s's Password: ", - username); - else { - char *s; - - rval = 1; -#ifdef OTP - s = otp_error(&otp_ctx); - if(s) - printf ("OTP: %s\n", s); -#endif - continue; - } - } - - if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0)) - continue; - passwd[sizeof(passwd) - 1] = '\0'; - - /* Verify it somehow */ - -#ifdef OTP - if (otp_verify_user (&otp_ctx, passwd) == 0) - rval = 0; - else -#endif - if (pwd == NULL) - ; - else if (auth_level == AUTH_NONE) { - uid_t pwd_uid = pwd->pw_uid; - - rval = unix_verify_user (username, passwd); - - if (rval == 0) - { - if (rootlogin && pwd_uid != 0) - rootlogin = 0; - } - else - { - rval = klogin(pwd, instance, localhost, passwd); - if (rval != 0 && rootlogin && pwd_uid != 0) - rootlogin = 0; - if (rval == 0) - authok = 1; - } - } else { - char *s; - - rval = 1; -#ifdef OTP - if ((s = otp_error(&otp_ctx))) - printf ("OTP: %s\n", s); -#endif - } - - memset (passwd, 0, sizeof(passwd)); - setpriority (PRIO_PROCESS, 0, 0); - - /* - * Santa Claus, give me a portable and reentrant getpwnam. - */ - pwd = paranoid_getpwnam (username); - - ttycheck: - /* - * If trying to log in as root without Kerberos, - * but with insecure terminal, refuse the login attempt. - */ -#ifdef KERBEROS - if (authok == 0) -#endif - if (pwd && !rval && rootlogin && !rootterm(tty) - && !rootterm(ttyn)) { - warnx("%s login refused on this terminal.", - pwd->pw_name); - if (hostname) - syslog(LOG_NOTICE, - "LOGIN %s REFUSED FROM %s ON TTY %s", - pwd->pw_name, hostname, tty); - else - syslog(LOG_NOTICE, - "LOGIN %s REFUSED ON TTY %s", - pwd->pw_name, tty); - continue; - } - - if (rval == 0) - break; - - printf("Login incorrect\n"); - failures++; - - /* max number of attemps and delays taken from defaults file */ - /* we allow maxtrys tries, but after 2 we start backing off */ - if (++cnt > 2) { - if (cnt >= maxtrys) { - badlogin(username); - sleepexit(1); - } - sleep((u_int)((cnt - 2) * atoi(default_sleep))); - } - } - - /* committed to login -- turn off timeout */ - alarm(0); - - endpwent(); - -#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) - { - struct udb *udb; - long t; - const long maxcpu = 46116860184; /* some random constant */ - - if(setjob(pwd->pw_uid, 0) < 0) - warn("setjob"); - - udb = getudbnam(pwd->pw_name); - if(udb == UDB_NULL) - errx(1, "Failed to get UDB entry."); - - /* per process cpu limit */ - t = udb->ue_pcpulim[UDBRC_INTER]; - if(t == 0 || t > maxcpu) - t = CPUUNLIM; - else - t *= CLK_TCK; - - if(limit(C_PROC, 0, L_CPU, t) < 0) - warn("limit process cpu"); - - /* per process memory limit */ - if(limit(C_PROC, 0, L_MEM, udb->ue_pmemlim[UDBRC_INTER]) < 0) - warn("limit process memory"); - - /* per job cpu limit */ - t = udb->ue_jcpulim[UDBRC_INTER]; - if(t == 0 || t > maxcpu) - t = CPUUNLIM; - else - t *= CLK_TCK; - - if(limit(C_JOB, 0, L_CPU, t) < 0) - warn("limit job cpu"); - - /* per job processor limit */ - if(limit(C_JOB, 0, L_CPROC, udb->ue_jproclim[UDBRC_INTER]) < 0) - warn("limit job processors"); - - /* per job memory limit */ - if(limit(C_JOB, 0, L_MEM, udb->ue_jmemlim[UDBRC_INTER]) < 0) - warn("limit job memory"); - - nice(udb->ue_nice[UDBRC_INTER]); - } -#endif - /* if user not super-user, check for disabled logins */ - if (!rootlogin) - checknologin(); - - if (chdir(pwd->pw_dir) < 0) { - printf("No home directory %s!\n", pwd->pw_dir); - if (chdir("/")) - exit(0); - pwd->pw_dir = "/"; - printf("Logging in with home = \"/\".\n"); - } - - quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; - nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0; - -#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) - if (pwd->pw_change || pwd->pw_expire) - gettimeofday(&tp, (struct timezone *)NULL); - - if (pwd->pw_change) { - time_t t; - - if (tp.tv_sec >= pwd->pw_change) { - printf("Sorry -- your password has expired.\n"); - changepass=1; - } else if (pwd->pw_change - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { - t = pwd->pw_change; - printf("Warning: your password expires on %s", - ctime(&t)); - } - if (pwd->pw_expire) - if (tp.tv_sec >= pwd->pw_expire) { - printf("Sorry -- your account has expired.\n"); - sleepexit(1); - } else if (pwd->pw_expire - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { - t = pwd->pw_expire; - printf("Warning: your account expires on %s", - ctime(&t)); - } -#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ - - /* Nothing else left to fail -- really log in. */ - - /* - * Update the utmp files, both BSD and SYSV style. - */ - if (utmpx_login(tty, username, hostname ? hostname : "") != 0 - && !fflag) { - printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n"); - sleepexit(0); - } - utmp_login(ttyn, username, hostname ? hostname : ""); - dolastlog(quietlog); - - /* - * Set device protections, depending on what terminal the - * user is logged in. This feature is used on Suns to give - * console users better privacy. - */ - login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); - - if (chown(ttyn, pwd->pw_uid, - (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid) < 0) - err(1, "chown tty failed"); - if (chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP) < 0) - err(1, "chmod tty failed"); - setgid(pwd->pw_gid); - - initgroups(username, pwd->pw_gid); - - if (*pwd->pw_shell == '\0') - pwd->pw_shell = _PATH_BSHELL; - - /* - * Set up a new environment. With SYSV, some variables are always - * preserved; some varables are never preserved, and some variables - * are always clobbered. With BSD, nothing is always preserved, and - * some variables are always clobbered. We add code to make sure - * that LD_* and IFS are never preserved. - */ - if (term[0] == '\0') - strlcpy(term, stypeof(tty), sizeof(term)); - /* set up a somewhat censored environment. */ - sysv_newenv(argc, argv, pwd, term, pflag); -#ifdef KERBEROS - if (krbtkfile_env) - setenv("KRBTKFILE", krbtkfile_env, 1); -#endif - - if (tty[sizeof("tty")-1] == 'd') - syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); - - /* If fflag is on, assume caller/authenticator has logged root login. */ - if (rootlogin && fflag == 0) { - if (hostname) - syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", - username, tty, hostname); - else - syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); - } - -#ifdef KERBEROS - if (!quietlog && notickets == 1 && !noticketsdontcomplain) - printf("Warning: no Kerberos tickets issued.\n"); -#endif - -#ifdef LOGALL - /* - * Syslog each successful login, so we don't have to watch hundreds - * of wtmp or lastlogin files. - */ - if (hostname) { - syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name); - } else { - syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name); - } -#endif - -#ifndef NO_MOTD - /* - * Optionally show the message of the day. System V login leaves - * motd and mail stuff up to the shell startup file. - */ - if (!quietlog) { - struct stat st; -#if 0 - printf("%s\n\t%s %s\n\n", - "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", - "The Regents of the University of California. ", - "All rights reserved."); -#endif - motd(); - if(!nomailcheck){ - snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name); - if (stat(tbuf, &st) == 0 && st.st_size != 0) - printf("You have %smail.\n", - (st.st_mtime > st.st_atime) ? "new " : ""); - } - } -#endif /* NO_MOTD */ - -#ifdef LOGIN_ACCESS - if (login_access(pwd, hostname ? full_hostname : tty) == 0) { - printf("Permission denied\n"); - if (hostname) - syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", - pwd->pw_name, hostname); - else - syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", - pwd->pw_name, tty); - sleepexit(1); - } -#endif - - signal(SIGALRM, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGINT, SIG_DFL); -#ifdef SIGTSTP - signal(SIGTSTP, SIG_IGN); -#endif - - p = strrchr(pwd->pw_shell, '/'); - snprintf (tbuf, sizeof(tbuf), "-%s", p ? p + 1 : pwd->pw_shell); - -#ifdef HAVE_SETLOGIN - if (setlogin(pwd->pw_name) < 0) - syslog(LOG_ERR, "setlogin() failure: %m"); -#endif - -#ifdef HAVE_SETPCRED - if (setpcred (pwd->pw_name, NULL) == -1) - syslog(LOG_ERR, "setpcred() failure: %m"); -#endif /* HAVE_SETPCRED */ - -#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM) - spwd = getspnam (username); - endspent (); -#endif - /* perhaps work some magic */ - if(do_osfc2_magic(pwd->pw_uid)) - sleepexit(1); -#if defined(HAVE_SGI_GETCAPABILITYBYNAME) && defined(HAVE_CAP_SET_PROC) - /* XXX SGI capability hack IRIX 6.x (x >= 0?) has something - called capabilities, that allow you to give away - permissions (such as chown) to specific processes. From 6.5 - this is default on, and the default capability set seems to - not always be the empty set. The problem is that the - runtime linker refuses to do just about anything if the - process has *any* capabilities set, so we have to remove - them here (unless otherwise instructed by /etc/capability). - In IRIX < 6.5, these functions was called sgi_cap_setproc, - etc, but we ignore this fact (it works anyway). */ - { - struct user_cap *ucap = sgi_getcapabilitybyname(pwd->pw_name); - cap_t cap; - if(ucap == NULL) - cap = cap_from_text("all="); - else - cap = cap_from_text(ucap->ca_default); - if(cap == NULL) - err(1, "cap_from_text"); - if(cap_set_proc(cap) < 0) - err(1, "cap_set_proc"); - cap_free(cap); - free(ucap); - } -#endif - /* Discard permissions last so can't get killed and drop core. */ - { - int uid = rootlogin ? 0 : pwd->pw_uid; - if(setuid(uid) != 0){ - warn("setuid(%d)", uid); - if(!rootlogin) - exit(1); - } - if (uid != 0 && setuid(0) != -1) { - syslog(LOG_ALERT | LOG_AUTH, - "Failed to drop privileges for user %d", uid); - errx(1, "Sorry"); - } - } - - - /* - * After dropping privileges and after cleaning up the environment, - * optionally run, as the user, /bin/passwd. - */ - - if (pwd->pw_passwd[0] == 0 && - strcasecmp(default_passreq, "YES") == 0) { - printf("You don't have a password. Choose one.\n"); - if (change_passwd(pwd)) - sleepexit(0); - changepass = 0; - } - -#ifdef SYSV_SHADOW - if (spwd && sysv_expire(spwd)) { - if (change_passwd(pwd)) - sleepexit(0); - changepass = 0; - } -#endif /* SYSV_SHADOW */ - if (changepass) { - int res; - if ((res=system(_PATH_CHPASS))) - sleepexit(1); - } - - if (k_hasafs()) { - char cell[64]; -#ifdef _AIX - /* XXX this is a fix for a bug in AFS for AIX 4.3, w/o - this hack the kernel crashes on the following - pioctl... */ - char *pw_dir = strdup(pwd->pw_dir); -#else - char *pw_dir = pwd->pw_dir; -#endif - k_setpag(); - if(k_afs_cell_of_file(pw_dir, cell, sizeof(cell)) == 0) - krb_afslog(cell, 0); - krb_afslog(0, 0); - } - - execlp(pwd->pw_shell, tbuf, 0); - if (getuid() == 0) { - warnx("Can't exec %s, trying %s\n", - pwd->pw_shell, _PATH_BSHELL); - execlp(_PATH_BSHELL, tbuf, 0); - err(1, "%s", _PATH_BSHELL); - } - err(1, "%s", pwd->pw_shell); - return 1; -} - -#ifdef KERBEROS -#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */ -#else -#define NBUFSIZ (UT_NAMESIZE + 1) -#endif - -static void -getloginname(int prompt) -{ - int ch; - char *p; - static char nbuf[NBUFSIZ]; - - for (;;) { - if (prompt) { - if (ttyprompt && *ttyprompt) - printf("%s", ttyprompt); - else - printf("login: "); - } - prompt = 1; - for (p = nbuf; (ch = getchar()) != '\n'; ) { - if (ch == EOF) { - badlogin(username); - exit(0); - } - if (p < nbuf + (NBUFSIZ - 1)) - *p++ = ch; - } - if (p > nbuf) { - if (nbuf[0] == '-') - warnx("login names may not start with '-'."); - else { - *p = '\0'; - username = nbuf; - break; - } - } - } -} - -static int -find_in_etc_securetty (char *ttyn) -{ - FILE *f; - char buf[128]; - int ret = 0; - - f = fopen (_PATH_ETC_SECURETTY, "r"); - if (f == NULL) - return 0; - while (fgets(buf, sizeof(buf), f) != NULL) { - if(buf[strlen(buf) - 1] == '\n') - buf[strlen(buf) - 1] = '\0'; - if (strcmp (buf, ttyn) == 0) { - ret = 1; - break; - } - } - fclose(f); - return ret; -} - -static int -rootterm(char *ttyn) -{ -#ifdef HAVE_TTYENT_H - { - struct ttyent *t; - - t = getttynam (ttyn); - if (t && t->ty_status & TTY_SECURE) - return 1; - } -#endif - if (find_in_etc_securetty(ttyn)) - return 1; - if (default_console == 0 || strcmp(default_console, ttyn) == 0) - return 1; - return 0; -} - -static RETSIGTYPE -timedout(int signo) -{ - fprintf(stderr, "Login timed out after %d seconds\n", - login_timeout); - exit(0); -} - -static void -checknologin(void) -{ - int fd, nchars; - char tbuf[8192]; - - if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { - while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) - write(fileno(stdout), tbuf, nchars); - sleepexit(0); - } -} - -static void -dolastlog(int quiet) -{ -#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) - struct lastlog ll; - int fd; - time_t t; - - if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { - lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); -#ifdef SYSV_SHADOW - if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && - ll.ll_time != 0) { - if (pwd->pw_uid && spwd && spwd->sp_inact > 0 - && ll.ll_time / (24 * 60 * 60) - + spwd->sp_inact < time(0)) { - printf("Your account has been inactive too long.\n"); - sleepexit(1); - } - if (!quiet) { - t = ll.ll_time; - printf("Last login: %.*s ", 24-5, ctime(&t)); - if (*ll.ll_host != '\0') { - printf("from %.*s\n", - (int)sizeof(ll.ll_host), - ll.ll_host); - } else - printf("on %.*s\n", - (int)sizeof(ll.ll_line), - ll.ll_line); - } - } - lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); -#else /* SYSV_SHADOW */ - if (!quiet) { - if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && - ll.ll_time != 0) { - t = ll.ll_time; - printf("Last login: %.*s ", 24-5, ctime(&t)); - if (*ll.ll_host != '\0') - printf("from %.*s\n", - (int)sizeof(ll.ll_host), - ll.ll_host); - else - printf("on %.*s\n", - (int)sizeof(ll.ll_line), - ll.ll_line); - } - lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); - } -#endif /* SYSV_SHADOW */ - memset(&ll, 0, sizeof(ll)); - ll.ll_time = time(NULL); - strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); - if (hostname) - strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); - write(fd, &ll, sizeof(ll)); - close(fd); - } -#endif /* DOLASTLOG */ -} - -static void -badlogin(char *name) -{ - - if (failures == 0) - return; - if (hostname) { - syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", - failures, failures > 1 ? "S" : "", hostname); - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "%d LOGIN FAILURE%s FROM %s, %s", - failures, failures > 1 ? "S" : "", hostname, name); - } else { - syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", - failures, failures > 1 ? "S" : "", tty); - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "%d LOGIN FAILURE%s ON %s, %s", - failures, failures > 1 ? "S" : "", tty, name); - } -} - -#undef UNKNOWN -#define UNKNOWN "su" - -static char * -stypeof(char *ttyid) -{ - /* TERM is probably a better guess than anything else. */ - char *term = getenv("TERM"); - - if (term != 0 && term[0] != 0) - return term; - - { -#ifndef HAVE_TTYENT_H - return UNKNOWN; -#else - struct ttyent *t; - return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); -#endif - } -} - -static void -xgetstr(char *buf, int cnt, char *err) -{ - char ch; - - do { - if (read(0, &ch, sizeof(ch)) != sizeof(ch)) - exit(1); - if (--cnt < 0) { - fprintf(stderr, "%s too long\r\n", err); - sleepexit(1); - } - *buf++ = ch; - } while (ch); -} - -/* - * Some old rlogind's unknowingly pass remuser, locuser and - * terminal_type/speed so we need to take care of that part of the - * protocol here. Also, we can't make a getpeername(2) on the socket - * so we have to trust that rlogind resolved the name correctly. - */ - -static int -doremotelogin(char *host) -{ - int code; - char *cp; - - xgetstr(rusername, sizeof (rusername), "remuser"); - xgetstr(lusername, sizeof (lusername), "locuser"); - xgetstr(term, sizeof(term), "Terminal type"); - cp = strchr(term, '/'); - if (cp != 0) - *cp = 0; /* For now ignore speed/bg */ - pwd = k_getpwnam(lusername); - if (pwd == NULL) - return(-1); - code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername); - if (code == 0) - syslog(LOG_NOTICE, - "Warning: An old rlogind accepted login probably from host %s", - host); - return(code); -} - -void -sleepexit(int eval) -{ - - sleep(5); - exit(eval); -} diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c deleted file mode 100644 index 7b79dc8..0000000 --- a/crypto/kerberosIV/appl/bsd/login_access.c +++ /dev/null @@ -1,264 +0,0 @@ - /* - * This module implements a simple but effective form of login access - * control based on login names and on host (or domain) names, internet - * addresses (or network numbers), or on terminal line names in case of - * non-networked logins. Diagnostics are reported through syslog(3). - * - * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. - */ - -#include "bsd_locl.h" - -RCSID("$Id: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $"); - -#ifdef LOGIN_ACCESS - - /* Delimiters for fields and for lists of users, ttys or hosts. */ - -static char fs[] = ":"; /* field separator */ -static char sep[] = ", \t"; /* list-element separator */ - - /* Constants to be used in assignments only, not in comparisons... */ - -#define YES 1 -#define NO 0 - - /* - * A structure to bundle up all login-related information to keep the - * functional interfaces as generic as possible. - */ -struct login_info { - struct passwd *user; - char *from; -}; - -static int list_match(char *list, struct login_info *item, - int (*match_fn)(char *, struct login_info *)); -static int user_match(char *tok, struct login_info *item); -static int from_match(char *tok, struct login_info *item); -static int string_match(char *tok, char *string); - -/* login_access - match username/group and host/tty with access control file */ - -int login_access(struct passwd *user, char *from) -{ - struct login_info item; - FILE *fp; - char line[BUFSIZ]; - char *perm; /* becomes permission field */ - char *users; /* becomes list of login names */ - char *froms; /* becomes list of terminals or hosts */ - int match = NO; - int end; - int lineno = 0; /* for diagnostics */ - char *foo; - - /* - * Bundle up the arguments to avoid unnecessary clumsiness lateron. - */ - item.user = user; - item.from = from; - - /* - * Process the table one line at a time and stop at the first match. - * Blank lines and lines that begin with a '#' character are ignored. - * Non-comment lines are broken at the ':' character. All fields are - * mandatory. The first field should be a "+" or "-" character. A - * non-existing table means no access control. - */ - - if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) { - while (!match && fgets(line, sizeof(line), fp)) { - lineno++; - if (line[end = strlen(line) - 1] != '\n') { - syslog(LOG_ERR, "%s: line %d: missing newline or line too long", - _PATH_LOGACCESS, lineno); - continue; - } - if (line[0] == '#') - continue; /* comment line */ - while (end > 0 && isspace((unsigned char)line[end - 1])) - end--; - line[end] = 0; /* strip trailing whitespace */ - if (line[0] == 0) /* skip blank lines */ - continue; - foo = NULL; - if (!(perm = strtok_r(line, fs, &foo)) - || !(users = strtok_r(NULL, fs, &foo)) - || !(froms = strtok_r(NULL, fs, &foo)) - || strtok_r(NULL, fs, &foo)) { - syslog(LOG_ERR, "%s: line %d: bad field count", - _PATH_LOGACCESS, - lineno); - continue; - } - if (perm[0] != '+' && perm[0] != '-') { - syslog(LOG_ERR, "%s: line %d: bad first field", - _PATH_LOGACCESS, - lineno); - continue; - } - match = (list_match(froms, &item, from_match) - && list_match(users, &item, user_match)); - } - fclose(fp); - } else if (errno != ENOENT) { - syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); - } - return (match == 0 || (line[0] == '+')); -} - -/* list_match - match an item against a list of tokens with exceptions */ - -static int -list_match(char *list, - struct login_info *item, - int (*match_fn)(char *, struct login_info *)) -{ - char *tok; - int match = NO; - char *foo = NULL; - - /* - * Process tokens one at a time. We have exhausted all possible matches - * when we reach an "EXCEPT" token or the end of the list. If we do find - * a match, look for an "EXCEPT" list and recurse to determine whether - * the match is affected by any exceptions. - */ - - for (tok = strtok_r(list, sep, &foo); - tok != NULL; - tok = strtok_r(NULL, sep, &foo)) { - if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ - break; - if ((match = (*match_fn) (tok, item)) != 0) /* YES */ - break; - } - /* Process exceptions to matches. */ - - if (match != NO) { - while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT")) - /* VOID */ ; - if (tok == 0 || list_match(NULL, item, match_fn) == NO) - return (match); - } - return (NO); -} - -/* myhostname - figure out local machine name */ - -static char *myhostname(void) -{ - static char name[MAXHOSTNAMELEN + 1] = ""; - - if (name[0] == 0) { - gethostname(name, sizeof(name)); - name[MAXHOSTNAMELEN] = 0; - } - return (name); -} - -/* netgroup_match - match group against machine or user */ - -static int netgroup_match(char *group, char *machine, char *user) -{ -#ifdef HAVE_YP_GET_DEFAULT_DOMAIN - static char *mydomain = 0; - - if (mydomain == 0) - yp_get_default_domain(&mydomain); - return (innetgr(group, machine, user, mydomain)); -#else - syslog(LOG_ERR, "NIS netgroup support not configured"); - return 0; -#endif -} - -/* user_match - match a username against one token */ - -static int user_match(char *tok, struct login_info *item) -{ - char *string = item->user->pw_name; - struct login_info fake_item; - struct group *group; - int i; - char *at; - - /* - * If a token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the username, if the - * token is a group that contains the username, or if the token is the - * name of the user's primary group. - */ - - if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ - *at = 0; - fake_item.from = myhostname(); - return (user_match(tok, item) && from_match(at + 1, &fake_item)); - } else if (tok[0] == '@') { /* netgroup */ - return (netgroup_match(tok + 1, (char *) 0, string)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if ((group = getgrnam(tok)) != 0) { /* try group membership */ - if (item->user->pw_gid == group->gr_gid) - return (YES); - for (i = 0; group->gr_mem[i]; i++) - if (strcasecmp(string, group->gr_mem[i]) == 0) - return (YES); - } - return (NO); -} - -/* from_match - match a host or tty against a list of tokens */ - -static int from_match(char *tok, struct login_info *item) -{ - char *string = item->from; - int tok_len; - int str_len; - - /* - * If a token has the magic value "ALL" the match always succeeds. Return - * YES if the token fully matches the string. If the token is a domain - * name, return YES if it matches the last fields of the string. If the - * token has the magic value "LOCAL", return YES if the string does not - * contain a "." character. If the token is a network number, return YES - * if it matches the head of the string. - */ - - if (tok[0] == '@') { /* netgroup */ - return (netgroup_match(tok + 1, string, (char *) 0)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if (tok[0] == '.') { /* domain: match last fields */ - if ((str_len = strlen(string)) > (tok_len = strlen(tok)) - && strcasecmp(tok, string + str_len - tok_len) == 0) - return (YES); - } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ - if (strchr(string, '.') == 0) - return (YES); - } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ - && strncmp(tok, string, tok_len) == 0) { - return (YES); - } - return (NO); -} - -/* string_match - match a string against one token */ - -static int string_match(char *tok, char *string) -{ - - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ - return (YES); - } else if (strcasecmp(tok, string) == 0) { /* try exact match */ - return (YES); - } - return (NO); -} -#endif /* LOGIN_ACCES */ diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c deleted file mode 100644 index 3aa5e4c..0000000 --- a/crypto/kerberosIV/appl/bsd/login_fbtab.c +++ /dev/null @@ -1,154 +0,0 @@ -/************************************************************************ -* Copyright 1995 by Wietse Venema. All rights reserved. -* -* This material was originally written and compiled by Wietse Venema at -* Eindhoven University of Technology, The Netherlands, in 1990, 1991, -* 1992, 1993, 1994 and 1995. -* -* Redistribution and use in source and binary forms are permitted -* provided that this entire copyright notice is duplicated in all such -* copies. -* -* This software is provided "as is" and without any expressed or implied -* warranties, including, without limitation, the implied warranties of -* merchantibility and fitness for any particular purpose. -************************************************************************/ -/* - SYNOPSIS - void login_fbtab(tty, uid, gid) - char *tty; - uid_t uid; - gid_t gid; - - DESCRIPTION - This module implements device security as described in the - SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual - pages. The program first looks for /etc/fbtab. If that file - cannot be opened it attempts to process /etc/logindevperm. - We expect entries with the folowing format: - - Comments start with a # and extend to the end of the line. - - Blank lines or lines with only a comment are ignored. - - All other lines consist of three fields delimited by - whitespace: a login device (/dev/console), an octal - permission number (0600), and a ":"-delimited list of - devices (/dev/kbd:/dev/mouse). All device names are - absolute paths. A path that ends in "/*" refers to all - directory entries except "." and "..". - - If the tty argument (relative path) matches a login device - name (absolute path), the permissions of the devices in the - ":"-delimited list are set as specified in the second - field, and their ownership is changed to that of the uid - and gid arguments. - - DIAGNOSTICS - Problems are reported via the syslog daemon with severity - LOG_ERR. - - BUGS - - AUTHOR - Wietse Venema (wietse@wzv.win.tue.nl) - Eindhoven University of Technology - The Netherlands - */ - -#include "bsd_locl.h" - -RCSID("$Id: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $"); - -void login_protect (char *, char *, int, uid_t, gid_t); -void login_fbtab (char *tty, uid_t uid, gid_t gid); - -#define WSPACE " \t\n" - -/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */ - -void -login_fbtab(char *tty, uid_t uid, gid_t gid) -{ - FILE *fp; - char buf[BUFSIZ]; - char *devname; - char *cp; - int prot; - char *table; - char *foo; - - if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 - && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) - return; - - while (fgets(buf, sizeof(buf), fp)) { - if ((cp = strchr(buf, '#')) != 0) - *cp = 0; /* strip comment */ - foo = NULL; - if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0) - continue; /* empty or comment */ - if (strncmp(devname, "/dev/", 5) != 0 - || (cp = strtok_r(NULL, WSPACE, &foo)) == 0 - || *cp != '0' - || sscanf(cp, "%o", &prot) == 0 - || prot == 0 - || (prot & 0777) != prot - || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) { - syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)"); - continue; - } - if (strcmp(devname + 5, tty) == 0) { - foo = NULL; - for (cp = strtok_r(cp, ":", &foo); - cp; - cp = strtok_r(NULL, ":", &foo)) { - login_protect(table, cp, prot, uid, gid); - } - } - } - fclose(fp); -} - -/* login_protect - protect one device entry */ - -void -login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid) -{ - char buf[BUFSIZ]; - int pathlen = strlen(path); - struct dirent *ent; - DIR *dir; - - if (strcmp("/*", path + pathlen - 2) != 0) { - if (chmod(path, mask) && errno != ENOENT) - syslog(LOG_ERR, "%s: chmod(%s): %m", table, path); - if (chown(path, uid, gid) && errno != ENOENT) - syslog(LOG_ERR, "%s: chown(%s): %m", table, path); - } else { - strlcpy (buf, path, sizeof(buf)); - if (sizeof(buf) > pathlen) - buf[pathlen - 2] = '\0'; - /* Solaris evidently operates on the directory as well */ - login_protect(table, buf, mask | ((mask & 0444) >> 2), uid, gid); - if ((dir = opendir(buf)) == 0) { - syslog(LOG_ERR, "%s: opendir(%s): %m", table, path); - } else { - if (sizeof(buf) > pathlen) { - buf[pathlen - 2] = '/'; - buf[pathlen - 1] = '\0'; - } - - while ((ent = readdir(dir)) != 0) { - if (strcmp(ent->d_name, ".") != 0 - && strcmp(ent->d_name, "..") != 0) { - strlcpy (buf + pathlen - 1, - ent->d_name, - sizeof(buf) - (pathlen + 1)); - login_protect(table, buf, mask, uid, gid); - } - } - closedir(dir); - } - } -} diff --git a/crypto/kerberosIV/appl/bsd/osfc2.c b/crypto/kerberosIV/appl/bsd/osfc2.c deleted file mode 100644 index fbfd742..0000000 --- a/crypto/kerberosIV/appl/bsd/osfc2.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 1998 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" -RCSID("$Id: osfc2.c,v 1.2 1999/12/02 16:58:28 joda Exp $"); - -int -do_osfc2_magic(uid_t uid) -{ -#ifdef HAVE_OSFC2 - struct es_passwd *epw; - char *argv[2]; - - /* fake */ - argv[0] = (char*)__progname; - argv[1] = NULL; - set_auth_parameters(1, argv); - - epw = getespwuid(uid); - if(epw == NULL) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "getespwuid failed for %d", uid); - printf("Sorry.\n"); - return 1; - } - /* We don't check for auto-retired, foo-retired, - bar-retired, or any other kind of retired accounts - here; neither do we check for time-locked accounts, or - any other kind of serious C2 mumbo-jumbo. We do, - however, call setluid, since failing to do so it not - very good (take my word for it). */ - - if(!epw->uflg->fg_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "attempted login by %s (has no uid)", epw->ufld->fd_name); - printf("Sorry.\n"); - return 1; - } - setluid(epw->ufld->fd_uid); - if(getluid() != epw->ufld->fd_uid) { - syslog(LOG_AUTHPRIV|LOG_NOTICE, - "failed to set LUID for %s (%d)", - epw->ufld->fd_name, epw->ufld->fd_uid); - printf("Sorry.\n"); - return 1; - } -#endif /* HAVE_OSFC2 */ - return 0; -} diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h deleted file mode 100644 index da23dbe..0000000 --- a/crypto/kerberosIV/appl/bsd/pathnames.h +++ /dev/null @@ -1 +0,0 @@ -/* $FreeBSD$ */ diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h_ b/crypto/kerberosIV/appl/bsd/pathnames.h_ deleted file mode 100644 index 6db8f68..0000000 --- a/crypto/kerberosIV/appl/bsd/pathnames.h_ +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright (c) 1989 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90 - * $Id: pathnames.h,v 1.25 1998/02/03 23:29:30 assar Exp $ - * $FreeBSD$ - */ - -/******* First fix default path, we stick to _PATH_DEFPATH everywhere */ - -#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH) -#define _PATH_DEFPATH _PATH_USERPATH -#endif - -#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH) -#define _DEF_PATH _PATH_DEFPATH -#endif - -#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH) -#define _PATH_DEFPATH _DEF_PATH -#endif - -#ifndef _PATH_DEFPATH -#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin" -#define _DEF_PATH _PATH_DEFPATH -#endif /* !_PATH_DEFPATH */ - -#ifndef _PATH_DEFSUPATH -#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH -#endif /* _PATH_DEFSUPATH */ - -/******* Default PATH fixed! */ - -#undef _PATH_RLOGIN /* Redifine rlogin */ -#define _PATH_RLOGIN BINDIR "/rlogin" - -#undef _PATH_RSH /* Redifine rsh */ -#define _PATH_RSH BINDIR "/rsh" - -#undef _PATH_RCP /* Redifine rcp */ -#define _PATH_RCP BINDIR "/rcp" - -#undef _PATH_LOGIN -#define _PATH_LOGIN BINDIR "/login" - -/******* The rest is fallback defaults */ - -#ifndef _PATH_DEV -#define _PATH_DEV "/dev/" -#endif - -#ifndef _PATH_CP -#define _PATH_CP "/bin/cp" -#endif /* _PATH_CP */ - -#ifndef _PATH_SHELLS -#define _PATH_SHELLS "/etc/shells" -#endif /* _PATH_SHELLS */ - -#ifndef _PATH_BSHELL -#define _PATH_BSHELL "/bin/sh" -#endif /* _PATH_BSHELL */ - -#ifndef _PATH_CSHELL -#define _PATH_CSHELL "/bin/csh" -#endif /* _PATH_CSHELL */ - -#ifndef _PATH_NOLOGIN -#define _PATH_NOLOGIN "/etc/nologin" -#endif /* _PATH_NOLOGIN */ - -#ifndef _PATH_TTY -#define _PATH_TTY "/dev/tty" -#endif /* _PATH_TTY */ - -#ifndef _PATH_HUSHLOGIN -#define _PATH_HUSHLOGIN ".hushlogin" -#endif /* _PATH_HUSHLOGIN */ - -#ifndef _PATH_NOMAILCHECK -#define _PATH_NOMAILCHECK ".nomailcheck" -#endif /* _PATH_NOMAILCHECK */ - -#ifndef _PATH_MOTDFILE -#define _PATH_MOTDFILE "/etc/motd" -#endif /* _PATH_MOTDFILE */ - -#ifndef _PATH_LOGACCESS -#define _PATH_LOGACCESS "/etc/login.access" -#endif /* _PATH_LOGACCESS */ - -#ifndef _PATH_HEQUIV -#define _PATH_HEQUIV "/etc/hosts.equiv" -#endif - -#ifndef _PATH_FBTAB -#define _PATH_FBTAB "/etc/fbtab" -#endif /* _PATH_FBTAB */ - -#ifndef _PATH_LOGINDEVPERM -#define _PATH_LOGINDEVPERM "/etc/logindevperm" -#endif /* _PATH_LOGINDEVPERM */ - -#ifndef _PATH_CHPASS -#define _PATH_CHPASS "/usr/bin/passwd" -#endif /* _PATH_CHPASS */ - -#if defined(__hpux) -#define __FALLBACK_MAILDIR__ "/usr/mail" -#else -#define __FALLBACK_MAILDIR__ "/usr/spool/mail" -#endif - -#ifndef KRB4_MAILDIR -#ifndef _PATH_MAILDIR -#ifdef MAILDIR -#define _PATH_MAILDIR MAILDIR -#else -#define _PATH_MAILDIR __FALLBACK_MAILDIR__ -#endif -#endif /* _PATH_MAILDIR */ -#define KRB4_MAILDIR _PATH_MAILDIR -#endif - -#ifndef _PATH_LASTLOG -#define _PATH_LASTLOG "/var/adm/lastlog" -#endif - -#if defined(UTMP_FILE) && !defined(_PATH_UTMP) -#define _PATH_UTMP UTMP_FILE -#endif - -#ifndef _PATH_UTMP -#define _PATH_UTMP "/etc/utmp" -#endif - -#if defined(WTMP_FILE) && !defined(_PATH_WTMP) -#define _PATH_WTMP WTMP_FILE -#endif - -#ifndef _PATH_WTMP -#define _PATH_WTMP "/usr/adm/wtmp" -#endif - -#ifndef _PATH_ETC_DEFAULT_LOGIN -#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login" -#endif - -#ifndef _PATH_ETC_ENVIRONMENT -#define _PATH_ETC_ENVIRONMENT "/etc/environment" -#endif - -#ifndef _PATH_ETC_SECURETTY -#define _PATH_ETC_SECURETTY "/etc/securetty" -#endif - -/* - * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!! - * Some sort of bug in the NEXTSTEP cpp. - */ -#ifdef NeXT -#undef _PATH_DEFSUPATH -#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin" -#undef _PATH_RLOGIN -#define _PATH_RLOGIN "/usr/athena/bin/rlogin" -#undef _PATH_RSH -#define _PATH_RSH "/usr/athena/bin/rsh" -#undef _PATH_RCP -#define _PATH_RCP "/usr/athena/bin/rcp" -#undef _PATH_LOGIN -#define _PATH_LOGIN "/usr/athena/bin/login" -#endif diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c deleted file mode 100644 index cd431e3..0000000 --- a/crypto/kerberosIV/appl/bsd/rcmd_util.c +++ /dev/null @@ -1,263 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $"); - -int -get_login_port(int kerberos, int encryption) -{ - char *service="login"; - int port=htons(513); - - if(kerberos && encryption){ - service="eklogin"; - port=htons(2105); - } - - if(kerberos && !encryption){ - service="klogin"; - port=htons(543); - } - return k_getportbyname (service, "tcp", port); -} - -int -get_shell_port(int kerberos, int encryption) -{ - char *service="shell"; - int port=htons(514); - - if(kerberos && encryption){ - service="ekshell"; - port=htons(545); - } - - if(kerberos && !encryption){ - service="kshell"; - port=htons(544); - } - - return k_getportbyname (service, "tcp", port); -} - -/* - * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s - * directly, and the following functions are just identity functions. - * This is however a slower way of doing those - * should-be-but-are-not-always idenity functions. - */ - -static struct { int speed; int bps; } conv[] = { -#ifdef B0 - {B0, 0}, -#endif -#ifdef B50 - {B50, 50}, -#endif -#ifdef B75 - {B75, 75}, -#endif -#ifdef B110 - {B110, 110}, -#endif -#ifdef B134 - {B134, 134}, -#endif -#ifdef B150 - {B150, 150}, -#endif -#ifdef B200 - {B200, 200}, -#endif -#ifdef B300 - {B300, 300}, -#endif -#ifdef B600 - {B600, 600}, -#endif -#ifdef B1200 - {B1200, 1200}, -#endif -#ifdef B1800 - {B1800, 1800}, -#endif -#ifdef B2400 - {B2400, 2400}, -#endif -#ifdef B4800 - {B4800, 4800}, -#endif -#ifdef B9600 - {B9600, 9600}, -#endif -#ifdef B19200 - {B19200, 19200}, -#endif -#ifdef EXTA - {EXTA, 19200}, -#endif -#ifdef B38400 - {B38400, 38400}, -#endif -#ifdef EXTB - {EXTB, 38400}, -#endif -#ifdef B57600 - {B57600, 57600}, -#endif -#ifdef B115200 - {B115200, 115200}, -#endif -#ifdef B153600 - {B153600, 153600}, -#endif -#ifdef B230400 - {B230400, 230400}, -#endif -#ifdef B307200 - {B307200, 307200}, -#endif -#ifdef B460800 - {B460800, 460800}, -#endif -}; - -#define N (sizeof(conv)/sizeof(*conv)) - -int -speed_t2int (speed_t s) -{ - int l, r, m; - - l = 0; - r = N - 1; - while(l <= r) { - m = (l + r) / 2; - if (conv[m].speed == s) - return conv[m].bps; - else if(conv[m].speed < s) - l = m + 1; - else - r = m - 1; - } - return -1; -} - -/* - * - */ - -speed_t -int2speed_t (int i) -{ - int l, r, m; - - l = 0; - r = N - 1; - while(l <= r) { - m = (l + r) / 2; - if (conv[m].bps == i) - return conv[m].speed; - else if(conv[m].bps < i) - l = m + 1; - else - r = m - 1; - } - return -1; -} - -/* - * If there are any IP options on `sock', die. - */ - -void -ip_options_and_die (int sock, struct sockaddr_in *fromp) -{ -#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT) - u_char optbuf[BUFSIZ/3], *cp; - char lbuf[BUFSIZ], *lp; - int optsize = sizeof(optbuf), ipproto; - struct protoent *ip; - - if ((ip = getprotobyname("ip")) != NULL) - ipproto = ip->p_proto; - else - ipproto = IPPROTO_IP; - if (getsockopt(sock, ipproto, IP_OPTIONS, - (void *)optbuf, &optsize) == 0 && - optsize != 0) { - lp = lbuf; - for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) - snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp); - syslog(LOG_NOTICE, - "Connection received from %s using IP options (dead):%s", - inet_ntoa(fromp->sin_addr), lbuf); - exit(1); - } -#endif -} - -void -warning(const char *fmt, ...) -{ - char *rstar_no_warn = getenv("RSTAR_NO_WARN"); - va_list args; - - va_start(args, fmt); - if (rstar_no_warn == NULL) - rstar_no_warn = ""; - if (strncmp(rstar_no_warn, "yes", 3) != 0) { - /* XXX */ - fprintf(stderr, "%s: warning, using standard ", __progname); - vwarnx(fmt, args); - } - va_end(args); -} - -/* - * setuid but work-around Linux 2.2.15 bug with setuid and capabilities - */ - -void -paranoid_setuid (uid_t uid) -{ - if (setuid (uid) < 0) - err (1, "setuid"); - if (uid != 0 && setuid (0) == 0) { - syslog(LOG_ALERT | LOG_AUTH, - "Failed to drop privileges for uid %u", (unsigned)uid); - err (1, "setuid"); - } -} diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c deleted file mode 100644 index 660be91..0000000 --- a/crypto/kerberosIV/appl/bsd/rcp.c +++ /dev/null @@ -1,1047 +0,0 @@ -/* - * Copyright (c) 1983, 1990, 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $"); - -/* Globals */ -static char dst_realm_buf[REALM_SZ]; -static char *dest_realm = NULL; -static int use_kerberos = 1; - -static int doencrypt = 0; -#define OPTIONS "dfKk:prtxl:" - -static char *user_name = NULL; /* Given as -l option. */ - -static int errs, rem; -static struct passwd *pwd; -static u_short port; -static uid_t userid; -static int pflag, iamremote, iamrecursive, targetshouldbedirectory; - -static int argc_copy; -static char **argv_copy; - -#define CMDNEEDS 64 -static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ - -void rsource(char *name, struct stat *statp); - -#define SERVICE_NAME "rcmd" - -CREDENTIALS cred; -MSG_DAT msg_data; -struct sockaddr_in foreign_addr, local_addr; -Key_schedule schedule; - -KTEXT_ST ticket; -AUTH_DAT kdata; - -static void -send_auth(char *h, char *r) -{ - int lslen, fslen, status; - long opts; - - lslen = sizeof(struct sockaddr_in); - if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0) - err(1, "getsockname"); - fslen = sizeof(struct sockaddr_in); - if (getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0) - err(1, "getpeername"); - if ((r == NULL) || (*r == '\0')) - r = krb_realmofhost(h); - opts = KOPT_DO_MUTUAL; - if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, - (unsigned long)getpid(), &msg_data, &cred, - schedule, &local_addr, - &foreign_addr, "KCMDV0.1")) != KSUCCESS) - errx(1, "krb_sendauth failure: %s", krb_get_err_text(status)); -} - -static void -answer_auth(void) -{ - int lslen, fslen, status; - long opts; - char inst[INST_SZ], v[9]; - - lslen = sizeof(struct sockaddr_in); - if (getsockname(rem, (struct sockaddr *)&local_addr, &lslen) < 0) - err(1, "getsockname"); - fslen = sizeof(struct sockaddr_in); - if(getpeername(rem, (struct sockaddr *)&foreign_addr, &fslen) < 0) - err(1, "getperrname"); - k_getsockinst(rem, inst, sizeof(inst)); - opts = KOPT_DO_MUTUAL; - if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst, - &foreign_addr, &local_addr, - &kdata, "", schedule, v)) != KSUCCESS) - errx(1, "krb_recvauth failure: %s", krb_get_err_text(status)); -} - -static int -des_read(int fd, char *buf, int len) -{ - if (doencrypt) - return(des_enc_read(fd, buf, len, schedule, - (iamremote? &kdata.session : &cred.session))); - else - return(read(fd, buf, len)); -} - -static int -des_write(int fd, char *buf, int len) -{ - if (doencrypt) - return(des_enc_write(fd, buf, len, schedule, - (iamremote? &kdata.session : &cred.session))); - else - return(write(fd, buf, len)); -} - -static void run_err(const char *fmt, ...) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; - - -static void -run_err(const char *fmt, ...) -{ - char errbuf[1024]; - - va_list args; - va_start(args, fmt); - ++errs; -#define RCPERR "\001rcp: " - strlcpy (errbuf, RCPERR, sizeof(errbuf)); - vsnprintf (errbuf + strlen(errbuf), - sizeof(errbuf) - strlen(errbuf), - fmt, args); - strlcat (errbuf, "\n", sizeof(errbuf)); - des_write (rem, errbuf, strlen(errbuf)); - if (!iamremote) - vwarnx(fmt, args); - va_end(args); -} - -static void -verifydir(char *cp) -{ - struct stat stb; - - if (!stat(cp, &stb)) { - if (S_ISDIR(stb.st_mode)) - return; - errno = ENOTDIR; - } - run_err("%s: %s", cp, strerror(errno)); - exit(1); -} - -#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) - -static BUF * -allocbuf(BUF *bp, int fd, int blksize) -{ - struct stat stb; - size_t size; - - if (fstat(fd, &stb) < 0) { - run_err("fstat: %s", strerror(errno)); - return (0); - } -#ifdef HAVE_ST_BLKSIZE - size = ROUNDUP(stb.st_blksize, blksize); -#else - size = blksize; -#endif - if (size == 0) - size = blksize; - if (bp->cnt >= size) - return (bp); - if (bp->buf == NULL) - bp->buf = malloc(size); - else - bp->buf = realloc(bp->buf, size); - if (bp->buf == NULL) { - bp->cnt = 0; - run_err("%s", strerror(errno)); - return (0); - } - bp->cnt = size; - return (bp); -} - -static void -usage(void) -{ - fprintf(stderr, "%s\n\t%s\n", - "usage: rcp [-Kpx] [-k realm] f1 f2", - "or: rcp [-Kprx] [-k realm] f1 ... fn directory"); - exit(1); -} - -static void -oldw(const char *s) -{ - char *rstar_no_warn = getenv("RSTAR_NO_WARN"); - if (rstar_no_warn == 0) - rstar_no_warn = ""; - if (strncmp(rstar_no_warn, "yes", 3) != 0) - warnx("%s, using standard rcp", s); -} - -static RETSIGTYPE -lostconn(int signo) -{ - if (!iamremote) - warnx("lost connection"); - exit(1); -} - -static int -response(void) -{ - char ch, *cp, resp, rbuf[BUFSIZ]; - - if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp)) - lostconn(0); - - cp = rbuf; - switch(resp) { - case 0: /* ok */ - return (0); - default: - *cp++ = resp; - /* FALLTHROUGH */ - case 1: /* error, followed by error msg */ - case 2: /* fatal error, "" */ - do { - if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) - lostconn(0); - *cp++ = ch; - } while (cp < &rbuf[BUFSIZ] && ch != '\n'); - - if (!iamremote) - write(STDERR_FILENO, rbuf, cp - rbuf); - ++errs; - if (resp == 1) - return (-1); - exit(1); - } - /* NOTREACHED */ -} - -static void -source(int argc, char **argv) -{ - struct stat stb; - static BUF buffer; - BUF *bp; - off_t i; - int amt, fd, haderr, indx, result; - char *last, *name, buf[BUFSIZ]; - - for (indx = 0; indx < argc; ++indx) { - name = argv[indx]; - if ((fd = open(name, O_RDONLY, 0)) < 0) - goto syserr; - if (fstat(fd, &stb)) { -syserr: run_err("%s: %s", name, strerror(errno)); - goto next; - } - switch (stb.st_mode & S_IFMT) { - case S_IFREG: - break; - case S_IFDIR: - if (iamrecursive) { - rsource(name, &stb); - goto next; - } - /* FALLTHROUGH */ - default: - run_err("%s: not a regular file", name); - goto next; - } - if ((last = strrchr(name, '/')) == NULL) - last = name; - else - ++last; - if (pflag) { - /* - * Make it compatible with possible future - * versions expecting microseconds. - */ - snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", - (long)stb.st_mtime, (long)stb.st_atime); - des_write(rem, buf, strlen(buf)); - if (response() < 0) - goto next; - } - snprintf(buf, sizeof(buf), "C%04o %ld %s\n", - (int)stb.st_mode & MODEMASK, (long) stb.st_size, last); - des_write(rem, buf, strlen(buf)); - if (response() < 0) - goto next; - if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { -next: close(fd); - continue; - } - - /* Keep writing after an error so that we stay sync'd up. */ - for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { - amt = bp->cnt; - if (i + amt > stb.st_size) - amt = stb.st_size - i; - if (!haderr) { - result = read(fd, bp->buf, amt); - if (result != amt) - haderr = result >= 0 ? EIO : errno; - } - if (haderr) - des_write(rem, bp->buf, amt); - else { - result = des_write(rem, bp->buf, amt); - if (result != amt) - haderr = result >= 0 ? EIO : errno; - } - } - if (close(fd) && !haderr) - haderr = errno; - if (!haderr) - des_write(rem, "", 1); - else - run_err("%s: %s", name, strerror(haderr)); - response(); - } -} - -void -rsource(char *name, struct stat *statp) -{ - DIR *dirp; - struct dirent *dp; - char *last, *vect[1], path[MaxPathLen]; - char *p; - - if (!(dirp = opendir(name))) { - run_err("%s: %s", name, strerror(errno)); - return; - } - for (p = name + strlen(name) - 1; p >= name && *p == '/'; --p) - *p = '\0'; - - last = strrchr(name, '/'); - if (last == 0) - last = name; - else - last++; - if (pflag) { - snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", - (long)statp->st_mtime, (long)statp->st_atime); - des_write(rem, path, strlen(path)); - if (response() < 0) { - closedir(dirp); - return; - } - } - snprintf(path, sizeof(path), - "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last); - des_write(rem, path, strlen(path)); - if (response() < 0) { - closedir(dirp); - return; - } - while ((dp = readdir(dirp))) { - if (dp->d_ino == 0) - continue; - if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) - continue; - if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) { - run_err("%s/%s: name too long", name, dp->d_name); - continue; - } - if (snprintf(path, sizeof(path), - "%s/%s", name, dp->d_name) >= sizeof(path)) { - run_err("%s/%s: name too long", name, dp->d_name); - continue; - } - vect[0] = path; - source(1, vect); - } - closedir(dirp); - des_write(rem, "E\n", 2); - response(); -} - -static int -kerberos(char **host, char *bp, char *locuser, char *user) -{ - int sock = -1, err; - - if (use_kerberos) { - paranoid_setuid(getuid()); - rem = KSUCCESS; - errno = 0; - if (dest_realm == NULL) - dest_realm = krb_realmofhost(*host); - -#if 0 - rem = krcmd(host, port, user, bp, 0, dest_realm); -#else - err = kcmd( - &sock, - host, - port, - NULL, /* locuser not used */ - user, - bp, - 0, - &ticket, - SERVICE_NAME, - dest_realm, - (CREDENTIALS *) NULL, /* credentials not used */ - 0, /* key schedule not used */ - (MSG_DAT *) NULL, /* MSG_DAT not used */ - (struct sockaddr_in *) NULL, /* local addr not used */ - (struct sockaddr_in *) NULL, /* foreign addr not used */ - 0L); /* authopts */ - if (err > KSUCCESS && err < MAX_KRB_ERRORS) { - warnx("kcmd: %s", krb_get_err_text(err)); - rem = -1; - } else if (err < 0) - rem = -1; - else - rem = sock; -#endif - if (rem < 0) { - if (errno == ECONNREFUSED) - oldw("remote host doesn't support Kerberos"); - else if (errno == ENOENT) - oldw("can't provide Kerberos authentication data"); - execv(_PATH_RCP, argv_copy); - } - } else { - if (doencrypt) - errx(1, - "the -x option requires Kerberos authentication"); - if (geteuid() != 0) { - errx(1, "not installed setuid root, " - "only root may use non kerberized rcp"); - } - rem = rcmd(host, port, locuser, user, bp, 0); - } - return (rem); -} - -static void -toremote(char *targ, int argc, char **argv) -{ - int i, len; -#ifdef IP_TOS - int tos; -#endif - char *bp, *host, *src, *suser, *thost, *tuser; - - *targ++ = 0; - if (*targ == 0) - targ = "."; - - if ((thost = strchr(argv[argc - 1], '@'))) { - /* user@host */ - *thost++ = 0; - tuser = argv[argc - 1]; - if (*tuser == '\0') - tuser = NULL; - else if (!okname(tuser)) - exit(1); - } else { - thost = argv[argc - 1]; - tuser = user_name; - } - - for (i = 0; i < argc - 1; i++) { - src = colon(argv[i]); - if (src) { /* remote to remote */ - *src++ = 0; - if (*src == 0) - src = "."; - host = strchr(argv[i], '@'); - if (host) { - *host++ = 0; - suser = argv[i]; - if (*suser == '\0') - suser = pwd->pw_name; - else if (!okname(suser)) - continue; - asprintf(&bp, "%s %s -l %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, host, suser, cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - } else - asprintf(&bp, "exec %s %s -n %s %s '%s%s%s:%s'", - _PATH_RSH, argv[i], cmd, src, - tuser ? tuser : "", tuser ? "@" : "", - thost, targ); - if(bp == NULL) - errx(1, "out of memory"); - susystem(bp, userid); - free(bp); - } else { /* local to remote */ - if (rem == -1) { - len = strlen(targ) + CMDNEEDS + 20; - if (!(bp = malloc(len))) - err(1, " "); - snprintf(bp, len, "%s -t %s", cmd, targ); - host = thost; - if (use_kerberos) - rem = kerberos(&host, bp, -#ifdef __CYGWIN32__ - tuser, -#else - pwd->pw_name, -#endif - tuser ? tuser : pwd->pw_name); - else - rem = rcmd(&host, port, -#ifdef __CYGWIN32__ - tuser, -#else - pwd->pw_name, -#endif - tuser ? tuser : pwd->pw_name, - bp, 0); - if (rem < 0) - exit(1); -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_THROUGHPUT; - if (setsockopt(rem, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) - warn("TOS (ignored)"); -#endif /* IP_TOS */ - if (doencrypt) - send_auth(host, dest_realm); - if (response() < 0) - exit(1); - free(bp); - paranoid_setuid(userid); - } - source(1, argv+i); - } - } -} - -static void -sink(int argc, char **argv) -{ - static BUF buffer; - struct stat stb; - struct timeval tv[2]; - enum { YES, NO, DISPLAYED } wrerr; - BUF *bp; - off_t i, j; - int amt, count, exists, first, mask, mode, ofd, omode; - int setimes, size, targisdir, wrerrno=0; - char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ]; - -#define atime tv[0] -#define mtime tv[1] -#define SCREWUP(str) { why = str; goto screwup; } - - setimes = targisdir = 0; - mask = umask(0); - if (!pflag) - umask(mask); - if (argc != 1) { - run_err("ambiguous target"); - exit(1); - } - targ = *argv; - if (targetshouldbedirectory) - verifydir(targ); - des_write(rem, "", 1); - if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) - targisdir = 1; - for (first = 1;; first = 0) { - cp = buf; - if (des_read(rem, cp, 1) <= 0) - return; - if (*cp++ == '\n') - SCREWUP("unexpected <newline>"); - do { - if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) - SCREWUP("lost connection"); - *cp++ = ch; - } while (cp < &buf[BUFSIZ - 1] && ch != '\n'); - *cp = 0; - - if (buf[0] == '\01' || buf[0] == '\02') { - if (iamremote == 0) - write(STDERR_FILENO, - buf + 1, strlen(buf + 1)); - if (buf[0] == '\02') - exit(1); - ++errs; - continue; - } - if (buf[0] == 'E') { - des_write(rem, "", 1); - return; - } - - if (ch == '\n') - *--cp = 0; - -#define getnum(t) \ - do { \ - (t) = 0; \ - while (isdigit((unsigned char)*cp)) \ - (t) = (t) * 10 + (*cp++ - '0'); \ - } while(0) - - cp = buf; - if (*cp == 'T') { - setimes++; - cp++; - getnum(mtime.tv_sec); - if (*cp++ != ' ') - SCREWUP("mtime.sec not delimited"); - getnum(mtime.tv_usec); - if (*cp++ != ' ') - SCREWUP("mtime.usec not delimited"); - getnum(atime.tv_sec); - if (*cp++ != ' ') - SCREWUP("atime.sec not delimited"); - getnum(atime.tv_usec); - if (*cp++ != '\0') - SCREWUP("atime.usec not delimited"); - des_write(rem, "", 1); - continue; - } - if (*cp != 'C' && *cp != 'D') { - /* - * Check for the case "rcp remote:foo\* local:bar". - * In this case, the line "No match." can be returned - * by the shell before the rcp command on the remote is - * executed so the ^Aerror_message convention isn't - * followed. - */ - if (first) { - run_err("%s", cp); - exit(1); - } - SCREWUP("expected control record"); - } - mode = 0; - for (++cp; cp < buf + 5; cp++) { - if (*cp < '0' || *cp > '7') - SCREWUP("bad mode"); - mode = (mode << 3) | (*cp - '0'); - } - if (*cp++ != ' ') - SCREWUP("mode not delimited"); - - for (size = 0; isdigit((unsigned char)*cp);) - size = size * 10 + (*cp++ - '0'); - if (*cp++ != ' ') - SCREWUP("size not delimited"); - if (targisdir) { - static char *namebuf; - static int cursize; - size_t need; - - need = strlen(targ) + strlen(cp) + 250; - if (need > cursize) { - if (!(namebuf = malloc(need))) - run_err("%s", strerror(errno)); - } - snprintf(namebuf, need, "%s%s%s", targ, - *targ ? "/" : "", cp); - np = namebuf; - } else - np = targ; - exists = stat(np, &stb) == 0; - if (buf[0] == 'D') { - int mod_flag = pflag; - if (exists) { - if (!S_ISDIR(stb.st_mode)) { - errno = ENOTDIR; - goto bad; - } - if (pflag) - chmod(np, mode); - } else { - /* Handle copying from a read-only directory */ - mod_flag = 1; - if (mkdir(np, mode | S_IRWXU) < 0) - goto bad; - } - vect[0] = np; - sink(1, vect); - if (setimes) { - struct utimbuf times; - times.actime = atime.tv_sec; - times.modtime = mtime.tv_sec; - setimes = 0; - if (utime(np, ×) < 0) - run_err("%s: set times: %s", - np, strerror(errno)); - } - if (mod_flag) - chmod(np, mode); - continue; - } - omode = mode; - mode |= S_IWRITE; - if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { -bad: run_err("%s: %s", np, strerror(errno)); - continue; - } - des_write(rem, "", 1); - if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { - close(ofd); - continue; - } - cp = bp->buf; - wrerr = NO; - for (count = i = 0; i < size; i += BUFSIZ) { - amt = BUFSIZ; - if (i + amt > size) - amt = size - i; - count += amt; - do { - j = des_read(rem, cp, amt); - if (j <= 0) { - run_err("%s", j ? strerror(errno) : - "dropped connection"); - exit(1); - } - amt -= j; - cp += j; - } while (amt > 0); - if (count == bp->cnt) { - /* Keep reading so we stay sync'd up. */ - if (wrerr == NO) { - j = write(ofd, bp->buf, count); - if (j != count) { - wrerr = YES; - wrerrno = j >= 0 ? EIO : errno; - } - } - count = 0; - cp = bp->buf; - } - } - if (count != 0 && wrerr == NO && - (j = write(ofd, bp->buf, count)) != count) { - wrerr = YES; - wrerrno = j >= 0 ? EIO : errno; - } - if (ftruncate(ofd, size)) { - run_err("%s: truncate: %s", np, strerror(errno)); - wrerr = DISPLAYED; - } - if (pflag) { - if (exists || omode != mode) -#ifdef HAVE_FCHMOD - if (fchmod(ofd, omode)) -#else - if (chmod(np, omode)) -#endif - run_err("%s: set mode: %s", - np, strerror(errno)); - } else { - if (!exists && omode != mode) -#ifdef HAVE_FCHMOD - if (fchmod(ofd, omode & ~mask)) -#else - if (chmod(np, omode & ~mask)) -#endif - run_err("%s: set mode: %s", - np, strerror(errno)); - } - close(ofd); - response(); - if (setimes && wrerr == NO) { - struct utimbuf times; - times.actime = atime.tv_sec; - times.modtime = mtime.tv_sec; - setimes = 0; - if (utime(np, ×) < 0) { - run_err("%s: set times: %s", - np, strerror(errno)); - wrerr = DISPLAYED; - } - } - switch(wrerr) { - case YES: - run_err("%s: %s", np, strerror(wrerrno)); - break; - case NO: - des_write(rem, "", 1); - break; - case DISPLAYED: - break; - } - } -screwup: - run_err("protocol error: %s", why); - exit(1); -} - -static void -tolocal(int argc, char **argv) -{ - int i, len; -#ifdef IP_TOS - int tos; -#endif - char *bp, *host, *src, *suser; - - for (i = 0; i < argc - 1; i++) { - if (!(src = colon(argv[i]))) { /* Local to local. */ - len = strlen(_PATH_CP) + strlen(argv[i]) + - strlen(argv[argc - 1]) + 20; - if (!(bp = malloc(len))) - err(1, " "); - snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, - iamrecursive ? " -r" : "", pflag ? " -p" : "", - argv[i], argv[argc - 1]); - if (susystem(bp, userid)) - ++errs; - free(bp); - continue; - } - *src++ = 0; - if (*src == 0) - src = "."; - if ((host = strchr(argv[i], '@')) == NULL) { -#ifdef __CYGWIN32__ - errx (1, "Sorry, you need to specify the username"); -#else - host = argv[i]; - suser = pwd->pw_name; - if (user_name) - suser = user_name; -#endif - } else { - *host++ = 0; - suser = argv[i]; - if (*suser == '\0') -#ifdef __CYGWIN32__ - errx (1, "Sorry, you need to specify the username"); -#else - suser = pwd->pw_name; -#endif - else if (!okname(suser)) - continue; - } - len = strlen(src) + CMDNEEDS + 20; - if ((bp = malloc(len)) == NULL) - err(1, " "); - snprintf(bp, len, "%s -f %s", cmd, src); - rem = - use_kerberos ? - kerberos(&host, bp, -#ifndef __CYGWIN32__ - pwd->pw_name, -#else - suser, -#endif - suser) : - rcmd(&host, port, -#ifndef __CYGWIN32__ - pwd->pw_name, -#else - suser, -#endif - suser, bp, 0); - free(bp); - if (rem < 0) { - ++errs; - continue; - } - seteuid(userid); -#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_THROUGHPUT; - if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos, - sizeof(int)) < 0) - warn("TOS (ignored)"); -#endif /* IP_TOS */ - if (doencrypt) - send_auth(host, dest_realm); - sink(1, argv + argc - 1); - seteuid(0); - close(rem); - rem = -1; - } -} - - -int -main(int argc, char **argv) -{ - int ch, fflag, tflag; - char *targ; - int i; - - set_progname(argv[0]); - - /* - * Prepare for execing ourselves. - */ - - argc_copy = argc + 1; - argv_copy = malloc((argc_copy + 1) * sizeof(*argv_copy)); - if (argv_copy == NULL) - err(1, "malloc"); - argv_copy[0] = argv[0]; - argv_copy[1] = "-K"; - for(i = 1; i < argc; ++i) { - argv_copy[i + 1] = strdup(argv[i]); - if (argv_copy[i + 1] == NULL) - errx(1, "strdup: out of memory"); - } - argv_copy[argc + 1] = NULL; - - - fflag = tflag = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != -1) - switch(ch) { /* User-visible flags. */ - case 'K': - use_kerberos = 0; - break; - case 'k': - dest_realm = dst_realm_buf; - strlcpy(dst_realm_buf, optarg, REALM_SZ); - break; - case 'x': - doencrypt = 1; - LEFT_JUSTIFIED = 1; - break; - case 'p': - pflag = 1; - break; - case 'r': - iamrecursive = 1; - break; - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; - break; - case 'f': /* "from" */ - iamremote = 1; - fflag = 1; - break; - case 't': /* "to" */ - iamremote = 1; - tflag = 1; - break; - case 'l': - user_name = optarg; - break; - case '?': - default: - usage(); - } - argc -= optind; - argv += optind; - - /* Rcp implements encrypted file transfer without using the - * kshell service, pass 0 for no encryption */ - port = get_shell_port(use_kerberos, 0); - - userid = getuid(); - -#ifndef __CYGWIN32__ - if ((pwd = k_getpwuid(userid)) == NULL) - errx(1, "unknown user %d", (int)userid); -#endif - - rem = STDIN_FILENO; /* XXX */ - - if (fflag || tflag) { - if (doencrypt) - answer_auth(); - if(fflag) - response(); - if(do_osfc2_magic(pwd->pw_uid)) - exit(1); - paranoid_setuid(userid); - if (k_hasafs()) { - /* Sometimes we will need cell specific tokens - * to be able to read and write files, thus, - * the token stuff done in rshd might not - * suffice. - */ - char cell[64]; - if (k_afs_cell_of_file(pwd->pw_dir, - cell, sizeof(cell)) == 0) - krb_afslog(cell, 0); - krb_afslog(0, 0); - } - if(fflag) - source(argc, argv); - else - sink(argc, argv); - exit(errs); - } - - if (argc < 2) - usage(); - if (argc > 2) - targetshouldbedirectory = 1; - - rem = -1; - /* Command to be executed on remote system using "rsh". */ - snprintf(cmd, sizeof(cmd), - "rcp%s%s%s%s", iamrecursive ? " -r" : "", - (doencrypt && use_kerberos ? " -x" : ""), - pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); - - signal(SIGPIPE, lostconn); - - if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ - toremote(targ, argc, argv); - else { - tolocal(argc, argv); /* Dest is local host. */ - if (targetshouldbedirectory) - verifydir(argv[argc - 1]); - } - exit(errs); -} diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c deleted file mode 100644 index 54233af..0000000 --- a/crypto/kerberosIV/appl/bsd/rcp_util.c +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $"); - -char * -colon(char *cp) -{ - if (*cp == ':') /* Leading colon is part of file name. */ - return (0); - - for (; *cp; ++cp) { - if (*cp == ':') - return (cp); - if (*cp == '/') - return (0); - } - return (0); -} - -int -okname(char *cp0) -{ - int c; - char *cp; - - cp = cp0; - do { - c = *cp; - if (c & 0200) - goto bad; - if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-') - goto bad; - } while (*++cp); - return (1); - -bad: warnx("%s: invalid user name", cp0); - return (0); -} - -int -susystem(char *s, int userid) -{ - RETSIGTYPE (*istat)(), (*qstat)(); - int status; - pid_t pid; - - pid = fork(); - switch (pid) { - case -1: - return (127); - - case 0: - if(do_osfc2_magic(userid)) - exit(1); - setuid(userid); - execl(_PATH_BSHELL, "sh", "-c", s, NULL); - _exit(127); - } - istat = signal(SIGINT, SIG_IGN); - qstat = signal(SIGQUIT, SIG_IGN); - if (waitpid(pid, &status, 0) < 0) - status = -1; - signal(SIGINT, istat); - signal(SIGQUIT, qstat); - return (status); -} diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c deleted file mode 100644 index 60bed67..0000000 --- a/crypto/kerberosIV/appl/bsd/rlogin.c +++ /dev/null @@ -1,711 +0,0 @@ -/* - * Copyright (c) 1983, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * rlogin - remote login - */ -#include "bsd_locl.h" - -RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $"); - -CREDENTIALS cred; -Key_schedule schedule; -int use_kerberos = 1, doencrypt; -char dst_realm_buf[REALM_SZ], *dest_realm = NULL; - -#ifndef CCEQ -#define c2uc(x) ((unsigned char) x) -#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0) -#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c)) -#endif - -int eight, rem; -struct termios deftty; - -int noescape; -char escapechar = '~'; - -struct winsize winsize; - -int parent, rcvcnt; -char rcvbuf[8 * 1024]; - -int child; - -static void -echo(char c) -{ - char *p; - char buf[8]; - - p = buf; - c &= 0177; - *p++ = escapechar; - if (c < ' ') { - *p++ = '^'; - *p++ = c + '@'; - } else if (c == 0177) { - *p++ = '^'; - *p++ = '?'; - } else - *p++ = c; - *p++ = '\r'; - *p++ = '\n'; - write(STDOUT_FILENO, buf, p - buf); -} - -static void -mode(int f) -{ - struct termios tty; - - switch (f) { - case 0: - tcsetattr(0, TCSANOW, &deftty); - break; - case 1: - tcgetattr(0, &deftty); - tty = deftty; - /* This is loosely derived from sys/compat/tty_compat.c. */ - tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN); - tty.c_iflag &= ~ICRNL; - tty.c_oflag &= ~OPOST; - tty.c_cc[VMIN] = 1; - tty.c_cc[VTIME] = 0; - if (eight) { - tty.c_iflag &= IXOFF; - tty.c_cflag &= ~(CSIZE|PARENB); - tty.c_cflag |= CS8; - } - tcsetattr(0, TCSANOW, &tty); - break; - default: - return; - } -} - -static void -done(int status) -{ - int w, wstatus; - - mode(0); - if (child > 0) { - /* make sure catch_child does not snap it up */ - signal(SIGCHLD, SIG_DFL); - if (kill(child, SIGKILL) >= 0) - while ((w = wait(&wstatus)) > 0 && w != child); - } - exit(status); -} - -static -RETSIGTYPE -catch_child(int foo) -{ - int status; - int pid; - - for (;;) { - pid = waitpid(-1, &status, WNOHANG|WUNTRACED); - if (pid == 0) - return; - /* if the child (reader) dies, just quit */ - if (pid < 0 || (pid == child && !WIFSTOPPED(status))) - done(WTERMSIG(status) | WEXITSTATUS(status)); - } - /* NOTREACHED */ -} - -/* - * There is a race in the SunOS5 rlogind. If the slave end has not yet - * been opened by the child when setting tty size the size is reset to - * zero when the child opens it. Therefore we send the window update - * twice. - */ - -static int tty_kludge = 1; - -/* Return the number of OOB bytes processed. */ -static int -oob_real(void) -{ - struct termios tty; - int atmark, n, out, rcvd; - char waste[BUFSIZ], mark; - - out = O_RDWR; - rcvd = 0; - if (recv(rem, &mark, 1, MSG_OOB) < 0) { - return -1; - } - if (mark & TIOCPKT_WINDOW) { - /* Let server know about window size changes */ - kill(parent, SIGUSR1); - } else if (tty_kludge) { - /* Let server know about window size changes */ - kill(parent, SIGUSR1); - tty_kludge = 0; - } - if (!eight && (mark & TIOCPKT_NOSTOP)) { - tcgetattr(0, &tty); - tty.c_iflag &= ~IXON; - tcsetattr(0, TCSANOW, &tty); - } - if (!eight && (mark & TIOCPKT_DOSTOP)) { - tcgetattr(0, &tty); - tty.c_iflag |= (deftty.c_iflag & IXON); - tcsetattr(0, TCSANOW, &tty); - } - if (mark & TIOCPKT_FLUSHWRITE) { -#ifdef TCOFLUSH - tcflush(1, TCOFLUSH); -#else - ioctl(1, TIOCFLUSH, (char *)&out); -#endif - for (;;) { - if (ioctl(rem, SIOCATMARK, &atmark) < 0) { - warn("ioctl"); - break; - } - if (atmark) - break; - n = read(rem, waste, sizeof (waste)); - if (n <= 0) - break; - } - /* - * Don't want any pending data to be output, so clear the recv - * buffer. If we were hanging on a write when interrupted, - * don't want it to restart. If we were reading, restart - * anyway. - */ - rcvcnt = 0; - } - - /* oob does not do FLUSHREAD (alas!) */ - return 1; -} - -/* reader: read from remote: line -> 1 */ -static int -reader(void) -{ - int n, remaining; - char *bufp; - int kludgep = 1; - - bufp = rcvbuf; - for (;;) { - fd_set readfds, exceptfds; - while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) { - n = write(STDOUT_FILENO, bufp, remaining); - if (n < 0) { - if (errno != EINTR) - return (-1); - continue; - } - bufp += n; - } - bufp = rcvbuf; - rcvcnt = 0; - - FD_ZERO (&readfds); - if (rem >= FD_SETSIZE) - errx (1, "fd too large"); - FD_SET (rem, &readfds); - FD_ZERO (&exceptfds); - if (kludgep) - FD_SET (rem, &exceptfds); - if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) { - if (errno == EINTR) - continue; /* Got signal */ - else - errx(1, "select failed mysteriously"); - } - - if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) { - warnx("select: nothing to read?"); - continue; - } - - if (FD_ISSET(rem, &exceptfds)) { - int foo = oob_real (); - if (foo >= 1) - continue; /* First check if there is more OOB data. */ - else if (foo < 0) - kludgep = 0; - } - - if (!FD_ISSET(rem, &readfds)) - continue; /* Nothing to read. */ - - kludgep = 1; -#ifndef NOENCRYPTION - if (doencrypt) - rcvcnt = des_enc_read(rem, rcvbuf, - sizeof(rcvbuf), - schedule, &cred.session); - else -#endif - rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); - if (rcvcnt == 0) - return (0); - if (rcvcnt < 0) { - if (errno == EINTR) - continue; - warn("read"); - return (-1); - } - } -} - -/* - * Send the window size to the server via the magic escape - */ -static void -sendwindow(void) -{ - char obuf[4 + 4 * sizeof (u_int16_t)]; - unsigned short *p; - - p = (u_int16_t *)(obuf + 4); - obuf[0] = 0377; - obuf[1] = 0377; - obuf[2] = 's'; - obuf[3] = 's'; - *p++ = htons(winsize.ws_row); - *p++ = htons(winsize.ws_col); -#ifdef HAVE_WS_XPIXEL - *p++ = htons(winsize.ws_xpixel); -#else - *p++ = htons(0); -#endif -#ifdef HAVE_WS_YPIXEL - *p++ = htons(winsize.ws_ypixel); -#else - *p++ = htons(0); -#endif - -#ifndef NOENCRYPTION - if(doencrypt) - des_enc_write(rem, obuf, sizeof(obuf), schedule, - &cred.session); - else -#endif - write(rem, obuf, sizeof(obuf)); -} - -static -RETSIGTYPE -sigwinch(int foo) -{ - struct winsize ws; - - if (get_window_size(0, &ws) == 0 && - memcmp(&ws, &winsize, sizeof(ws))) { - winsize = ws; - sendwindow(); - } -} - -static void -stop(int all) -{ - mode(0); - signal(SIGCHLD, SIG_IGN); - kill(all ? 0 : getpid(), SIGTSTP); - signal(SIGCHLD, catch_child); - mode(1); -#ifdef SIGWINCH - kill(SIGWINCH, getpid()); /* check for size changes, if caught */ -#endif -} - -/* - * writer: write to remote: 0 -> line. - * ~. terminate - * ~^Z suspend rlogin process. - * ~<delayed-suspend char> suspend rlogin process, but leave reader alone. - */ -static void -writer(void) -{ - int bol, local, n; - char c; - - bol = 1; /* beginning of line */ - local = 0; - for (;;) { - n = read(STDIN_FILENO, &c, 1); - if (n <= 0) { - if (n < 0 && errno == EINTR) - continue; - break; - } - /* - * If we're at the beginning of the line and recognize a - * command character, then we echo locally. Otherwise, - * characters are echo'd remotely. If the command character - * is doubled, this acts as a force and local echo is - * suppressed. - */ - if (bol) { - bol = 0; - if (!noescape && c == escapechar) { - local = 1; - continue; - } - } else if (local) { - local = 0; - if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) { - echo(c); - break; - } - if (CCEQ(deftty.c_cc[VSUSP], c)) { - bol = 1; - echo(c); - stop(1); - continue; - } -#ifdef VDSUSP - /* Is VDSUSP called something else on Linux? - * Perhaps VDELAY is a better thing? */ - if (CCEQ(deftty.c_cc[VDSUSP], c)) { - bol = 1; - echo(c); - stop(0); - continue; - } -#endif /* VDSUSP */ - if (c != escapechar) { -#ifndef NOENCRYPTION - if (doencrypt) - des_enc_write(rem, &escapechar,1, schedule, &cred.session); - else -#endif - write(rem, &escapechar, 1); - } - } - - if (doencrypt) { -#ifdef NOENCRYPTION - if (write(rem, &c, 1) == 0) { -#else - if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { -#endif - warnx("line gone"); - break; - } - } else - if (write(rem, &c, 1) == 0) { - warnx("line gone"); - break; - } - bol = CCEQ(deftty.c_cc[VKILL], c) || - CCEQ(deftty.c_cc[VEOF], c) || - CCEQ(deftty.c_cc[VINTR], c) || - CCEQ(deftty.c_cc[VSUSP], c) || - c == '\r' || c == '\n'; - } -} - -static -RETSIGTYPE -lostpeer(int foo) -{ - signal(SIGPIPE, SIG_IGN); - warnx("\aconnection closed.\r"); - done(1); -} - -/* - * This is called in the parent when the reader process gets the - * out-of-band (urgent) request to turn on the window-changing - * protocol. It is signalled from the child(reader). - */ -static -RETSIGTYPE -sigusr1(int foo) -{ - /* - * Now we now daemon supports winsize hack, - */ - sendwindow(); -#ifdef SIGWINCH - signal(SIGWINCH, sigwinch); /* so we start to support it */ -#endif - SIGRETURN(0); -} - -static void -doit(void) -{ - signal(SIGINT, SIG_IGN); - signal(SIGHUP, SIG_IGN); - signal(SIGQUIT, SIG_IGN); - - signal(SIGCHLD, catch_child); - - /* - * Child sends parent this signal for window size hack. - */ - signal(SIGUSR1, sigusr1); - - signal(SIGPIPE, lostpeer); - - mode(1); - parent = getpid(); - child = fork(); - if (child == -1) { - warn("fork"); - done(1); - } - if (child == 0) { - signal(SIGCHLD, SIG_IGN); - signal(SIGTTOU, SIG_IGN); - if (reader() == 0) - errx(1, "connection closed.\r"); - sleep(1); - errx(1, "\aconnection closed.\r"); - } - - writer(); - warnx("closed connection.\r"); - done(0); -} - -static void -usage(void) -{ - fprintf(stderr, - "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n", - "8DEKLdx", " [-k realm] "); - exit(1); -} - -static u_int -getescape(char *p) -{ - long val; - int len; - - if ((len = strlen(p)) == 1) /* use any single char, including '\' */ - return ((u_int)*p); - /* otherwise, \nnn */ - if (*p == '\\' && len >= 2 && len <= 4) { - val = strtol(++p, NULL, 8); - for (;;) { - if (!*++p) - return ((u_int)val); - if (*p < '0' || *p > '8') - break; - } - } - warnx("illegal option value -- e"); - usage(); - return 0; -} - -int -main(int argc, char **argv) -{ - struct passwd *pw; - int sv_port, user_port = 0; - int argoff, ch, dflag, Dflag, one, uid; - char *host, *user, term[1024]; - - argoff = dflag = Dflag = 0; - one = 1; - host = user = NULL; - - set_progname(argv[0]); - - /* handle "rlogin host flags" */ - if (argc > 2 && argv[1][0] != '-') { - host = argv[1]; - argoff = 1; - } - -#define OPTIONS "8DEKLde:k:l:xp:" - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) - switch(ch) { - case '8': - eight = 1; - break; - case 'D': - Dflag = 1; - break; - case 'E': - noescape = 1; - break; - case 'K': - use_kerberos = 0; - break; - case 'd': - dflag = 1; - break; - case 'e': - noescape = 0; - escapechar = getescape(optarg); - break; - case 'k': - dest_realm = dst_realm_buf; - strlcpy(dest_realm, optarg, REALM_SZ); - break; - case 'l': - user = optarg; - break; - case 'x': - doencrypt = 1; - break; - case 'p': { - char *endptr; - - user_port = strtol (optarg, &endptr, 0); - if (user_port == 0 && optarg == endptr) - errx (1, "Bad port `%s'", optarg); - user_port = htons(user_port); - break; - } - case '?': - default: - usage(); - } - optind += argoff; - - /* if haven't gotten a host yet, do so */ - if (!host && !(host = argv[optind++])) - usage(); - - if (argv[optind]) - usage(); - - if (!(pw = k_getpwuid(uid = getuid()))) - errx(1, "unknown user id."); - if (!user) - user = pw->pw_name; - - if (user_port) - sv_port = user_port; - else - sv_port = get_login_port(use_kerberos, doencrypt); - - { - char *p = getenv("TERM"); - struct termios tty; - int i; - - if (p == NULL) - p = "network"; - - if (tcgetattr(0, &tty) == 0 - && (i = speed_t2int (cfgetospeed(&tty))) > 0) - snprintf (term, sizeof(term), - "%s/%d", - p, i); - else - snprintf (term, sizeof(term), - "%s", - p); - } - - get_window_size(0, &winsize); - - if (use_kerberos) { - paranoid_setuid(getuid()); - rem = KSUCCESS; - errno = 0; - if (dest_realm == NULL) - dest_realm = krb_realmofhost(host); - - if (doencrypt) - rem = krcmd_mutual(&host, sv_port, user, term, 0, - dest_realm, &cred, schedule); - else - rem = krcmd(&host, sv_port, user, term, 0, - dest_realm); - if (rem < 0) { - int i; - char **newargv; - - if (errno == ECONNREFUSED) - warning("remote host doesn't support Kerberos"); - if (errno == ENOENT) - warning("can't provide Kerberos auth data"); - newargv = malloc((argc + 2) * sizeof(*newargv)); - if (newargv == NULL) - err(1, "malloc"); - newargv[0] = argv[0]; - newargv[1] = "-K"; - for(i = 1; i < argc; ++i) - newargv[i + 1] = argv[i]; - newargv[argc + 1] = NULL; - execv(_PATH_RLOGIN, newargv); - } - } else { - if (doencrypt) - errx(1, "the -x flag requires Kerberos authentication."); - if (geteuid() != 0) - errx(1, "not installed setuid root, " - "only root may use non kerberized rlogin"); - rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0); - } - - if (rem < 0) - exit(1); - -#ifdef HAVE_SETSOCKOPT -#ifdef SO_DEBUG - if (dflag && - setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, - sizeof(one)) < 0) - warn("setsockopt"); -#endif -#ifdef TCP_NODELAY - if (Dflag && - setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one, - sizeof(one)) < 0) - warn("setsockopt(TCP_NODELAY)"); -#endif -#ifdef IP_TOS - one = IPTOS_LOWDELAY; - if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0) - warn("setsockopt(IP_TOS)"); -#endif /* IP_TOS */ -#endif /* HAVE_SETSOCKOPT */ - - paranoid_setuid(uid); - doit(); - return 0; -} diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c deleted file mode 100644 index eae2dd6..0000000 --- a/crypto/kerberosIV/appl/bsd/rlogind.c +++ /dev/null @@ -1,970 +0,0 @@ -/*- - * Copyright (c) 1983, 1988, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * remote login server: - * \0 - * remuser\0 - * locuser\0 - * terminal_type/speed\0 - * data - */ - -#include "bsd_locl.h" - -RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $"); - -extern int __check_rhosts_file; - -char *INSECURE_MESSAGE = -"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***" -"\r\n*** Use telnet or rlogin -x instead! ***\r\n"; - -#ifndef NOENCRYPTION -char *SECURE_MESSAGE = -"This rlogin session is using DES encryption for all transmissions.\r\n"; -#else -#define SECURE_MESSAGE INSECURE_MESSAGE -#endif - -AUTH_DAT *kdata; -KTEXT ticket; -u_char auth_buf[sizeof(AUTH_DAT)]; -u_char tick_buf[sizeof(KTEXT_ST)]; -Key_schedule schedule; -int doencrypt, retval, use_kerberos, vacuous; - -#define ARGSTR "Daip:lnkvxL:" - -char *env[2]; -#define NMAX 30 -char lusername[NMAX+1], rusername[NMAX+1]; -static char term[64] = "TERM="; -#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ -int keepalive = 1; -int check_all = 0; -int no_delay = 0; - -struct passwd *pwd; - -static const char *new_login = _PATH_LOGIN; - -static void doit (int, struct sockaddr_in *); -static int control (int, char *, int); -static void protocol (int, int); -static RETSIGTYPE cleanup (int); -void fatal (int, const char *, int); -static int do_rlogin (struct sockaddr_in *); -static void setup_term (int); -static int do_krb_login (struct sockaddr_in *); -static void usage (void); - -static int -readstream(int p, char *ibuf, int bufsize) -{ -#ifndef HAVE_GETMSG - return read(p, ibuf, bufsize); -#else - static int flowison = -1; /* current state of flow: -1 is unknown */ - static struct strbuf strbufc, strbufd; - static unsigned char ctlbuf[BUFSIZ]; - static int use_read = 1; - - int flags = 0; - int ret; - struct termios tsp; - - struct iocblk ip; - char vstop, vstart; - int ixon; - int newflow; - - if (use_read) - { - ret = read(p, ibuf, bufsize); - if (ret < 0 && errno == EBADMSG) - use_read = 0; - else - return ret; - } - - strbufc.maxlen = BUFSIZ; - strbufc.buf = (char *)ctlbuf; - strbufd.maxlen = bufsize-1; - strbufd.len = 0; - strbufd.buf = ibuf+1; - ibuf[0] = 0; - - ret = getmsg(p, &strbufc, &strbufd, &flags); - if (ret < 0) /* error of some sort -- probably EAGAIN */ - return(-1); - - if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { - /* data message */ - if (strbufd.len > 0) { /* real data */ - return(strbufd.len + 1); /* count header char */ - } else { - /* nothing there */ - errno = EAGAIN; - return(-1); - } - } - - /* - * It's a control message. Return 1, to look at the flag we set - */ - - switch (ctlbuf[0]) { - case M_FLUSH: - if (ibuf[1] & FLUSHW) - ibuf[0] = TIOCPKT_FLUSHWRITE; - return(1); - - case M_IOCTL: - memcpy(&ip, (ibuf+1), sizeof(ip)); - - switch (ip.ioc_cmd) { -#ifdef TCSETS - case TCSETS: - case TCSETSW: - case TCSETSF: - memcpy(&tsp, - (ibuf+1 + sizeof(struct iocblk)), - sizeof(tsp)); - vstop = tsp.c_cc[VSTOP]; - vstart = tsp.c_cc[VSTART]; - ixon = tsp.c_iflag & IXON; - break; -#endif - default: - errno = EAGAIN; - return(-1); - } - - newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; - if (newflow != flowison) { /* it's a change */ - flowison = newflow; - ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; - return(1); - } - } - - /* nothing worth doing anything about */ - errno = EAGAIN; - return(-1); -#endif -} - -#ifdef HAVE_UTMPX_H -static int -rlogind_logout(const char *line) -{ - struct utmpx utmpx, *utxp; - int ret = 1; - - setutxent (); - memset(&utmpx, 0, sizeof(utmpx)); - utmpx.ut_type = USER_PROCESS; - strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); - utxp = getutxline(&utmpx); - if (utxp) { - utxp->ut_user[0] = '\0'; - utxp->ut_type = DEAD_PROCESS; -#ifdef HAVE_STRUCT_UTMPX_UT_EXIT -#ifdef _STRUCT___EXIT_STATUS - utxp->ut_exit.__e_termination = 0; - utxp->ut_exit.__e_exit = 0; -#elif defined(__osf__) /* XXX */ - utxp->ut_exit.ut_termination = 0; - utxp->ut_exit.ut_exit = 0; -#else - utxp->ut_exit.e_termination = 0; - utxp->ut_exit.e_exit = 0; -#endif -#endif - gettimeofday(&utxp->ut_tv, NULL); - pututxline(utxp); -#ifdef WTMPX_FILE - updwtmpx(WTMPX_FILE, utxp); -#else - ret = 0; -#endif - } - endutxent(); - return ret; -} -#else -static int -rlogind_logout(const char *line) -{ - FILE *fp; - struct utmp ut; - int rval; - - if (!(fp = fopen(_PATH_UTMP, "r+"))) - return(0); - rval = 1; - while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) { - if (!ut.ut_name[0] || - strncmp(ut.ut_line, line, sizeof(ut.ut_line))) - continue; - memset(ut.ut_name, 0, sizeof(ut.ut_name)); -#ifdef HAVE_STRUCT_UTMP_UT_HOST - memset(ut.ut_host, 0, sizeof(ut.ut_host)); -#endif -#ifdef HAVE_STRUCT_UTMP_UT_TYPE - ut.ut_type = DEAD_PROCESS; -#endif -#ifdef HAVE_STRUCT_UTMP_UT_EXIT -#ifdef _STRUCT___EXIT_STATUS - ut.ut_exit.__e_termination = 0; - ut.ut_exit.__e_exit = 0; -#elif defined(__osf__) /* XXX */ - ut.ut_exit.ut_termination = 0; - ut.ut_exit.ut_exit = 0; -#else - ut.ut_exit.e_termination = 0; - ut.ut_exit.e_exit = 0; -#endif -#endif - ut.ut_time = time(NULL); - fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); - fwrite(&ut, sizeof(struct utmp), 1, fp); - fseek(fp, (long)0, SEEK_CUR); - rval = 0; - } - fclose(fp); - return(rval); -} -#endif - -#ifndef HAVE_LOGWTMP -static void -logwtmp(const char *line, const char *name, const char *host) -{ - struct utmp ut; - struct stat buf; - int fd; - - memset (&ut, 0, sizeof(ut)); - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) - return; - if (!fstat(fd, &buf)) { - strncpy(ut.ut_line, line, sizeof(ut.ut_line)); - strncpy(ut.ut_name, name, sizeof(ut.ut_name)); -#ifdef HAVE_STRUCT_UTMP_UT_ID - strncpy(ut.ut_id, make_id((char *)line), sizeof(ut.ut_id)); -#endif -#ifdef HAVE_STRUCT_UTMP_UT_HOST - strncpy(ut.ut_host, host, sizeof(ut.ut_host)); -#endif -#ifdef HAVE_STRUCT_UTMP_UT_PID - ut.ut_pid = getpid(); -#endif -#ifdef HAVE_STRUCT_UTMP_UT_TYPE - if(name[0]) - ut.ut_type = USER_PROCESS; - else - ut.ut_type = DEAD_PROCESS; -#endif - ut.ut_time = time(NULL); - if (write(fd, &ut, sizeof(struct utmp)) != - sizeof(struct utmp)) - ftruncate(fd, buf.st_size); - } - close(fd); -} -#endif - -int -main(int argc, char **argv) -{ - struct sockaddr_in from; - int ch, fromlen, on; - int interactive = 0; - int portnum = 0; - - set_progname(argv[0]); - - openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); - - opterr = 0; - while ((ch = getopt(argc, argv, ARGSTR)) != -1) - switch (ch) { - case 'D': - no_delay = 1; - break; - case 'a': - break; - case 'i': - interactive = 1; - break; - case 'p': - portnum = htons(atoi(optarg)); - break; - case 'l': - __check_rhosts_file = 0; - break; - case 'n': - keepalive = 0; - break; - case 'k': - use_kerberos = 1; - break; - case 'v': - vacuous = 1; - break; - case 'x': - doencrypt = 1; - break; - case 'L': - new_login = optarg; - break; - case '?': - default: - usage(); - break; - } - argc -= optind; - argv += optind; - - if (use_kerberos && vacuous) { - usage(); - fatal(STDERR_FILENO, "only one of -k and -v allowed", 0); - } - if (interactive) { - if(portnum == 0) - portnum = get_login_port (use_kerberos, doencrypt); - mini_inetd (portnum); - } - - fromlen = sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { - syslog(LOG_ERR,"Can't get peer name of remote host: %m"); - fatal(STDERR_FILENO, "Can't get peer name of remote host", 1); - } - on = 1; -#ifdef HAVE_SETSOCKOPT -#ifdef SO_KEEPALIVE - if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, - sizeof (on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); -#endif -#ifdef TCP_NODELAY - if (no_delay && - setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on, - sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); -#endif - -#ifdef IP_TOS - on = IPTOS_LOWDELAY; - if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); -#endif -#endif /* HAVE_SETSOCKOPT */ - doit(0, &from); - return 0; -} - -int child; -int netf; -char line[MaxPathLen]; -int confirmed; - -struct winsize win = { 0, 0, 0, 0 }; - - -static void -doit(int f, struct sockaddr_in *fromp) -{ - int master, pid, on = 1; - int authenticated = 0; - char hostname[2 * MaxHostNameLen + 1]; - char c; - - alarm(60); - read(f, &c, 1); - - if (c != 0) - exit(1); - if (vacuous) - fatal(f, "Remote host requires Kerberos authentication", 0); - - alarm(0); - inaddr2str (fromp->sin_addr, hostname, sizeof(hostname)); - - if (use_kerberos) { - retval = do_krb_login(fromp); - if (retval == 0) - authenticated++; - else if (retval > 0) - fatal(f, krb_get_err_text(retval), 0); - write(f, &c, 1); - confirmed = 1; /* we sent the null! */ - } else { - fromp->sin_port = ntohs((u_short)fromp->sin_port); - if (fromp->sin_family != AF_INET || - fromp->sin_port >= IPPORT_RESERVED || - fromp->sin_port < IPPORT_RESERVED/2) { - syslog(LOG_NOTICE, "Connection from %s on illegal port", - inet_ntoa(fromp->sin_addr)); - fatal(f, "Permission denied", 0); - } - ip_options_and_die (0, fromp); - if (do_rlogin(fromp) == 0) - authenticated++; - } - if (confirmed == 0) { - write(f, "", 1); - confirmed = 1; /* we sent the null! */ - } -#ifndef NOENCRYPTION - if (doencrypt) - des_enc_write(f, SECURE_MESSAGE, - strlen(SECURE_MESSAGE), - schedule, &kdata->session); - else -#endif - write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE)); - netf = f; - -#ifdef HAVE_FORKPTY - pid = forkpty(&master, line, NULL, NULL); -#else - pid = forkpty_truncate(&master, line, sizeof(line), NULL, NULL); -#endif - if (pid < 0) { - if (errno == ENOENT) - fatal(f, "Out of ptys", 0); - else - fatal(f, "Forkpty", 1); - } - if (pid == 0) { - if (f > 2) /* f should always be 0, but... */ - close(f); - setup_term(0); - if (lusername[0] == '-'){ - syslog(LOG_ERR, "tried to pass user \"%s\" to login", - lusername); - fatal(STDERR_FILENO, "invalid user", 0); - } - if (authenticated) { - if (use_kerberos && (pwd->pw_uid == 0)) - syslog(LOG_INFO|LOG_AUTH, - "ROOT Kerberos login from %s on %s\n", - krb_unparse_name_long(kdata->pname, - kdata->pinst, - kdata->prealm), - hostname); - - execl(new_login, "login", "-p", - "-h", hostname, "-f", "--", lusername, 0); - } else if (use_kerberos) { - fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n", - krb_unparse_name_long(kdata->pname, - kdata->pinst, - kdata->prealm), - lusername); - exit(1); - } else - execl(new_login, "login", "-p", - "-h", hostname, "--", lusername, 0); - fatal(STDERR_FILENO, new_login, 1); - /*NOTREACHED*/ - } - /* - * If encrypted, don't turn on NBIO or the des read/write - * routines will croak. - */ - - if (!doencrypt) - ioctl(f, FIONBIO, &on); - ioctl(master, FIONBIO, &on); - ioctl(master, TIOCPKT, &on); -#ifdef SIGTSTP - signal(SIGTSTP, SIG_IGN); -#endif - signal(SIGCHLD, cleanup); - setsid(); - protocol(f, master); - signal(SIGCHLD, SIG_IGN); - cleanup(0); -} - -const char magic[2] = { 0377, 0377 }; - -/* - * Handle a "control" request (signaled by magic being present) - * in the data stream. For now, we are only willing to handle - * window size changes. - */ -static int -control(int master, char *cp, int n) -{ - struct winsize w; - char *p; - u_int32_t tmp; - - if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's') - return (0); -#ifdef TIOCSWINSZ - p = cp + 4; - p += krb_get_int(p, &tmp, 2, 0); - w.ws_row = tmp; - p += krb_get_int(p, &tmp, 2, 0); - w.ws_col = tmp; - - p += krb_get_int(p, &tmp, 2, 0); -#ifdef HAVE_WS_XPIXEL - w.ws_xpixel = tmp; -#endif - p += krb_get_int(p, &tmp, 2, 0); -#ifdef HAVE_WS_YPIXEL - w.ws_ypixel = tmp; -#endif - ioctl(master, TIOCSWINSZ, &w); -#endif - return p - cp; -} - -static -void -send_oob(int fd, char c) -{ - static char last_oob = 0xFF; - -#if (SunOS >= 50) || defined(__hpux) - /* - * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we - * can avoid sending OOB data and thus not break on Linux by merging - * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW. - */ - static int oob_kludge = 2; - if (oob_kludge == 2) - { - oob_kludge--; /* First time send nothing */ - return; - } - else if (oob_kludge == 1) - { - oob_kludge--; /* Second time merge TIOCPKT_WINDOW */ - c |= TIOCPKT_WINDOW; - } -#endif - -#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP)) - c = pkcontrol(c); - /* Multiple OOB data breaks on Linux, avoid it when possible. */ - if (c != last_oob) - send(fd, &c, 1, MSG_OOB); - last_oob = c; -} - -/* - * rlogin "protocol" machine. - */ -static void -protocol(int f, int master) -{ - char pibuf[1024+1], fibuf[1024], *pbp, *fbp; - int pcc = 0, fcc = 0; - int cc, nfd, n; - char cntl; - unsigned char oob_queue = 0; - -#ifdef SIGTTOU - /* - * Must ignore SIGTTOU, otherwise we'll stop - * when we try and set slave pty's window shape - * (our controlling tty is the master pty). - */ - signal(SIGTTOU, SIG_IGN); -#endif - - send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */ - - if (f > master) - nfd = f + 1; - else - nfd = master + 1; - if (nfd > FD_SETSIZE) { - syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE"); - fatal(f, "internal error (select mask too small)", 0); - } - for (;;) { - fd_set ibits, obits, ebits, *omask; - - FD_ZERO(&ebits); - FD_ZERO(&ibits); - FD_ZERO(&obits); - omask = (fd_set *)NULL; - if (fcc) { - FD_SET(master, &obits); - omask = &obits; - } else - FD_SET(f, &ibits); - if (pcc >= 0) { - if (pcc) { - FD_SET(f, &obits); - omask = &obits; - } else - FD_SET(master, &ibits); - } - FD_SET(master, &ebits); - if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) { - if (errno == EINTR) - continue; - fatal(f, "select", 1); - } - if (n == 0) { - /* shouldn't happen... */ - sleep(5); - continue; - } - if (FD_ISSET(master, &ebits)) { - cc = readstream(master, &cntl, 1); - if (cc == 1 && pkcontrol(cntl)) { -#if 0 /* Kludge around */ - send_oob(f, cntl); -#endif - oob_queue = cntl; - if (cntl & TIOCPKT_FLUSHWRITE) { - pcc = 0; - FD_CLR(master, &ibits); - } - } - } - if (FD_ISSET(f, &ibits)) { -#ifndef NOENCRYPTION - if (doencrypt) - fcc = des_enc_read(f, fibuf, - sizeof(fibuf), - schedule, &kdata->session); - else -#endif - fcc = read(f, fibuf, sizeof(fibuf)); - if (fcc < 0 && errno == EWOULDBLOCK) - fcc = 0; - else { - char *cp; - int left, n; - - if (fcc <= 0) - break; - fbp = fibuf; - - top: - for (cp = fibuf; cp < fibuf+fcc-1; cp++) - if (cp[0] == magic[0] && - cp[1] == magic[1]) { - left = fcc - (cp-fibuf); - n = control(master, cp, left); - if (n) { - left -= n; - if (left > 0) - memmove(cp, cp+n, left); - fcc -= n; - goto top; /* n^2 */ - } - } - FD_SET(master, &obits); /* try write */ - } - } - - if (FD_ISSET(master, &obits) && fcc > 0) { - cc = write(master, fbp, fcc); - if (cc > 0) { - fcc -= cc; - fbp += cc; - } - } - - if (FD_ISSET(master, &ibits)) { - pcc = readstream(master, pibuf, sizeof (pibuf)); - pbp = pibuf; - if (pcc < 0 && errno == EWOULDBLOCK) - pcc = 0; - else if (pcc <= 0) - break; - else if (pibuf[0] == 0) { - pbp++, pcc--; - if (!doencrypt) - FD_SET(f, &obits); /* try write */ - } else { - if (pkcontrol(pibuf[0])) { - oob_queue = pibuf[0]; -#if 0 /* Kludge around */ - send_oob(f, pibuf[0]); -#endif - } - pcc = 0; - } - } - if ((FD_ISSET(f, &obits)) && pcc > 0) { -#ifndef NOENCRYPTION - if (doencrypt) - cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session); - else -#endif - cc = write(f, pbp, pcc); - if (cc < 0 && errno == EWOULDBLOCK) { - /* - * This happens when we try write after read - * from p, but some old kernels balk at large - * writes even when select returns true. - */ - if (!FD_ISSET(master, &ibits)) - sleep(5); - continue; - } - if (cc > 0) { - pcc -= cc; - pbp += cc; - /* Only send urg data when normal data - * has just been sent. - * Linux has deep problems with more - * than one byte of OOB data. - */ - if (oob_queue) { - send_oob (f, oob_queue); - oob_queue = 0; - } - } - } - } -} - -static RETSIGTYPE -cleanup(int signo) -{ - char *p = clean_ttyname (line); - - if (rlogind_logout(p) == 0) - logwtmp(p, "", ""); - chmod(line, 0666); - chown(line, 0, 0); - *p = 'p'; - chmod(line, 0666); - chown(line, 0, 0); - shutdown(netf, 2); - signal(SIGHUP, SIG_IGN); -#ifdef HAVE_VHANGUP - vhangup(); -#endif /* HAVE_VHANGUP */ - exit(1); -} - -void -fatal(int f, const char *msg, int syserr) -{ - int len; - char buf[BUFSIZ], *bp = buf; - - /* - * Prepend binary one to message if we haven't sent - * the magic null as confirmation. - */ - if (!confirmed) - *bp++ = '\01'; /* error indicator */ - if (syserr) - snprintf(bp, sizeof(buf) - (bp - buf), - "rlogind: %s: %s.\r\n", - msg, strerror(errno)); - else - snprintf(bp, sizeof(buf) - (bp - buf), - "rlogind: %s.\r\n", msg); - len = strlen(bp); -#ifndef NOENCRYPTION - if (doencrypt) - des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); - else -#endif - write(f, buf, bp + len - buf); - exit(1); -} - -static void -xgetstr(char *buf, int cnt, char *errmsg) -{ - char c; - - do { - if (read(0, &c, 1) != 1) - exit(1); - if (--cnt < 0) - fatal(STDOUT_FILENO, errmsg, 0); - *buf++ = c; - } while (c != 0); -} - -static int -do_rlogin(struct sockaddr_in *dest) -{ - xgetstr(rusername, sizeof(rusername), "remuser too long"); - xgetstr(lusername, sizeof(lusername), "locuser too long"); - xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); - - pwd = k_getpwnam(lusername); - if (pwd == NULL) - return (-1); - if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) - { - syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); - return (-1); - } - return (iruserok(dest->sin_addr.s_addr, - (pwd->pw_uid == 0), - rusername, - lusername)); -} - -static void -setup_term(int fd) -{ - char *cp = strchr(term+ENVSIZE, '/'); - char *speed; - struct termios tt; - - tcgetattr(fd, &tt); - if (cp) { - int s; - - *cp++ = '\0'; - speed = cp; - cp = strchr(speed, '/'); - if (cp) - *cp++ = '\0'; - s = int2speed_t (atoi (speed)); - if (s > 0) { - cfsetospeed (&tt, s); - cfsetispeed (&tt, s); - } - } - - tt.c_iflag &= ~INPCK; - tt.c_iflag |= ICRNL|IXON; - tt.c_oflag |= OPOST|ONLCR; -#ifdef TAB3 - tt.c_oflag |= TAB3; -#endif /* TAB3 */ -#ifdef ONLRET - tt.c_oflag &= ~ONLRET; -#endif /* ONLRET */ - tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON); - tt.c_cflag &= ~PARENB; - tt.c_cflag |= CS8; - tt.c_cc[VMIN] = 1; - tt.c_cc[VTIME] = 0; - tt.c_cc[VEOF] = CEOF; - tcsetattr(fd, TCSAFLUSH, &tt); - - env[0] = term; - env[1] = 0; - environ = env; -} - -#define VERSION_SIZE 9 - -/* - * Do the remote kerberos login to the named host with the - * given inet address - * - * Return 0 on valid authorization - * Return -1 on valid authentication, no authorization - * Return >0 for error conditions - */ -static int -do_krb_login(struct sockaddr_in *dest) -{ - int rc; - char instance[INST_SZ], version[VERSION_SIZE]; - long authopts = 0L; /* !mutual */ - struct sockaddr_in faddr; - - kdata = (AUTH_DAT *) auth_buf; - ticket = (KTEXT) tick_buf; - - k_getsockinst(0, instance, sizeof(instance)); - - if (doencrypt) { - rc = sizeof(faddr); - if (getsockname(0, (struct sockaddr *)&faddr, &rc)) - return (-1); - authopts = KOPT_DO_MUTUAL; - rc = krb_recvauth( - authopts, 0, - ticket, "rcmd", - instance, dest, &faddr, - kdata, "", schedule, version); - des_set_key(&kdata->session, schedule); - - } else - rc = krb_recvauth( - authopts, 0, - ticket, "rcmd", - instance, dest, (struct sockaddr_in *) 0, - kdata, "", 0, version); - - if (rc != KSUCCESS) - return (rc); - - xgetstr(lusername, sizeof(lusername), "locuser"); - /* get the "cmd" in the rcmd protocol */ - xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type"); - - pwd = k_getpwnam(lusername); - if (pwd == NULL) - return (-1); - if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) - { - syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); - return (-1); - } - - /* returns nonzero for no access */ - if (kuserok(kdata, lusername) != 0) - return (-1); - - return (0); - -} - -static void -usage(void) -{ - syslog(LOG_ERR, - "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]"); - exit(1); -} diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c deleted file mode 100644 index a18f775..0000000 --- a/crypto/kerberosIV/appl/bsd/rsh.c +++ /dev/null @@ -1,384 +0,0 @@ -/*- - * Copyright (c) 1983, 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $"); - -CREDENTIALS cred; -Key_schedule schedule; -int use_kerberos = 1, doencrypt; -char dst_realm_buf[REALM_SZ], *dest_realm; - -/* - * rsh - remote shell - */ -int rfd2; - -static void -usage(void) -{ - fprintf(stderr, - "usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n"); - exit(1); -} - -static char * -copyargs(char **argv) -{ - int cc; - char **ap, *p; - char *args; - - cc = 0; - for (ap = argv; *ap; ++ap) - cc += strlen(*ap) + 1; - args = malloc(cc); - if (args == NULL) - errx(1, "Out of memory."); - for (p = args, ap = argv; *ap; ++ap) { - strcpy(p, *ap); - while(*p) - ++p; - if (ap[1]) - *p++ = ' '; - } - return(args); -} - -static RETSIGTYPE -sendsig(int signo_) -{ - char signo = signo_; -#ifndef NOENCRYPTION - if (doencrypt) - des_enc_write(rfd2, &signo, 1, schedule, &cred.session); - else -#endif - write(rfd2, &signo, 1); -} - -static void -talk(int nflag, sigset_t omask, int pid, int rem) -{ - int cc, wc; - char *bp; - fd_set readfrom, ready, rembits; - char buf[DES_RW_MAXWRITE]; - - if (pid == 0) { - if (nflag) - goto done; - - close(rfd2); - - reread: errno = 0; - if ((cc = read(0, buf, sizeof buf)) <= 0) - goto done; - bp = buf; - - rewrite: - FD_ZERO(&rembits); - if (rem >= FD_SETSIZE) - errx(1, "fd too large"); - FD_SET(rem, &rembits); - if (select(rem + 1, 0, &rembits, 0, 0) < 0) { - if (errno != EINTR) - err(1, "select"); - goto rewrite; - } - if (!FD_ISSET(rem, &rembits)) - goto rewrite; -#ifndef NOENCRYPTION - if (doencrypt) - wc = des_enc_write(rem, bp, cc, schedule, &cred.session); - else -#endif - wc = write(rem, bp, cc); - if (wc < 0) { - if (errno == EWOULDBLOCK) - goto rewrite; - goto done; - } - bp += wc; - cc -= wc; - if (cc == 0) - goto reread; - goto rewrite; - done: - shutdown(rem, 1); - exit(0); - } - - if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) - warn("sigprocmask"); - FD_ZERO(&readfrom); - if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE) - errx(1, "fd too large"); - FD_SET(rem, &readfrom); - FD_SET(rfd2, &readfrom); - do { - ready = readfrom; - if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) { - if (errno != EINTR) - err(1, "select"); - continue; - } - if (FD_ISSET(rfd2, &ready)) { - errno = 0; -#ifndef NOENCRYPTION - if (doencrypt) - cc = des_enc_read(rfd2, buf, sizeof buf, - schedule, &cred.session); - else -#endif - cc = read(rfd2, buf, sizeof buf); - if (cc <= 0) { - if (errno != EWOULDBLOCK) - FD_CLR(rfd2, &readfrom); - } else - write(2, buf, cc); - } - if (FD_ISSET(rem, &ready)) { - errno = 0; -#ifndef NOENCRYPTION - if (doencrypt) - cc = des_enc_read(rem, buf, sizeof buf, - schedule, &cred.session); - else -#endif - cc = read(rem, buf, sizeof buf); - if (cc <= 0) { - if (errno != EWOULDBLOCK) - FD_CLR(rem, &readfrom); - } else - write(1, buf, cc); - } - } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom)); -} - -int -main(int argc, char **argv) -{ - struct passwd *pw; - int sv_port, user_port = 0; - sigset_t omask; - int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid; - char *args, *host, *user, *local_user; - - argoff = dflag = nflag = nfork = 0; - one = 1; - host = user = NULL; - pid = 1; - - set_progname(argv[0]); - - /* handle "rsh host flags" */ - if (argc > 2 && argv[1][0] != '-') { - host = argv[1]; - argoff = 1; - } - -#define OPTIONS "+8KLde:k:l:np:wx" - while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1) - switch(ch) { - case 'K': - use_kerberos = 0; - break; - case 'L': /* -8Lew are ignored to allow rlogin aliases */ - case 'e': - case 'w': - case '8': - break; - case 'd': - dflag = 1; - break; - case 'l': - user = optarg; - break; - case 'k': - dest_realm = dst_realm_buf; - strlcpy(dest_realm, optarg, REALM_SZ); - break; - case 'n': - nflag = nfork = 1; - break; - case 'x': - doencrypt = 1; - break; - case 'p': { - char *endptr; - - user_port = strtol (optarg, &endptr, 0); - if (user_port == 0 && optarg == endptr) - errx (1, "Bad port `%s'", optarg); - user_port = htons(user_port); - break; - } - case '?': - default: - usage(); - } - optind += argoff; - - /* if haven't gotten a host yet, do so */ - if (!host && !(host = argv[optind++])) - usage(); - - /* if no further arguments, must have been called as rlogin. */ - if (!argv[optind]) { - *argv = "rlogin"; - paranoid_setuid (getuid ()); - execv(_PATH_RLOGIN, argv); - err(1, "can't exec %s", _PATH_RLOGIN); - } - -#ifndef __CYGWIN32__ - if (!(pw = k_getpwuid(uid = getuid()))) - errx(1, "unknown user id."); - local_user = pw->pw_name; - if (!user) - user = local_user; -#else - if (!user) - errx(1, "Sorry, you need to specify the username (with -l)"); - local_user = user; -#endif - - /* -n must still fork but does not turn of the -n functionality */ - if (doencrypt) - nfork = 0; - - args = copyargs(argv+optind); - - if (user_port) - sv_port = user_port; - else - sv_port = get_shell_port(use_kerberos, doencrypt); - - if (use_kerberos) { - paranoid_setuid(getuid()); - rem = KSUCCESS; - errno = 0; - if (dest_realm == NULL) - dest_realm = krb_realmofhost(host); - - if (doencrypt) - rem = krcmd_mutual(&host, sv_port, user, args, - &rfd2, dest_realm, &cred, schedule); - else - rem = krcmd(&host, sv_port, user, args, &rfd2, - dest_realm); - if (rem < 0) { - int i = 0; - char **newargv; - - if (errno == ECONNREFUSED) - warning("remote host doesn't support Kerberos"); - if (errno == ENOENT) - warning("can't provide Kerberos auth data"); - newargv = malloc((argc + 2) * sizeof(*newargv)); - if (newargv == NULL) - err(1, "malloc"); - newargv[i] = argv[i]; - ++i; - if (argv[i][0] != '-') { - newargv[i] = argv[i]; - ++i; - } - newargv[i++] = "-K"; - for(; i <= argc; ++i) - newargv[i] = argv[i - 1]; - newargv[argc + 1] = NULL; - execv(_PATH_RSH, newargv); - } - } else { - if (doencrypt) - errx(1, "the -x flag requires Kerberos authentication."); - if (geteuid() != 0) - errx(1, "not installed setuid root, " - "only root may use non kerberized rsh"); - rem = rcmd(&host, sv_port, local_user, user, args, &rfd2); - } - - if (rem < 0) - exit(1); - - if (rfd2 < 0) - errx(1, "can't establish stderr."); -#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) - if (dflag) { - if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, - sizeof(one)) < 0) - warn("setsockopt"); - if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one, - sizeof(one)) < 0) - warn("setsockopt"); - } -#endif - - paranoid_setuid(uid); - { - sigset_t sigmsk; - sigemptyset(&sigmsk); - sigaddset(&sigmsk, SIGINT); - sigaddset(&sigmsk, SIGQUIT); - sigaddset(&sigmsk, SIGTERM); - if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0) - warn("sigprocmask"); - } - if (signal(SIGINT, SIG_IGN) != SIG_IGN) - signal(SIGINT, sendsig); - if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) - signal(SIGQUIT, sendsig); - if (signal(SIGTERM, SIG_IGN) != SIG_IGN) - signal(SIGTERM, sendsig); - signal(SIGPIPE, SIG_IGN); - - if (!nfork) { - pid = fork(); - if (pid < 0) - err(1, "fork"); - } - - if (!doencrypt) { - ioctl(rfd2, FIONBIO, &one); - ioctl(rem, FIONBIO, &one); - } - - talk(nflag, omask, pid, rem); - - if (!nflag) - kill(pid, SIGKILL); - exit(0); -} diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c deleted file mode 100644 index 496fa88..0000000 --- a/crypto/kerberosIV/appl/bsd/rshd.c +++ /dev/null @@ -1,652 +0,0 @@ -/*- - * Copyright (c) 1988, 1989, 1992, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * remote shell server: - * [port]\0 - * remuser\0 - * locuser\0 - * command\0 - * data - */ - -#include "bsd_locl.h" - -RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $"); - -extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ -extern int __check_rhosts_file; - -static int keepalive = 1; -static int log_success; /* If TRUE, log all successful accesses */ -static int new_pag = 1; /* Put process in new PAG by default */ -static int no_inetd = 0; -static int sent_null; - -static void doit (struct sockaddr_in *); -static void error (const char *, ...) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; -static void usage (void); - -#define VERSION_SIZE 9 -#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" -#define OPTIONS "alnkvxLp:Pi" -AUTH_DAT authbuf; -KTEXT_ST tickbuf; -int doencrypt, use_kerberos, vacuous; -Key_schedule schedule; - -int -main(int argc, char *argv[]) -{ - struct linger linger; - int ch, on = 1, fromlen; - struct sockaddr_in from; - int portnum = 0; - - set_progname(argv[0]); - - openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); - - opterr = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != -1) - switch (ch) { - case 'a': - break; - case 'l': - __check_rhosts_file = 0; - break; - case 'n': - keepalive = 0; - break; - case 'k': - use_kerberos = 1; - break; - - case 'v': - vacuous = 1; - break; - - case 'x': - doencrypt = 1; - break; - case 'L': - log_success = 1; - break; - case 'p': - portnum = htons(atoi(optarg)); - break; - case 'P': - new_pag = 0; - break; - case 'i': - no_inetd = 1; - break; - case '?': - default: - usage(); - break; - } - - argc -= optind; - argv += optind; - - if (use_kerberos && vacuous) { - syslog(LOG_ERR, "only one of -k and -v allowed"); - exit(2); - } - if (doencrypt && !use_kerberos) { - syslog(LOG_ERR, "-k is required for -x"); - exit(2); - } - - if (no_inetd) { - if(portnum == 0) - portnum = get_shell_port (use_kerberos, doencrypt); - mini_inetd (portnum); - } - - fromlen = sizeof (from); - if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { - syslog(LOG_ERR, "getpeername: %m"); - _exit(1); - } -#ifdef HAVE_SETSOCKOPT -#ifdef SO_KEEPALIVE - if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, - sizeof(on)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); -#endif -#ifdef SO_LINGER - linger.l_onoff = 1; - linger.l_linger = 60; /* XXX */ - if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger, - sizeof (linger)) < 0) - syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); -#endif -#endif /* HAVE_SETSOCKOPT */ - doit(&from); - /* NOTREACHED */ - return 0; -} - -char username[20] = "USER="; -char homedir[64] = "HOME="; -char shell[64] = "SHELL="; -char path[100] = "PATH="; -char *envinit[] = -{homedir, shell, path, username, 0}; - -static void -xgetstr(char *buf, int cnt, char *err) -{ - char c; - - do { - if (read(STDIN_FILENO, &c, 1) != 1) - exit(1); - *buf++ = c; - if (--cnt == 0) { - error("%s too long\n", err); - exit(1); - } - } while (c != 0); -} - -static void -doit(struct sockaddr_in *fromp) -{ - struct passwd *pwd; - u_short port; - fd_set ready, readfrom; - int cc, nfd, pv[2], pid, s; - int one = 1; - const char *errorhost = ""; - char *errorstr; - char *cp, sig, buf[DES_RW_MAXWRITE]; - char cmdbuf[NCARGS+1], locuser[16], remuser[16]; - char remotehost[2 * MaxHostNameLen + 1]; - uid_t uid; - char shell_path[MAXPATHLEN]; - - AUTH_DAT *kdata; - KTEXT ticket; - char instance[INST_SZ], version[VERSION_SIZE]; - struct sockaddr_in fromaddr; - int rc; - long authopts; - int pv1[2], pv2[2]; - fd_set wready, writeto; - - fromaddr = *fromp; - - signal(SIGINT, SIG_DFL); - signal(SIGQUIT, SIG_DFL); - signal(SIGTERM, SIG_DFL); -#ifdef DEBUG - { int t = open(_PATH_TTY, 2); - if (t >= 0) { - ioctl(t, TIOCNOTTY, (char *)0); - close(t); - } - } -#endif - fromp->sin_port = ntohs((u_short)fromp->sin_port); - if (fromp->sin_family != AF_INET) { - syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", - fromp->sin_family); - exit(1); - } - - - if (!use_kerberos) { - ip_options_and_die (0, fromp); - if (fromp->sin_port >= IPPORT_RESERVED || - fromp->sin_port < IPPORT_RESERVED/2) { - syslog(LOG_NOTICE|LOG_AUTH, - "Connection from %s on illegal port %u", - inet_ntoa(fromp->sin_addr), - fromp->sin_port); - exit(1); - } - } - - alarm(60); - port = 0; - for (;;) { - char c; - if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { - if (cc < 0) - syslog(LOG_NOTICE, "read: %m"); - shutdown(0, 1+1); - exit(1); - } - if (c== 0) - break; - port = port * 10 + c - '0'; - } - - alarm(0); - if (port != 0) { - int lport = IPPORT_RESERVED - 1; - s = rresvport(&lport); - if (s < 0) { - syslog(LOG_ERR, "can't get stderr port: %m"); - exit(1); - } - if (!use_kerberos) - if (port >= IPPORT_RESERVED) { - syslog(LOG_ERR, "2nd port not reserved\n"); - exit(1); - } - fromp->sin_port = htons(port); - if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) { - syslog(LOG_INFO, "connect second port %d: %m", port); - exit(1); - } - } - - if (vacuous) { - error("rshd: Remote host requires Kerberos authentication.\n"); - exit(1); - } - - errorstr = NULL; - inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost)); - - if (use_kerberos) { - kdata = &authbuf; - ticket = &tickbuf; - authopts = 0L; - k_getsockinst(0, instance, sizeof(instance)); - version[VERSION_SIZE - 1] = '\0'; - if (doencrypt) { - struct sockaddr_in local_addr; - rc = sizeof(local_addr); - if (getsockname(0, (struct sockaddr *)&local_addr, - &rc) < 0) { - syslog(LOG_ERR, "getsockname: %m"); - error("rshd: getsockname: %m"); - exit(1); - } - authopts = KOPT_DO_MUTUAL; - rc = krb_recvauth(authopts, 0, ticket, - "rcmd", instance, &fromaddr, - &local_addr, kdata, "", schedule, - version); -#ifndef NOENCRYPTION - des_set_key(&kdata->session, schedule); -#else - memset(schedule, 0, sizeof(schedule)); -#endif - } else - rc = krb_recvauth(authopts, 0, ticket, "rcmd", - instance, &fromaddr, - (struct sockaddr_in *) 0, - kdata, "", 0, version); - if (rc != KSUCCESS) { - error("Kerberos authentication failure: %s\n", - krb_get_err_text(rc)); - exit(1); - } - } else - xgetstr(remuser, sizeof(remuser), "remuser"); - - xgetstr(locuser, sizeof(locuser), "locuser"); - xgetstr(cmdbuf, sizeof(cmdbuf), "command"); - setpwent(); - pwd = k_getpwnam(locuser); - if (pwd == NULL) { - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: unknown login. cmd='%.80s'", - remuser, remotehost, locuser, cmdbuf); - if (errorstr == NULL) - errorstr = "Login incorrect.\n"; - goto fail; - } - if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0) - { - syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser); - if (errorstr == NULL) - errorstr = "Login incorrect.\n"; - goto fail; - } - if (chdir(pwd->pw_dir) < 0) { - chdir("/"); -#ifdef notdef - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: no home directory. cmd='%.80s'", - remuser, remotehost, locuser, cmdbuf); - error("No remote directory.\n"); - exit(1); -#endif - } - - if (use_kerberos) { - if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { - if (kuserok(kdata, locuser) != 0) { - syslog(LOG_INFO|LOG_AUTH, - "Kerberos rsh denied to %s", - krb_unparse_name_long(kdata->pname, - kdata->pinst, - kdata->prealm)); - error("Permission denied.\n"); - exit(1); - } - } - } else - - if (errorstr || - (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && - iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, - remuser, locuser) < 0)) { - if (__rcmd_errstr) - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied (%s). cmd='%.80s'", - remuser, remotehost, locuser, - __rcmd_errstr, cmdbuf); - else - syslog(LOG_INFO|LOG_AUTH, - "%s@%s as %s: permission denied. cmd='%.80s'", - remuser, remotehost, locuser, cmdbuf); - fail: - if (errorstr == NULL) - errorstr = "Permission denied.\n"; - error(errorstr, errorhost); - exit(1); - } - - if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { - error("Logins currently disabled.\n"); - exit(1); - } - - write(STDERR_FILENO, "\0", 1); - sent_null = 1; - - if (port) { - if (pipe(pv) < 0) { - error("Can't make pipe.\n"); - exit(1); - } - if (doencrypt) { - if (pipe(pv1) < 0) { - error("Can't make 2nd pipe.\n"); - exit(1); - } - if (pipe(pv2) < 0) { - error("Can't make 3rd pipe.\n"); - exit(1); - } - } - pid = fork(); - if (pid == -1) { - error("Can't fork; try again.\n"); - exit(1); - } - if (pid) { - if (doencrypt) { - static char msg[] = SECURE_MESSAGE; - close(pv1[1]); - close(pv2[0]); -#ifndef NOENCRYPTION - des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); -#else - write(s, msg, sizeof(msg) - 1); -#endif - } else { - close(0); - close(1); - } - close(2); - close(pv[1]); - - if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) { - error ("fd too large\n"); - exit (1); - } - - FD_ZERO(&readfrom); - FD_SET(s, &readfrom); - FD_SET(pv[0], &readfrom); - if (pv[0] > s) - nfd = pv[0]; - else - nfd = s; - if (doencrypt) { - if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) { - error ("fd too large\n"); - exit (1); - } - - FD_ZERO(&writeto); - FD_SET(pv2[1], &writeto); - FD_SET(pv1[0], &readfrom); - FD_SET(STDIN_FILENO, &readfrom); - - nfd = max(nfd, pv2[1]); - nfd = max(nfd, pv1[0]); - } else - ioctl(pv[0], FIONBIO, (char *)&one); - - /* should set s nbio! */ - nfd++; - do { - ready = readfrom; - if (doencrypt) { - wready = writeto; - if (select(nfd, &ready, - &wready, 0, - (struct timeval *) 0) < 0) - break; - } else - if (select(nfd, &ready, 0, - 0, (struct timeval *)0) < 0) - break; - if (FD_ISSET(s, &ready)) { - int ret; - if (doencrypt) -#ifndef NOENCRYPTION - ret = des_enc_read(s, &sig, 1, schedule, &kdata->session); -#else - ret = read(s, &sig, 1); -#endif - else - ret = read(s, &sig, 1); - if (ret <= 0) - FD_CLR(s, &readfrom); - else - kill(-pid, sig); - } - if (FD_ISSET(pv[0], &ready)) { - errno = 0; - cc = read(pv[0], buf, sizeof(buf)); - if (cc <= 0) { - shutdown(s, 1+1); - FD_CLR(pv[0], &readfrom); - } else { - if (doencrypt) -#ifndef NOENCRYPTION - des_enc_write(s, buf, cc, schedule, &kdata->session); -#else - write(s, buf, cc); -#endif - else - (void) - write(s, buf, cc); - } - } - if (doencrypt && FD_ISSET(pv1[0], &ready)) { - errno = 0; - cc = read(pv1[0], buf, sizeof(buf)); - if (cc <= 0) { - shutdown(pv1[0], 1+1); - FD_CLR(pv1[0], &readfrom); - } else -#ifndef NOENCRYPTION - des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); -#else - write(STDOUT_FILENO, buf, cc); -#endif - } - - if (doencrypt - && FD_ISSET(STDIN_FILENO, &ready) - && FD_ISSET(pv2[1], &wready)) { - errno = 0; -#ifndef NOENCRYPTION - cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); -#else - cc = read(STDIN_FILENO, buf, sizeof(buf)); -#endif - if (cc <= 0) { - shutdown(STDIN_FILENO, 0); - FD_CLR(STDIN_FILENO, &readfrom); - close(pv2[1]); - FD_CLR(pv2[1], &writeto); - } else - write(pv2[1], buf, cc); - } - - } while (FD_ISSET(s, &readfrom) || - (doencrypt && FD_ISSET(pv1[0], &readfrom)) || - FD_ISSET(pv[0], &readfrom)); - exit(0); - } - setsid(); - close(s); - close(pv[0]); - if (doencrypt) { - close(pv1[0]); - close(pv2[1]); - dup2(pv1[1], 1); - dup2(pv2[0], 0); - close(pv1[1]); - close(pv2[0]); - } - dup2(pv[1], 2); - close(pv[1]); - } - if (*pwd->pw_shell == '\0') - pwd->pw_shell = _PATH_BSHELL; -#ifdef HAVE_SETLOGIN - if (setlogin(pwd->pw_name) < 0) - syslog(LOG_ERR, "setlogin() failed: %m"); -#endif - -#ifdef HAVE_SETPCRED - if (setpcred (pwd->pw_name, NULL) == -1) - syslog(LOG_ERR, "setpcred() failure: %m"); -#endif /* HAVE_SETPCRED */ - if(do_osfc2_magic(pwd->pw_uid)) - exit(1); - setgid((gid_t)pwd->pw_gid); - initgroups(pwd->pw_name, pwd->pw_gid); - setuid((uid_t)pwd->pw_uid); - strlcat(homedir, pwd->pw_dir, sizeof(homedir)); - - /* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */ - snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH); - - strlcat(shell, pwd->pw_shell, sizeof(shell)); - strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path)); - strlcat(username, pwd->pw_name, sizeof(username)); - uid = pwd->pw_uid; - cp = strrchr(pwd->pw_shell, '/'); - if (cp) - cp++; - else - cp = pwd->pw_shell; - endpwent(); - if (log_success || uid == 0) { - if (use_kerberos) - syslog(LOG_INFO|LOG_AUTH, - "Kerberos shell from %s on %s as %s, cmd='%.80s'", - krb_unparse_name_long(kdata->pname, - kdata->pinst, - kdata->prealm), - remotehost, locuser, cmdbuf); - else - syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", - remuser, remotehost, locuser, cmdbuf); - } - if (k_hasafs()) { - char cell[64]; - - if (new_pag) - k_setpag(); /* Put users process in an new pag */ - if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0) - krb_afslog_uid_home (cell, NULL, uid, homedir); - krb_afslog_uid_home(NULL, NULL, uid, homedir); - } - execle(shell_path, cp, "-c", cmdbuf, 0, envinit); - err(1, "%s", shell_path); -} - -/* - * Report error to client. Note: can't be used until second socket has - * connected to client, or older clients will hang waiting for that - * connection first. - */ - -static void -error(const char *fmt, ...) -{ - va_list ap; - int len; - char *bp, buf[BUFSIZ]; - - va_start(ap, fmt); - bp = buf; - if (sent_null == 0) { - *bp++ = 1; - len = 1; - } else - len = 0; - len += vsnprintf(bp, sizeof(buf) - len, fmt, ap); - write(STDERR_FILENO, buf, len); - va_end(ap); -} - -static void -usage() -{ - - syslog(LOG_ERR, - "usage: rshd [-alnkvxLPi] [-p port]"); - exit(2); -} diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c deleted file mode 100644 index 0135823..0000000 --- a/crypto/kerberosIV/appl/bsd/stty_default.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: stty_default.c,v 1.7 1999/12/02 16:58:28 joda Exp $"); - -#include <termios.h> - -/* HP-UX 9.0 termios doesn't define these */ -#ifndef FLUSHO -#define FLUSHO 0 -#endif - -#ifndef XTABS -#define XTABS 0 -#endif - -#ifndef OXTABS -#define OXTABS XTABS -#endif - -/* Ultrix... */ -#ifndef ECHOPRT -#define ECHOPRT 0 -#endif - -#ifndef ECHOCTL -#define ECHOCTL 0 -#endif - -#ifndef ECHOKE -#define ECHOKE 0 -#endif - -#ifndef IMAXBEL -#define IMAXBEL 0 -#endif - -#define Ctl(x) ((x) ^ 0100) - -void -stty_default(void) -{ - struct termios termios; - - /* - * Finalize the terminal settings. Some systems default to 8 bits, - * others to 7, so we should leave that alone. - */ - tcgetattr(0, &termios); - - termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL); - termios.c_iflag &= ~IXANY; - - termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE); - termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO); - - termios.c_oflag |= (OPOST|ONLCR); - termios.c_oflag &= ~OXTABS; - - termios.c_cc[VINTR] = Ctl('C'); - termios.c_cc[VERASE] = Ctl('H'); - termios.c_cc[VKILL] = Ctl('U'); - termios.c_cc[VEOF] = Ctl('D'); - - termios.c_cc[VSUSP] = Ctl('Z'); - - tcsetattr(0, TCSANOW, &termios); -} diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c deleted file mode 100644 index 7fc63ee..0000000 --- a/crypto/kerberosIV/appl/bsd/su.c +++ /dev/null @@ -1,504 +0,0 @@ -/* - * Copyright (c) 1988 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $"); - -#ifdef SYSV_SHADOW -#include "sysv_shadow.h" -#endif - -static int kerberos (char *username, char *user, char *realm, int uid); -static int chshell (char *sh); -static char *ontty (void); -static int koktologin (char *name, char *realm, char *toname); -static int chshell (char *sh); - -/* Handle '-' option after all the getopt options */ -#define ARGSTR "Kkflmti:r:" - -int destroy_tickets = 0; -static int use_kerberos = 1; -static char *root_inst = "root"; - -int -main (int argc, char **argv) -{ - struct passwd *pwd; - char *p, **g; - struct group *gr; - uid_t ruid; - int asme, ch, asthem, fastlogin, prio; - enum { UNSET, YES, NO } iscsh = UNSET; - char *user, *shell, *avshell, *username, **np; - char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; - char *realm = NULL; - - set_progname (argv[0]); - - if (getuid() == 0) - use_kerberos = 0; - - asme = asthem = fastlogin = 0; - while ((ch = getopt (argc, argv, ARGSTR)) != -1) - switch ((char) ch) { - case 'K': - use_kerberos = 0; - break; - case 'k': - use_kerberos = 1; - break; - case 'f': - fastlogin = 1; - break; - case 'l': - asme = 0; - asthem = 1; - break; - case 'm': - asme = 1; - asthem = 0; - break; - case 't': - destroy_tickets = 1; - break; - case 'i': - root_inst = optarg; - break; - case 'r': - realm = optarg; - break; - case '?': - default: - fprintf (stderr, - "usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n"); - exit (1); - } - /* Don't handle '-' option with getopt */ - if (optind < argc && strcmp (argv[optind], "-") == 0) { - asme = 0; - asthem = 1; - optind++; - } - argv += optind; - - if (use_kerberos) { - int fd = open (KEYFILE, O_RDONLY); - - if (fd >= 0) - close (fd); - else - use_kerberos = 0; - } - errno = 0; - prio = getpriority (PRIO_PROCESS, 0); - if (errno) - prio = 0; - setpriority (PRIO_PROCESS, 0, -2); - openlog ("su", LOG_CONS, LOG_AUTH); - - /* get current login name and shell */ - ruid = getuid (); - username = getlogin (); - if (username == NULL || (pwd = k_getpwnam (username)) == NULL || - pwd->pw_uid != ruid) - pwd = k_getpwuid (ruid); - if (pwd == NULL) - errx (1, "who are you?"); - username = strdup (pwd->pw_name); - if (username == NULL) - errx (1, "strdup: out of memory"); - if (asme) { - if (pwd->pw_shell && *pwd->pw_shell) { - strlcpy (shellbuf, pwd->pw_shell, sizeof(shellbuf)); - shell = shellbuf; - } else { - shell = _PATH_BSHELL; - iscsh = NO; - } - } - - /* get target login information, default to root */ - user = *argv ? *argv : "root"; - np = *argv ? argv : argv - 1; - - pwd = k_getpwnam (user); - if (pwd == NULL) - errx (1, "unknown login %s", user); - if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) { - syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); - errx (1, "unknown login %s", user); - } - if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) { -#ifndef PASSWD_FALLBACK - errx (1, "won't use /etc/passwd authentication"); -#endif - /* getpwnam() is not reentrant and kerberos might use it! */ - pwd = k_getpwnam (user); - if (pwd == NULL) - errx (1, "unknown login %s", user); - /* only allow those in group zero to su to root. */ - if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0))) - for (g = gr->gr_mem;; ++g) { - if (!*g) { -#if 1 - /* if group 0 is empty or only - contains root su is still ok. */ - if (gr->gr_mem[0] == 0) - break; /* group 0 is empty */ - if (gr->gr_mem[1] == 0 && - strcmp (gr->gr_mem[0], "root") == 0) - break; /* only root in group 0 */ -#endif - errx (1, "you are not in the correct group to su %s.", - user); - } - if (!strcmp (username, *g)) - break; - } - /* if target requires a password, verify it */ - if (ruid && *pwd->pw_passwd) { - char prompt[128]; - char passwd[256]; - - snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name); - if (des_read_pw_string (passwd, sizeof (passwd), - prompt, 0)) { - memset (passwd, 0, sizeof (passwd)); - exit (1); - } - if (strcmp (pwd->pw_passwd, - crypt (passwd, pwd->pw_passwd))) { - memset (passwd, 0, sizeof (passwd)); - syslog (LOG_AUTH | LOG_WARNING, - "BAD SU %s to %s%s", username, - user, ontty ()); - errx (1, "Sorry"); - } - memset (passwd, 0, sizeof (passwd)); - } - } - if (asme) { - /* if asme and non-standard target shell, must be root */ - if (!chshell (pwd->pw_shell) && ruid) - errx (1, "permission denied (shell '%s' not in /etc/shells).", - pwd->pw_shell); - } else if (pwd->pw_shell && *pwd->pw_shell) { - shell = pwd->pw_shell; - iscsh = UNSET; - } else { - shell = _PATH_BSHELL; - iscsh = NO; - } - - if ((p = strrchr (shell, '/')) != 0) - avshell = p + 1; - else - avshell = shell; - - /* if we're forking a csh, we want to slightly muck the args */ - if (iscsh == UNSET) - iscsh = strcmp (avshell, "csh") ? NO : YES; - - /* set permissions */ - - if (setgid (pwd->pw_gid) < 0) - err (1, "setgid"); - if (initgroups (user, pwd->pw_gid)) { - if (errno == E2BIG) /* Member of too many groups! */ - warn("initgroups failed."); - else - errx(1, "initgroups failed."); - } - - if (setuid (pwd->pw_uid) < 0) - err (1, "setuid"); - - if (pwd->pw_uid != 0 && setuid(0) != -1) { - syslog(LOG_ALERT | LOG_AUTH, - "Failed to drop privileges for user %s", pwd->pw_name); - errx(1, "Sorry"); - } - - if (!asme) { - if (asthem) { - char *k = getenv ("KRBTKFILE"); - char *t = getenv ("TERM"); - - environ = malloc (10 * sizeof (char *)); - if (environ == NULL) - err (1, "malloc"); - environ[0] = NULL; - setenv ("PATH", _PATH_DEFPATH, 1); - if (t) - setenv ("TERM", t, 1); - if (k) - setenv ("KRBTKFILE", k, 1); - if (chdir (pwd->pw_dir) < 0) - errx (1, "no directory"); - } - if (asthem || pwd->pw_uid) - setenv ("USER", pwd->pw_name, 1); - setenv ("HOME", pwd->pw_dir, 1); - setenv ("SHELL", shell, 1); - } - if (iscsh == YES) { - if (fastlogin) - *np-- = "-f"; - if (asme) - *np-- = "-m"; - } - if (asthem) { - snprintf (avshellbuf, sizeof(avshellbuf), - "-%s", avshell); - avshell = avshellbuf; - } else if (iscsh == YES) { - /* csh strips the first character... */ - snprintf (avshellbuf, sizeof(avshellbuf), - "_%s", avshell); - avshell = avshellbuf; - } - *np = avshell; - - if (ruid != 0) - syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s", - username, user, ontty ()); - - setpriority (PRIO_PROCESS, 0, prio); - - if (k_hasafs ()) { - int code; - - if (k_setpag () != 0) - warn ("setpag"); - code = krb_afslog (0, 0); - if (code != KSUCCESS && code != KDC_PR_UNKNOWN) - warnx ("afsklog: %s", krb_get_err_text (code)); - } - if (destroy_tickets) - dest_tkt (); - execv (shell, np); - warn ("execv(%s)", shell); - if (getuid () == 0) { - execv (_PATH_BSHELL, np); - warn ("execv(%s)", _PATH_BSHELL); - } - exit (1); -} - -static int -chshell (char *sh) -{ - char *cp; - - while ((cp = getusershell ()) != NULL) - if (!strcmp (cp, sh)) - return (1); - return (0); -} - -static char * -ontty (void) -{ - char *p; - static char buf[MaxPathLen + 4]; - - buf[0] = 0; - if ((p = ttyname (STDERR_FILENO)) != 0) - snprintf (buf, sizeof(buf), " on %s", p); - return (buf); -} - -static int -kerberos (char *username, char *user, char *lrealm, int uid) -{ - KTEXT_ST ticket; - AUTH_DAT authdata; - struct hostent *hp; - int kerno; - u_long faddr; - char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen]; - char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; - int n; - int allowed = 0; - - if (lrealm != NULL) { - allowed = koktologin (username, lrealm, user) == 0; - } else { - for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) - allowed = koktologin (username, tmp_realm, user) == 0; - lrealm = tmp_realm; - } - if (!allowed && !uid) { -#ifndef PASSWD_FALLBACK - warnx ("not in %s's ACL.", user); -#endif - return (1); - } - snprintf (krbtkfile, sizeof(krbtkfile), - "%s_%s_to_%s_%u", TKT_ROOT, username, user, - (unsigned) getpid ()); - - setenv ("KRBTKFILE", krbtkfile, 1); - krb_set_tkt_string (krbtkfile); - /* - * Set real as well as effective ID to 0 for the moment, - * to make the kerberos library do the right thing. - */ - if (setuid(0) < 0) { - warn("setuid"); - return (1); - } - - /* - * Little trick here -- if we are su'ing to root, we need to get a ticket - * for "xxx.root", where xxx represents the name of the person su'ing. - * Otherwise (non-root case), we need to get a ticket for "yyy.", where - * yyy represents the name of the person being su'd to, and the instance - * is null - * - * We should have a way to set the ticket lifetime, with a system default - * for root. - */ - { - char prompt[128]; - char passw[256]; - - snprintf (prompt, sizeof(prompt), - "%s's Password: ", - krb_unparse_name_long ((uid == 0 ? username : user), - (uid == 0 ? root_inst : ""), - lrealm)); - if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) { - memset (passw, 0, sizeof (passw)); - return (1); - } - if (strlen(passw) == 0) - return (1); /* Empty passwords is not allowed */ - kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user), - (uid == 0 ? root_inst : ""), lrealm, - KRB_TICKET_GRANTING_TICKET, - lrealm, - DEFAULT_TKT_LIFE, - passw); - memset (passw, 0, strlen (passw)); - } - - if (kerno != KSUCCESS) { - if (kerno == KDC_PR_UNKNOWN) { - warnx ("principal unknown: %s", - krb_unparse_name_long ((uid == 0 ? username : user), - (uid == 0 ? root_inst : ""), - lrealm)); - return (1); - } - warnx ("unable to su: %s", krb_get_err_text (kerno)); - syslog (LOG_NOTICE | LOG_AUTH, - "BAD SU: %s to %s%s: %s", - username, user, ontty (), krb_get_err_text (kerno)); - return (1); - } - if (chown (krbtkfile, uid, -1) < 0) { - warn ("chown"); - unlink (krbtkfile); - return (1); - } - setpriority (PRIO_PROCESS, 0, -2); - - if (gethostname (hostname, sizeof (hostname)) == -1) { - warn ("gethostname"); - dest_tkt (); - return (1); - } - strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost)); - - for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) { - kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33); - if (kerno == 0) - break; - } - - if (kerno == KDC_PR_UNKNOWN) { - warnx ("Warning: TGT not verified."); - syslog (LOG_NOTICE | LOG_AUTH, - "%s to %s%s, TGT not verified (%s); " - "%s.%s not registered?", - username, user, ontty (), krb_get_err_text (kerno), - "rcmd", savehost); -#ifdef KLOGIN_PARANOID - /* - * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, * - * don't allow kerberos login, also log the error condition. - */ - warnx ("Trying local password!"); - return (1); -#endif - } else if (kerno != KSUCCESS) { - warnx ("Unable to use TGT: %s", krb_get_err_text (kerno)); - syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s", - username, user, ontty (), krb_get_err_text (kerno)); - dest_tkt (); - return (1); - } else { - if (!(hp = gethostbyname (hostname))) { - warnx ("can't get addr of %s", hostname); - dest_tkt (); - return (1); - } - memcpy (&faddr, hp->h_addr, sizeof (faddr)); - - if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr, - &authdata, "")) != KSUCCESS) { - warnx ("unable to verify rcmd ticket: %s", - krb_get_err_text (kerno)); - syslog (LOG_NOTICE | LOG_AUTH, - "failed su: %s to %s%s: %s", username, - user, ontty (), krb_get_err_text (kerno)); - dest_tkt (); - return (1); - } - } - if (!destroy_tickets) - fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n"); - return (0); -} - -static int -koktologin (char *name, char *realm, char *toname) -{ - return krb_kuserok (name, - strcmp (toname, "root") == 0 ? root_inst : "", - realm, - toname); -} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c deleted file mode 100644 index e6b28a7..0000000 --- a/crypto/kerberosIV/appl/bsd/sysv_default.c +++ /dev/null @@ -1,95 +0,0 @@ -/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ - -#include "bsd_locl.h" - -RCSID("$Id: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $"); - -#include "sysv_default.h" - - /* - * Default values for stuff that can be read from the defaults file. The - * SunOS 5.1 documentation is incomplete and often disagrees with reality. - */ - -static char default_umask_value[] = "022"; - -char *default_console = 0; -char *default_altsh = "YES"; -char *default_passreq = "NO"; -char *default_timezone= 0; -char *default_hz = 0; -char *default_path = _PATH_DEFPATH; -char *default_supath = _PATH_DEFSUPATH; -char *default_ulimit = 0; -char *default_timeout = "180"; -char *default_umask = default_umask_value; -char *default_sleep = "4"; -char *default_maxtrys = "5"; - -static struct sysv_default { - char **valptr; - char *prefix; - int prefix_len; -} defaults[] = { - {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1}, - {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1}, - {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1}, - {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1}, - {&default_hz, "HZ=", sizeof("HZ=") -1}, - {&default_path, "PATH=", sizeof("PATH=") -1}, - {&default_supath, "SUPATH=", sizeof("SUPATH=") -1}, - {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1}, - {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1}, - {&default_umask, "UMASK=", sizeof("UMASK=") -1}, - {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1}, - {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1}, - {0}, -}; - -#define trim(s) { \ - char *cp = s + strlen(s); \ - while (cp > s && isspace((unsigned char)cp[-1])) \ - cp--; \ - *cp = 0; \ -} - -/* sysv_defaults - read login defaults file */ - -void -sysv_defaults() -{ - struct sysv_default *dp; - FILE *fp; - char buf[BUFSIZ]; - - if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) { - - /* Stupid quadratic algorithm. */ - - while (fgets(buf, sizeof(buf), fp)) { - - /* Skip comments and blank lines. */ - - if (buf[0] == '#') - continue; - trim(buf); - if (buf[0] == 0) - continue; - - /* Assign defaults from file. */ - -#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) - - for (dp = defaults; dp->valptr; dp++) { - if (STREQN(buf, dp->prefix, dp->prefix_len)) { - if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) { - warnx("Insufficient memory resources - try later."); - sleepexit(1); - } - break; - } - } - } - fclose(fp); - } -} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h deleted file mode 100644 index 0056059..0000000 --- a/crypto/kerberosIV/appl/bsd/sysv_default.h +++ /dev/null @@ -1,18 +0,0 @@ -/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ - -/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */ - -extern char *default_console; -extern char *default_altsh; -extern char *default_passreq; -extern char *default_timezone; -extern char *default_hz; -extern char *default_path; -extern char *default_supath; -extern char *default_ulimit; -extern char *default_timeout; -extern char *default_umask; -extern char *default_sleep; -extern char *default_maxtrys; - -void sysv_defaults(void); diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c deleted file mode 100644 index 3df800e..0000000 --- a/crypto/kerberosIV/appl/bsd/sysv_environ.c +++ /dev/null @@ -1,193 +0,0 @@ -/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ - -#include "bsd_locl.h" - -RCSID("$Id: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $"); - -#ifdef HAVE_ULIMIT_H -#include <ulimit.h> -#endif - -#ifndef UL_SETFSIZE -#define UL_SETFSIZE 2 -#endif - -#include "sysv_default.h" - -/* - * Set - */ - -static void -read_etc_environment (void) -{ - FILE *f; - char buf[BUFSIZ]; - - f = fopen(_PATH_ETC_ENVIRONMENT, "r"); - if (f) { - char *val; - - while (fgets (buf, sizeof(buf), f) != NULL) { - if (buf[0] == '\n' || buf[0] == '#') - continue; - buf[strlen(buf) - 1] = '\0'; - val = strchr (buf, '='); - if (val == NULL) - continue; - *val = '\0'; - setenv(buf, val + 1, 1); - } - fclose (f); - } -} - - /* - * Environment variables that are preserved (but may still be overruled by - * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are - * typically inherited from the ttymon process. - */ - -static struct preserved { - char *name; - char *value; -} preserved[] = { - {"TZ", 0}, - {"TERM", 0}, - {0}, -}; - - /* - * Environment variables that are not preserved and that cannot be specified - * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff, - * the list applies to most SYSV systems. The manpage mentions only that - * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always - * overwritten; they are in the list to make the censoring explicit. - */ - -static struct censored { - char *prefix; - int length; -} censored[] = { - {"SHELL=", sizeof("SHELL=") - 1}, - {"HOME=", sizeof("HOME=") - 1}, - {"LOGNAME=", sizeof("LOGNAME=") - 1}, - {"MAIL=", sizeof("MAIL=") - 1}, - {"CDPATH=", sizeof("CDPATH=") - 1}, - {"IFS=", sizeof("IFS=") - 1}, - {"PATH=", sizeof("PATH=") - 1}, - {"LD_", sizeof("LD_") - 1}, - {0}, -}; - -/* sysv_newenv - set up final environment after logging in */ - -void sysv_newenv(int argc, char **argv, struct passwd *pwd, - char *term, int pflag) -{ - unsigned umask_val; - char buf[BUFSIZ]; - int count = 0; - struct censored *cp; - struct preserved *pp; - - /* Preserve a selection of the environment. */ - - for (pp = preserved; pp->name; pp++) - pp->value = getenv(pp->name); - - /* - * Note: it is a bad idea to assign a static array to the global environ - * variable. Reason is that putenv() can run into problems when it tries - * to realloc() the environment table. Instead, we just clear environ[0] - * and let putenv() work things out. - */ - - if (!pflag && environ) - environ[0] = 0; - - /* Restore preserved environment variables. */ - - for (pp = preserved; pp->name; pp++) - if (pp->value) - setenv(pp->name, pp->value, 1); - - /* The TERM definition from e.g. rlogind can override an existing one. */ - - if (term[0]) - setenv("TERM", term, 1); - - /* - * Environment definitions from the command line overrule existing ones, - * but can be overruled by definitions from stdin. Some variables are - * censored. - * - * Omission: we do not support environment definitions from stdin. - */ - -#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) - - while (argc && *argv) { - if (strchr(*argv, '=') == 0) { - snprintf(buf, sizeof(buf), "L%d", count++); - setenv(buf, *argv, 1); - } else { - for (cp = censored; cp->prefix; cp++) - if (STREQN(*argv, cp->prefix, cp->length)) - break; - if (cp->prefix == 0) - putenv(*argv); - } - argc--, argv++; - } - - /* PATH is always reset. */ - - setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); - - /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ - - setenv("HOME", pwd->pw_dir, 1); - { - char *sep = "/"; - if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') - sep = ""; - roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); - } - setenv("MAIL", buf, 1); - setenv("LOGNAME", pwd->pw_name, 1); - setenv("USER", pwd->pw_name, 1); - - /* - * Variables that may be set according to specifications in the defaults - * file. HZ and TZ are set only if they are still uninitialized. - * - * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is - * /bin/sh. - */ - - if (strcasecmp(default_altsh, "YES") == 0) - setenv("SHELL", pwd->pw_shell, 1); - if (default_hz) - setenv("HZ", default_hz, 0); - if (default_timezone) - setenv("TZ", default_timezone, 0); - - /* Non-environment stuff. */ - - if (default_umask) { - if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val) - umask(umask_val); - } -#ifdef HAVE_ULIMIT - if (default_ulimit) { - long limit_val; - - if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val) - if (ulimit(UL_SETFSIZE, limit_val) < 0) - warn ("ulimit(UL_SETFSIZE, %ld)", limit_val); - } -#endif - read_etc_environment(); -} - diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c deleted file mode 100644 index 99794bd..0000000 --- a/crypto/kerberosIV/appl/bsd/sysv_shadow.c +++ /dev/null @@ -1,45 +0,0 @@ -/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ - -#include "bsd_locl.h" - -RCSID("$Id: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $"); - -#ifdef SYSV_SHADOW - -#include <sysv_shadow.h> - -/* sysv_expire - check account and password expiration times */ - -int -sysv_expire(struct spwd *spwd) -{ - long today; - - tzset(); - today = time(0)/(60*60*24); /* In days since Jan. 1, 1970 */ - - if (spwd->sp_expire > 0) { - if (today > spwd->sp_expire) { - printf("Your account has expired.\n"); - sleepexit(1); - } else if (spwd->sp_expire - today < 14) { - printf("Your account will expire in %d days.\n", - (int)(spwd->sp_expire - today)); - return (0); - } - } - if (spwd->sp_max > 0) { - if (today > (spwd->sp_lstchg + spwd->sp_max)) { - printf("Your password has expired. Choose a new one.\n"); - return (1); - } else if (spwd->sp_warn > 0 - && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) { - printf("Your password will expire in %d days.\n", - (int)(spwd->sp_lstchg + spwd->sp_max - today)); - return (0); - } - } - return (0); -} - -#endif /* SYSV_SHADOW */ diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h deleted file mode 100644 index 339035b..0000000 --- a/crypto/kerberosIV/appl/bsd/sysv_shadow.h +++ /dev/null @@ -1,5 +0,0 @@ -/* $Id: sysv_shadow.h,v 1.7 1999/03/13 21:15:43 assar Exp $ */ - -#include <shadow.h> - -int sysv_expire(struct spwd *); diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c deleted file mode 100644 index 2a903db..0000000 --- a/crypto/kerberosIV/appl/bsd/tty.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: tty.c,v 1.3 1999/12/02 16:58:28 joda Exp $"); - -/* - * Clean the tty name. Return a pointer to the cleaned version. - */ - -char * -clean_ttyname (char *tty) -{ - char *res = tty; - - if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) - res += strlen(_PATH_DEV); - if (strncmp (res, "pty/", 4) == 0) - res += 4; - if (strncmp (res, "ptym/", 5) == 0) - res += 5; - return res; -} - -/* - * Generate a name usable as an `ut_id', typically without `tty'. - */ - -char * -make_id (char *tty) -{ - char *res = tty; - - if (strncmp (res, "pts/", 4) == 0) - res += 4; - if (strncmp (res, "tty", 3) == 0) - res += 3; - return res; -} diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c deleted file mode 100644 index d2879fe..0000000 --- a/crypto/kerberosIV/appl/bsd/utmp_login.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "bsd_locl.h" - -RCSID("$Id: utmp_login.c,v 1.16 1999/12/02 16:58:29 joda Exp $"); - -#ifdef HAVE_UTMP_H -void -prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname) -{ - char *ttyx = clean_ttyname (tty); - - memset(utmp, 0, sizeof(*utmp)); - utmp->ut_time = time(NULL); - strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line)); - strncpy(utmp->ut_name, username, sizeof(utmp->ut_name)); - -# ifdef HAVE_STRUCT_UTMP_UT_USER - strncpy(utmp->ut_user, username, sizeof(utmp->ut_user)); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_ADDR - if (hostname[0]) { - struct hostent *he; - if ((he = gethostbyname(hostname))) - memcpy(&utmp->ut_addr, he->h_addr_list[0], - sizeof(utmp->ut_addr)); - } -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_HOST - strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host)); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_TYPE - utmp->ut_type = USER_PROCESS; -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_PID - utmp->ut_pid = getpid(); -# endif - -# ifdef HAVE_STRUCT_UTMP_UT_ID - strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); -# endif -} -#endif - -#ifdef HAVE_UTMPX_H -void utmp_login(char *tty, char *username, char *hostname) { return; } -#else - -/* update utmp and wtmp - the BSD way */ - -void utmp_login(char *tty, char *username, char *hostname) -{ - struct utmp utmp; - int fd; - - prepare_utmp (&utmp, tty, username, hostname); - -#ifdef HAVE_SETUTENT - utmpname(_PATH_UTMP); - setutent(); - pututline(&utmp); - endutent(); -#else - -#ifdef HAVE_TTYSLOT - { - int ttyno; - ttyno = ttyslot(); - if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) { - lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET); - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } - } -#endif /* HAVE_TTYSLOT */ -#endif /* HAVE_SETUTENT */ - - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } -} -#endif /* !HAVE_UTMPX_H */ diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c deleted file mode 100644 index acc6a154..0000000 --- a/crypto/kerberosIV/appl/bsd/utmpx_login.c +++ /dev/null @@ -1,88 +0,0 @@ -/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ - -#include "bsd_locl.h" - -RCSID("$Id: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $"); - -/* utmpx_login - update utmp and wtmp after login */ - -#ifndef HAVE_UTMPX_H -int utmpx_login(char *line, char *user, char *host) { return 0; } -#else - -static void -utmpx_update(struct utmpx *ut, char *line, char *user, char *host) -{ - struct timeval tmp; - char *clean_tty = clean_ttyname(line); - - strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line)); -#ifdef HAVE_STRUCT_UTMPX_UT_ID - strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); -#endif - strncpy(ut->ut_user, user, sizeof(ut->ut_user)); - strncpy(ut->ut_host, host, sizeof(ut->ut_host)); -#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN - ut->ut_syslen = strlen(host) + 1; - if (ut->ut_syslen > sizeof(ut->ut_host)) - ut->ut_syslen = sizeof(ut->ut_host); -#endif - ut->ut_type = USER_PROCESS; - gettimeofday (&tmp, 0); - ut->ut_tv.tv_sec = tmp.tv_sec; - ut->ut_tv.tv_usec = tmp.tv_usec; - pututxline(ut); -#ifdef WTMPX_FILE - updwtmpx(WTMPX_FILE, ut); -#elif defined(WTMP_FILE) - { - struct utmp utmp; - int fd; - - prepare_utmp (&utmp, line, user, host); - if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { - write(fd, &utmp, sizeof(struct utmp)); - close(fd); - } - } -#endif -} - -int -utmpx_login(char *line, char *user, char *host) -{ - struct utmpx *ut; - pid_t mypid = getpid(); - int ret = (-1); - - /* - * SYSV4 ttymon and login use tty port names with the "/dev/" prefix - * stripped off. Rlogind and telnetd, on the other hand, make utmpx - * entries with device names like /dev/pts/nnn. We therefore cannot use - * getutxline(). Return nonzero if no utmp entry was found with our own - * process ID for a login or user process. - */ - - while ((ut = getutxent())) { - /* Try to find a reusable entry */ - if (ut->ut_pid == mypid - && ( ut->ut_type == INIT_PROCESS - || ut->ut_type == LOGIN_PROCESS - || ut->ut_type == USER_PROCESS)) { - utmpx_update(ut, line, user, host); - ret = 0; - break; - } - } - if (ret == -1) { - /* Grow utmpx file by one record. */ - struct utmpx newut; - memset(&newut, 0, sizeof(newut)); - newut.ut_pid = mypid; - utmpx_update(&newut, line, user, host); - ret = 0; - } - endutxent(); - return (ret); -} -#endif /* HAVE_UTMPX_H */ |