diff options
Diffstat (limited to 'eBones')
260 files changed, 11753 insertions, 1449 deletions
diff --git a/eBones/Makefile b/eBones/Makefile index b63f933..03746ca 100644 --- a/eBones/Makefile +++ b/eBones/Makefile @@ -1,25 +1,60 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.12 1994/09/30 13:34:39 g89r4222 Exp $ +# $Id: Makefile,v 1.12 1995/06/11 19:28:20 rgrimes Exp $ -SUBDIR= include +SUBDIR= include des acl kdb krb libkadm -SUBDIR+= des compile_et acl ext_srvtab include kdb kdb_destroy kdb_edit \ - kdb_init kdb_util kdestroy kerberos kinit klist krb ksrvtgt \ - kstash man register registerd make_keypair +SUBDIR+= ext_srvtab kdb_destroy kdb_edit \ + kdb_init kdb_util kdestroy kerberos kinit klist ksrvtgt \ + kstash kadmin kadmind ksrvutil man +# +# MISSING AND PROBABLY BOGUS: register registerd make_keypair +# SDIR= ${.CURDIR}/.. +CODAI= ${MAKE} ${MFLAGS} cleandir; \ + ${MAKE} ${MFLAGS} obj; \ + ${MAKE} ${MFLAGS} depend all install + +CODAD= ${MAKE} ${MFLAGS} MAKE_EBONES=yes cleandir; \ + ${MAKE} ${MFLAGS} MAKE_EBONES=yes obj; \ + ${MAKE} ${MFLAGS} MAKE_EBONES=yes depend all distribute + # These are the programs which depend on kerberos -# It's nice to know who they are kprog: - cd ${SDIR}/bin/rcp; make cleandir obj ; make -DNOMAN depend all install - cd ${SDIR}/libexec/rlogind;make cleandir;make -DNOMAN depend all install - cd ${SDIR}/libexec/rshd; make cleandir; make -DNOMAN depend all install - cd ${SDIR}/usr.bin/login; make cleandir; make -DNOMAN depend all install - cd ${SDIR}/usr.bin/passwd;make cleandir; make -DNOMAN depend all install - cd ${SDIR}/usr.bin/rlogin;make cleandir; make -DNOMAN depend all install - cd ${SDIR}/usr.bin/rsh; make cleandir; make -DNOMAN depend all install - cd ${SDIR}/usr.bin/su; make cleandir; make -DNOMAN depend all install - cd ${SDIR}/libexec/kpasswdd; make cleandir; make depend all install + cd ${SDIR}/bin/rcp; ${CODAI} + cd ${SDIR}/libexec/rlogind; ${CODAI} + cd ${SDIR}/libexec/rshd; ${CODAI} + cd ${SDIR}/sbin/mount_nfs; ${CODAI} + cd ${SDIR}/sbin/nfsd; ${CODAI} + cd ${SDIR}/usr.bin/login; ${CODAI} + cd ${SDIR}/usr.bin/passwd; ${CODAI} + cd ${SDIR}/usr.bin/rlogin; ${CODAI} + cd ${SDIR}/usr.bin/rsh; ${CODAI} + cd ${SDIR}/usr.bin/su; ${CODAI} + +bootstrap: + ( cd include; ${MAKE} ${MFLAGS} install ) + ( cd des; ${MAKE} ${MFLAGS} depend all install ) + ${MAKE} ${MFLAGS} cleandir + ${MAKE} ${MFLAGS} obj + @echo removing old 1.1.5 Kerberos libraries + rm -f /usr/lib/libkrb.so.4.0 + rm -f /usr/lib/libdes.so.4.0 + rm -f /usr/lib/libkdb.so.4.0 + ${MAKE} ${MFLAGS} depend all install kprog + +help-distribute: distribute + cd ${SDIR}/bin/rcp; ${CODAD} + cd ${SDIR}/libexec/rlogind; ${CODAD} + cd ${SDIR}/libexec/rshd; ${CODAD} + cd ${SDIR}/sbin/mount_nfs; ${CODAD} + cd ${SDIR}/sbin/nfsd; ${CODAD} + cd ${SDIR}/usr.bin/login; ${CODAD} + cd ${SDIR}/usr.bin/passwd; ${CODAD} + cd ${SDIR}/usr.bin/rlogin; ${CODAD} + cd ${SDIR}/usr.bin/rsh; ${CODAD} + cd ${SDIR}/usr.bin/su; ${CODAD} .include <bsd.subdir.mk> + diff --git a/eBones/Makefile.inc b/eBones/Makefile.inc index fc75f4b..4df35f6 100644 --- a/eBones/Makefile.inc +++ b/eBones/Makefile.inc @@ -1,9 +1,10 @@ # From: @(#)Makefile.inc 5.1 (Berkeley) 6/25/90 -# $Id: Makefile.inc,v 1.3 1994/09/24 14:04:08 g89r4222 Exp $ +# $Id: Makefile.inc,v 1.3 1995/01/14 20:50:37 wollman Exp $ BINDIR?= /usr/sbin SHLIB_MAJOR?= 2 SHLIB_MINOR?= 0 +DISTRIBUTION= krb .if exists(${.CURDIR}/../des/obj) DESOBJDIR= ${.CURDIR}/../des/obj @@ -29,9 +30,11 @@ ACLOBJDIR= ${.CURDIR}/../acl/obj ACLOBJDIR= ${.CURDIR}/../acl .endif -.if exists(${.CURDIR}/../compile_et/obj) -COMPILE_ET= ${.CURDIR}/../compile_et/obj/compile_et +.if exists(${.CURDIR}/../libkadm/obj) +KADMOBJDIR= ${.CURDIR}/../libkadm/obj .else -COMPILE_ET= ${.CURDIR}/../compile_et/compile_et +KADMOBJDIR= ${.CURDIR}/../libkadm .endif +COMPILE_ET= compile_et + diff --git a/eBones/acl/acl_check.3 b/eBones/acl/acl_check.3 index c142506..2e5129c 100644 --- a/eBones/acl/acl_check.3 +++ b/eBones/acl/acl_check.3 @@ -1,5 +1,5 @@ .\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $ -.\" $Id: acl_check.3,v 1.2 1994/07/19 19:27:17 g89r4222 Exp $ +.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -16,7 +16,7 @@ acl_delete, acl_initialize \- Access control list routines cc <files> \-lacl \-lkrb .PP .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B acl_canonicalize_principal(principal, buf) @@ -98,7 +98,7 @@ must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in -.IR /usr/include/krb.h . +.IR /usr/include/kerberosIV/krb.h . .PP .I acl_check returns nonzero if diff --git a/eBones/acl/acl_files.c b/eBones/acl/acl_files.c index 6f7f3fd..1b97bb2 100644 --- a/eBones/acl/acl_files.c +++ b/eBones/acl/acl_files.c @@ -6,12 +6,12 @@ * <mit-copyright.h>. * * from: acl_files.c,v 4.4 89/12/19 13:30:53 jtkohl Exp $ - * $Id: acl_files.c,v 1.2 1994/07/19 19:21:18 g89r4222 Exp $ + * $Id: acl_files.c,v 1.1.1.1 1994/09/30 14:49:48 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: acl_files.c,v 1.2 1994/07/19 19:21:18 g89r4222 Exp $"; +"$Id: acl_files.c,v 1.1.1.1 1994/09/30 14:49:48 csgr Exp $"; #endif lint @@ -86,7 +86,7 @@ char *canon; dot = NULL; } } - + /* No such luck */ end = principal + strlen(principal); @@ -121,7 +121,7 @@ char *canon; strcpy(canon, KRB_REALM); } } - + /* Get a lock to modify acl_file */ /* Return new FILE pointer */ /* or NULL if file cannot be modified */ @@ -176,7 +176,7 @@ char *acl_file; /* Closes f */ static int acl_commit(acl_file, f) char *acl_file; -FILE *f; +FILE *f; { char new[LINESIZE]; int ret; @@ -203,7 +203,7 @@ FILE *f; static int acl_abort(acl_file, f) char *acl_file; -FILE *f; +FILE *f; { char new[LINESIZE]; int ret; @@ -471,7 +471,7 @@ char *principal; sprintf(buf, "*.*%s", realm); if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); - + return(0); } diff --git a/eBones/des/Makefile b/eBones/des/Makefile index 5afd5b5..8d5c210 100644 --- a/eBones/des/Makefile +++ b/eBones/des/Makefile @@ -1,10 +1,10 @@ # @(#)Makefile 5.4 (Berkeley) 5/7/91 -# $Id: Makefile,v 1.4 1994/09/09 21:43:30 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $ LIB= des SRCS= cbc_cksm.c cbc_enc.c ecb_enc.c enc_read.c enc_writ.c pcbc_enc.c \ qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \ - cfb_enc.c 3ecb_enc.c ofb_enc.c 3cbc_enc.c + cfb_enc.c 3ecb_enc.c ofb_enc.c 3cbc_enc.c #MAN1= des.1 #MAN3= des.3 diff --git a/eBones/des/cbc_cksm.c b/eBones/des/cbc_cksm.c index b28dc75..5aa25eb 100644 --- a/eBones/des/cbc_cksm.c +++ b/eBones/des/cbc_cksm.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: cbc_cksm.c,v 1.2 1994/07/19 19:21:45 g89r4222 Exp $ + * $Id: cbc_cksm.c,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $ */ #include "des_locl.h" @@ -34,7 +34,7 @@ des_cblock *ivec; } else c2ln(in,tin0,tin1,l); - + tin0^=tout0; tin1^=tout1; tin[0]=tin0; diff --git a/eBones/des/enc_read.c b/eBones/des/enc_read.c index 1b77c4c..4c6cb9e 100644 --- a/eBones/des/enc_read.c +++ b/eBones/des/enc_read.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: enc_read.c,v 1.2 1994/07/19 19:21:54 g89r4222 Exp $ + * $Id: enc_read.c,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $ */ #include <errno.h> @@ -22,7 +22,7 @@ des_cblock *iv; /* data to be unencrypted */ int net_num=0; unsigned char net[BSIZE]; - /* extra unencrypted data + /* extra unencrypted data * for when a block of 100 comes in but is des_read one byte at * a time. */ static char unnet[BSIZE]; @@ -61,7 +61,7 @@ des_cblock *iv; /* first - get the length */ net_num=0; - while (net_num < HDRSIZE) + while (net_num < HDRSIZE) { i=read(fd,&(net[net_num]),HDRSIZE-net_num); if ((i == -1) && (errno == EINTR)) continue; diff --git a/eBones/des/enc_writ.c b/eBones/des/enc_writ.c index 602106b..00c8f63 100644 --- a/eBones/des/enc_writ.c +++ b/eBones/des/enc_writ.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: enc_writ.c,v 1.2 1994/07/19 19:21:56 g89r4222 Exp $ + * $Id: enc_writ.c,v 1.1.1.1 1994/09/30 14:49:50 csgr Exp $ */ #include <errno.h> @@ -67,10 +67,10 @@ des_cblock *iv; if (des_rw_mode & DES_PCBC_MODE) pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), - (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); else cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), - (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); /* output */ outnum=rnum+HDRSIZE; diff --git a/eBones/des/fcrypt.c b/eBones/des/fcrypt.c index c7f41ce..1c2a805 100644 --- a/eBones/des/fcrypt.c +++ b/eBones/des/fcrypt.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: fcrypt.c,v 1.2 1994/07/19 19:21:58 g89r4222 Exp $ + * $Id: fcrypt.c,v 1.1.1.1 1994/09/30 14:49:51 csgr Exp $ */ #include <stdio.h> @@ -384,7 +384,7 @@ des_key_schedule schedule; /* table contained 0213 4657 */ *(k++)=((t<<16)|(s&0x0000ffff))&0xffffffff; s= ((s>>16)|(t&0xffff0000)); - + s=(s<<4)|(s>>28); *(k++)=s&0xffffffff; } @@ -396,7 +396,7 @@ des_key_schedule schedule; ******************************************************************/ /* The changes to this macro may help or hinder, depending on the - * compiler and the achitecture. gcc2 always seems to do well :-). + * compiler and the achitecture. gcc2 always seems to do well :-). * Inspired by Dana How <how@isl.stanford.edu> * DO NOT use the alternative version on machines with 8 byte longs. */ diff --git a/eBones/des/qud_cksm.c b/eBones/des/qud_cksm.c index eb7773f..a4e3215 100644 --- a/eBones/des/qud_cksm.c +++ b/eBones/des/qud_cksm.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: qud_cksm.c,v 1.2 1994/07/19 19:22:02 g89r4222 Exp $ + * $Id: qud_cksm.c,v 1.1.1.1 1994/09/30 14:49:51 csgr Exp $ */ /* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer @@ -62,7 +62,7 @@ des_cblock *seed; t1=z1; /* square, well sort of square */ z0=((((t0*t0)&0xffffffff)+((t1*t1)&0xffffffff)) - &0xffffffff)%0x7fffffff; + &0xffffffff)%0x7fffffff; z1=((t0*((t1+NOISE)&0xffffffff))&0xffffffff)%0x7fffffff; } if (lp != NULL) diff --git a/eBones/des/rand_key.c b/eBones/des/rand_key.c index d8d2345..a202428 100644 --- a/eBones/des/rand_key.c +++ b/eBones/des/rand_key.c @@ -2,7 +2,7 @@ /* Copyright (C) 1993 Eric Young - see README for more details */ /*- - * $Id: rand_key.c,v 1.2 1994/07/19 19:22:04 g89r4222 Exp $ + * $Id: rand_key.c,v 1.1.1.1 1994/09/30 14:49:51 csgr Exp $ */ #include "des_locl.h" @@ -36,6 +36,7 @@ des_cblock ret; des_set_odd_parity((des_cblock *)key); des_cbc_cksum((des_cblock *)key,(des_cblock *)key, (long)sizeof(key),ks,(des_cblock *)data); + des_set_odd_parity((des_cblock *)key); bcopy(key,ret,sizeof(key)); bzero(key,sizeof(key)); diff --git a/eBones/des/read_pwd.c b/eBones/des/read_pwd.c index 8375f64..9d7fd43 100644 --- a/eBones/des/read_pwd.c +++ b/eBones/des/read_pwd.c @@ -3,7 +3,7 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ /*- - * $Id: read_pwd.c,v 1.2 1994/07/19 19:22:05 g89r4222 Exp $ + * $Id: read_pwd.c,v 1.2 1995/01/25 02:27:00 ache Exp $ */ #include "des_locl.h" @@ -115,7 +115,7 @@ int des_read_pw_string(buf, length, prompt, verify) s = getpass(prompt); strncpy(buf, s, len); if(verify) { - printf("\nVerifying password"); fflush(stdout); + printf("Verifying password\n"); fflush(stdout); if(strncmp(getpass(prompt), buf, len) != 0) { printf("\nVerify failure - try again\n"); fflush(stdout); @@ -249,7 +249,7 @@ int verify; if ((p=(char *)index(buff,'\n')) != NULL) *p='\0'; else read_till_nl(tty); - + if (strcmp(buf,buff) != 0) { fprintf(stderr,"\nVerify failure - try again\n"); @@ -272,7 +272,7 @@ error: status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0 ,tty_orig,12,0,0,0,0); #endif /* VMS */ - + if (ps >= 1) popsig(); if (stdin != tty) fclose(tty); #ifdef VMS diff --git a/eBones/des/set_key.c b/eBones/des/set_key.c index f1ca3f4..81dd4a3 100644 --- a/eBones/des/set_key.c +++ b/eBones/des/set_key.c @@ -9,7 +9,7 @@ */ /*- - * $Id: set_key.c,v 1.2 1994/07/19 19:22:07 g89r4222 Exp $ + * $Id: set_key.c,v 1.1.1.1 1994/09/30 14:49:51 csgr Exp $ */ #include "des_locl.h" @@ -87,7 +87,7 @@ des_cblock *key; } /* NOW DEFINED IN des_local.h - * See ecb_encrypt.c for a pseudo description of these macros. + * See ecb_encrypt.c for a pseudo description of these macros. * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ * (b)^=(t),\ * (a)=((a)^((t)<<(n)))) @@ -126,7 +126,7 @@ des_key_schedule schedule; c2l(in,c); c2l(in,d); - /* do PC1 in 60 simple operations */ + /* do PC1 in 60 simple operations */ /* PERM_OP(d,c,t,4,0x0f0f0f0f); HPERM_OP(c,t,-2, 0xcccc0000); HPERM_OP(c,t,-1, 0xaaaa0000); @@ -175,7 +175,7 @@ des_key_schedule schedule; /* table contained 0213 4657 */ *(k++)=((t<<16)|(s&0x0000ffff))&0xffffffff; s= ((s>>16)|(t&0xffff0000)); - + s=(s<<4)|(s>>28); *(k++)=s&0xffffffff; } diff --git a/eBones/des/test/destest.c b/eBones/des/test/destest.c index bc0552c..c8b5f4b 100644 --- a/eBones/des/test/destest.c +++ b/eBones/des/test/destest.c @@ -362,4 +362,4 @@ unsigned char *p; ret[16]='\0'; return(ret); } - + diff --git a/eBones/ext_srvtab/ext_srvtab.8 b/eBones/ext_srvtab/ext_srvtab.8 index af980a9..565c3a3 100644 --- a/eBones/ext_srvtab/ext_srvtab.8 +++ b/eBones/ext_srvtab/ext_srvtab.8 @@ -1,5 +1,5 @@ .\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id: ext_srvtab.8,v 1.2 1994/07/19 19:27:20 g89r4222 Exp $ +.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -50,14 +50,13 @@ match the given realm rather than the local realm. The master key string entered was incorrect. .SH FILES .TP 20n -.IR hostname -new-srvtab -Service key file generated for -.I hostname +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH SEE ALSO read_service_key(3), krb_get_phost(3) diff --git a/eBones/ext_srvtab/ext_srvtab.c b/eBones/ext_srvtab/ext_srvtab.c index 3a5dcec..093dfe2 100644 --- a/eBones/ext_srvtab/ext_srvtab.c +++ b/eBones/ext_srvtab/ext_srvtab.c @@ -1,13 +1,13 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $ - * $Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $ + * $Id: ext_srvtab.c,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $"; +"$Id: ext_srvtab.c,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $"; #endif lint #include <stdio.h> @@ -39,12 +39,12 @@ main(argc, argv) int fopen_errs = 0; int arg; Principal princs[40]; - int more; + int more; int prompt = TRUE; register int n, i; - + bzero(realm, sizeof(realm)); - + /* Parse commandline arguments */ if (argc < 2) usage(); @@ -57,7 +57,7 @@ main(argc, argv) usage(); else { strcpy(realm, argv[i]); - /* + /* * This is to humor the broken way commandline * argument parsing is done. Later, this * program ignores everything that starts with -. @@ -118,7 +118,7 @@ main(argc, argv) bcopy(&princs[i].key_low, session_key, sizeof(long)); bcopy(&princs[i].key_high, session_key + sizeof(long), sizeof(long)); - kdb_encrypt_key (session_key, session_key, + kdb_encrypt_key (session_key, session_key, master_key, master_key_schedule, DES_DECRYPT); FWrite(session_key, sizeof session_key, 1, fout); } @@ -158,7 +158,7 @@ StampOutSecrets() usage() { - fprintf(stderr, + fprintf(stderr, "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname); exit(1); } diff --git a/eBones/include/Makefile b/eBones/include/Makefile index 8b46c65..ff43b54 100644 --- a/eBones/include/Makefile +++ b/eBones/include/Makefile @@ -1,7 +1,7 @@ # from: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.3 1994/09/09 21:43:35 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ -FILES= des.h kadm.h kparse.h krb.h krb_db.h +FILES= des.h kparse.h krb.h krb_db.h # mit-copyright.h kadm_err.h krb_err.h @@ -11,7 +11,9 @@ NOMAN= noman all include clean cleandir depend lint tags: beforeinstall: - install -c -o ${BINOWN} -g ${BINGRP} -m 444 \ - ${FILES} ${DESTDIR}/usr/include/kerberosIV + -cd ${.CURDIR}; for file in ${FILES}; do \ + cmp -s $$file ${DESTDIR}/usr/include/kerberosIV/$$file || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 $$file \ + ${DESTDIR}/usr/include/kerberosIV; done .include <bsd.prog.mk> diff --git a/eBones/include/addr_comp.h b/eBones/include/addr_comp.h index 8d001d3..290d09a 100644 --- a/eBones/include/addr_comp.h +++ b/eBones/include/addr_comp.h @@ -1,12 +1,12 @@ /* - * Copyright 1987, 1988, 1989 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988, 1989 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file * <Copyright.MIT>. * * Include file for address comparison macros. * * from: addr_comp.h,v 4.0 89/01/23 09:57:44 jtkohl Exp $ - * $Id: addr_comp.h,v 1.2 1994/07/19 19:22:44 g89r4222 Exp $ + * $Id: addr_comp.h,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ */ #ifndef ADDR_COMP_DEFS diff --git a/eBones/include/admin_server.h b/eBones/include/admin_server.h index db29c15..5209641 100644 --- a/eBones/include/admin_server.h +++ b/eBones/include/admin_server.h @@ -1,12 +1,12 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * Include file for the Kerberos administration server. + * Include file for the Kerberos administration server. * * from: admin_server.h,v 4.7 89/01/11 11:59:42 steiner Exp $ - * $Id: admin_server.h,v 1.2 1994/07/19 19:22:47 g89r4222 Exp $ + * $Id: admin_server.h,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ */ #ifndef ADMIN_SERVER_DEFS diff --git a/eBones/include/conf-bsdapollo.h b/eBones/include/conf-bsdapollo.h index 532d2aa..119a96d 100644 --- a/eBones/include/conf-bsdapollo.h +++ b/eBones/include/conf-bsdapollo.h @@ -4,7 +4,7 @@ * <Copyright.MIT>. * * from: conf-bsdapollo.h,v 4.1 89/01/24 14:26:22 jtkohl Exp $ - * $Id: conf-bsdapollo.h,v 1.2 1994/07/19 19:22:50 g89r4222 Exp $ + * $Id: conf-bsdapollo.h,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ */ #define BSDUNIX @@ -18,4 +18,4 @@ */ #define const - + diff --git a/eBones/include/conf-ultmips2.h b/eBones/include/conf-ultmips2.h index 7d202f5..9e04aad 100644 --- a/eBones/include/conf-ultmips2.h +++ b/eBones/include/conf-ultmips2.h @@ -6,9 +6,9 @@ * Machine-type definitions: DECstation 3100 (MIPS R2000) * * from: conf-ultmips2.h,v 4.0 89/01/23 09:58:32 jtkohl Exp $ - * $Id: conf-ultmips2.h,v 1.2 1994/07/19 19:23:03 g89r4222 Exp $ + * $Id: conf-ultmips2.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ - + #define MIPS2 #define BITS32 #define BIG diff --git a/eBones/include/des.h b/eBones/include/des.h index 9cc2056..4288c2f 100644 --- a/eBones/include/des.h +++ b/eBones/include/des.h @@ -5,8 +5,8 @@ * * Include file for the Data Encryption Standard library. * - * from: des.h,v 4.11 89/01/17 16:24:57 rfrench Exp $ - * $Id: des.h,v 1.2 1994/07/19 19:23:06 g89r4222 Exp $ + * from: des.h,v 4.11 89/01/17 16:24:57 rfrench Exp $ + * $Id: des.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ /* only do the whole thing once */ diff --git a/eBones/include/kdc.h b/eBones/include/kdc.h index 518e5e9..2323eea 100644 --- a/eBones/include/kdc.h +++ b/eBones/include/kdc.h @@ -1,12 +1,12 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * Include file for the Kerberos Key Distribution Center. + * Include file for the Kerberos Key Distribution Center. * * from: kdc.h,v 4.1 89/01/24 17:54:04 jon Exp $ - * $Id: kdc.h,v 1.2 1994/07/19 19:23:11 g89r4222 Exp $ + * $Id: kdc.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ #ifndef KDC_DEFS diff --git a/eBones/include/klog.h b/eBones/include/klog.h index e8c5070..c2bd27f 100644 --- a/eBones/include/klog.h +++ b/eBones/include/klog.h @@ -4,10 +4,10 @@ * <Copyright.MIT>. * * This file defines the types of log messages logged by klog. Each - * type of message may be selectively turned on or off. + * type of message may be selectively turned on or off. * * from: klog.h,v 4.7 89/01/24 17:55:07 jon Exp $ - * $Id: klog.h,v 1.2 1994/07/19 19:23:12 g89r4222 Exp $ + * $Id: klog.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ #ifndef KLOG_DEFS diff --git a/eBones/include/kparse.h b/eBones/include/kparse.h index 9bdc07c..cf4741c 100644 --- a/eBones/include/kparse.h +++ b/eBones/include/kparse.h @@ -6,14 +6,14 @@ * Include file for kparse routines. * * from: kparse.h,v 4.5 89/01/11 12:05:53 steiner Exp $ - * $Id: kparse.h,v 1.2 1994/07/19 19:23:14 g89r4222 Exp $ + * $Id: kparse.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ #ifndef KPARSE_DEFS #define KPARSE_DEFS /* - * values returned by fGetParameterSet() + * values returned by fGetParameterSet() */ #define PS_BAD_KEYWORD -2 /* unknown or duplicate keyword */ @@ -22,7 +22,7 @@ #define PS_EOF 1 /* nothing more in the file */ /* - * values returned by fGetKeywordValue() + * values returned by fGetKeywordValue() */ #define KV_SYNTAX -2 /* syntax error */ @@ -31,7 +31,7 @@ #define KV_EOL 1 /* nothing more on this line */ /* - * values returned by fGetToken() + * values returned by fGetToken() */ #define GTOK_BAD_QSTRING -1 /* newline found in quoted string */ @@ -44,7 +44,7 @@ #define GTOK_WHITE 5 /* one or more whitespace chars */ /* - * extended character classification macros + * extended character classification macros */ #define ISOCTAL(CH) ( (CH>='0') && (CH<='7') ) @@ -54,14 +54,14 @@ /* * tokens consist of any printable charcacter except comma, equal, or - * whitespace + * whitespace */ #define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '=')) /* * the parameter table defines the keywords that will be recognized by - * fGetParameterSet, and their default values if not specified. + * fGetParameterSet, and their default values if not specified. */ typedef struct { diff --git a/eBones/include/krb.h b/eBones/include/krb.h index 15e831b..f0531d4 100644 --- a/eBones/include/krb.h +++ b/eBones/include/krb.h @@ -1,12 +1,12 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * Include file for the Kerberos library. + * Include file for the Kerberos library. * - * from: krb.h,v 4.26 89/08/08 17:55:25 jtkohl Exp $ - * $Id: krb.h,v 1.4 1994/09/24 14:15:41 g89r4222 Exp $ + * from: krb.h,v 4.26 89/08/08 17:55:25 jtkohl Exp $ + * $Id: krb.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ /* Only one time, please */ @@ -37,7 +37,7 @@ typedef unsigned short gid_t; #endif /* NO_UIDGID_T */ /* - * Kerberos specific definitions + * Kerberos specific definitions * * KRBLOG is the log file for the kerberos master server. KRB_CONF is * the configuration file where different host machines running master @@ -47,7 +47,7 @@ typedef unsigned short gid_t; * requests, which can go to slaves) must go to it. KRB_HOST is the * default machine * when looking for a kerberos slave server. Other * possibilities are * in the KRB_CONF file. KRB_REALM is the name of - * the realm. + * the realm. */ #ifdef notdef diff --git a/eBones/include/krb_conf.h b/eBones/include/krb_conf.h index 824d5fe..5cd0ab9 100644 --- a/eBones/include/krb_conf.h +++ b/eBones/include/krb_conf.h @@ -6,15 +6,15 @@ * This file contains configuration information for the Kerberos library * which is machine specific; currently, this file contains * configuration information for the vax, the "ibm032" (RT), and the - * "PC8086" (IBM PC). + * "PC8086" (IBM PC). * * Note: cross-compiled targets must appear BEFORE their corresponding * cross-compiler host. Otherwise, both will be defined when running * the native compiler on the programs that construct cross-compiled - * sources. + * sources. * - * from: krb_conf.h,v 4.0 89/01/23 09:59:27 jtkohl Exp $ - * $Id: krb_conf.h,v 1.2 1994/07/19 19:23:18 g89r4222 Exp $ + * from: krb_conf.h,v 4.0 89/01/23 09:59:27 jtkohl Exp $ + * $Id: krb_conf.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ #ifndef KRB_CONF_DEFS diff --git a/eBones/include/krb_db.h b/eBones/include/krb_db.h index cbe00b9..e514339e 100644 --- a/eBones/include/krb_db.h +++ b/eBones/include/krb_db.h @@ -1,17 +1,17 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * spm Project Athena 8/85 + * spm Project Athena 8/85 * * This file defines data structures for the kerberos - * authentication/authorization database. + * authentication/authorization database. * - * They MUST correspond to those defined in *.rel + * They MUST correspond to those defined in *.rel * - * from: krb_db.h,v 4.9 89/01/24 17:55:39 jon Exp $ - * $Id: krb_db.h,v 1.2 1994/07/19 19:23:19 g89r4222 Exp $ + * from: krb_db.h,v 4.9 89/01/24 17:55:39 jon Exp $ + * $Id: krb_db.h,v 1.1.1.1 1994/09/30 14:49:54 csgr Exp $ */ #ifndef KRB_DB_DEFS diff --git a/eBones/include/passwd_server.h b/eBones/include/passwd_server.h index cb8eb08..a8d9e18 100644 --- a/eBones/include/passwd_server.h +++ b/eBones/include/passwd_server.h @@ -1,12 +1,12 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Include file for password server * - * from: passwd_server.h,v 4.6 89/01/11 15:12:22 steiner Exp $ - * $Id: passwd_server.h,v 1.2 1994/07/19 19:23:24 g89r4222 Exp $ + * from: passwd_server.h,v 4.6 89/01/11 15:12:22 steiner Exp $ + * $Id: passwd_server.h,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef PASSWD_SERVER_DEFS diff --git a/eBones/kadmin/HOW-TO b/eBones/kadmin/HOW-TO new file mode 100644 index 0000000..bb5c3ca --- /dev/null +++ b/eBones/kadmin/HOW-TO @@ -0,0 +1,8 @@ +# $Id$ + +To re-create this directory from outside the US, take the Makefile +(provided), get the two source files from the original eBones distribution, +do a `perl -spi.bak -e 's/\$(Header[^\$])\$/$1/g' *.{c,ct}', and then +edit the #includes in kadmin.c to make things compile. + +Unfortunately, this program is not exportable. diff --git a/eBones/kadmin/Makefile b/eBones/kadmin/Makefile new file mode 100644 index 0000000..a22c9e2 --- /dev/null +++ b/eBones/kadmin/Makefile @@ -0,0 +1,19 @@ +# $Id: Makefile,v 1.1 1995/01/20 02:47:48 wollman Exp $ + +BINDIR= /usr/bin +PROG= kadmin +SRCS= kadmin.c kadmin_cmds.c +CLEANFILES+= kadmin_cmds.c +CFLAGS+= -DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} +CFLAGS+= -I${.CURDIR}/../libkadm +LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +LDADD+= -lss -lcom_err +NOMAN= # man page is in ../man + +kadmin_cmds.c: kadmin_cmds.ct + test -e kadmin_cmds.ct || ln -s ${.CURDIR}/kadmin_cmds.ct . + mk_cmds kadmin_cmds.ct + +.include <bsd.prog.mk> + + diff --git a/eBones/kadmin/kadmin.c b/eBones/kadmin/kadmin.c new file mode 100644 index 0000000..cbf4d6f --- /dev/null +++ b/eBones/kadmin/kadmin.c @@ -0,0 +1,626 @@ +/* + * $Source: /home/ncvs/src/eBones/kadmin/kadmin.c,v $ + * $Author: wollman $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos database administrator's tool. + * + * The default behavior of kadmin is if the -m option is given + * on the commandline, multiple requests are allowed to be given + * with one entry of the admin password (until the tickets expire). + * If you do not want this to be an available option, compile with + * NO_MULTIPLE defined. + */ + +#ifndef lint +static char rcsid_kadmin_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadmin.c,v 4.5 89/09/26 14:17:54 qjb Exp "; +#endif lint + +#include <stdio.h> +#include <sys/param.h> +#include <pwd.h> +#include <ss/ss.h> +#include "krb_err.h" +#include "kadm.h" + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +/* for get_password, whether it should do the swapping...necessary for + using vals structure, unnecessary for change_pw requests */ +#define DONTSWAP 0 +#define SWAP 1 + +extern int kadm_init_link(); +extern char *error_message(); +extern void krb_set_tkt_string(); + +static void do_init(); +void clean_up(); + +extern ss_request_table admin_cmds; + +static char myname[ANAME_SZ]; +static char default_realm[REALM_SZ]; /* default kerberos realm */ +static char krbrlm[REALM_SZ]; /* current realm being administered */ +#ifndef NO_MULTIPLE +static int multiple = 0; /* Allow multiple requests per ticket */ +#endif + +main(argc, argv) + int argc; + char *argv[]; +{ + int sci_idx; + int code; + char tktstring[MAXPATHLEN]; + + void quit(); + + sci_idx = ss_create_invocation("admin", "2.0", (char *) NULL, + &admin_cmds, &code); + if (code) { + ss_perror(sci_idx, code, "creating invocation"); + exit(1); + } + (void) sprintf(tktstring, "/tmp/tkt_adm_%d",getpid()); + krb_set_tkt_string(tktstring); + + do_init(argc, argv); + + printf("Welcome to the Kerberos Administration Program, version 2\n"); + printf("Type \"help\" if you need it.\n"); + ss_listen(sci_idx, &code); + printf("\n"); + quit(); + exit(0); +} + +int +setvals(vals, string) + Kadm_vals *vals; + char *string; +{ + char realm[REALM_SZ]; + int status = KADM_SUCCESS; + + bzero(vals, sizeof(*vals)); + bzero(realm, sizeof(realm)); + + SET_FIELD(KADM_NAME,vals->fields); + SET_FIELD(KADM_INST,vals->fields); + if (status = kname_parse(vals->name, vals->instance, realm, string)) { + printf("kerberos error: %s\n", krb_err_txt[status]); + return status; + } + if (!realm[0]) + strcpy(realm, default_realm); + if (strcmp(realm, krbrlm)) { + strcpy(krbrlm, realm); + if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) + != KADM_SUCCESS) + printf("kadm error for realm %s: %s\n", + krbrlm, error_message(status)); + } + if (status) + return 1; + else + return KADM_SUCCESS; +} + +void +change_password(argc, argv) + int argc; + char *argv[]; +{ + Kadm_vals old, new; + int status; + char pw_prompt[BUFSIZ]; + + if (argc != 2) { + printf("Usage: change_password loginname\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + (void) sprintf(pw_prompt, "New password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Password changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing password for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading password; password unchanged\n"); + bzero((char *)&new, sizeof(new)); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal does not exist.\n"); + return; +} + +/*ARGSUSED*/ +void +change_admin_password(argc, argv) + int argc; + char *argv[]; +{ + des_cblock newkey; + unsigned long low, high; + int status; + char prompt_pw[BUFSIZ]; + + if (argc != 1) { + printf("Usage: change_admin_password\n"); + return; + } + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + (void) sprintf(prompt_pw, "New password for %s.admin:",myname); + if (get_password(&low, &high, prompt_pw, DONTSWAP) == GOOD_PW) { + bcopy((char *)&low,(char *) newkey,4); + bcopy((char *)&high, (char *)(((long *) newkey) + 1),4); + low = high = 0L; + if ((status = kadm_change_pw(newkey)) == KADM_SUCCESS) + printf("Admin password changed\n"); + else + printf("kadm error: %s\n",error_message(status)); + bzero((char *)newkey, sizeof(newkey)); + } else + printf("Error reading password; password unchanged\n"); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + return; +} + +void +add_new_key(argc, argv) + int argc; + char *argv[]; +{ + Kadm_vals new; + char pw_prompt[BUFSIZ]; + int status; + + if (argc != 2) { + printf("Usage: add_new_key user_name.\n"); + return; + } + if (setvals(&new, argv[1]) != KADM_SUCCESS) + return; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + (void) sprintf(pw_prompt, "Password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_add(&new); + if (status == KADM_SUCCESS) { + printf("%s added to database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + } else + printf("Error reading password; %s not added\n",argv[1]); + bzero((char *)&new, sizeof(new)); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal already exists.\n"); + return; +} + +void +get_entry(argc, argv) + int argc; + char *argv[]; +{ + int status; + u_char fields[4]; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: get_entry username\n"); + return; + } + + bzero(fields, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) + prin_vals(&vals); + else + printf("kadm error: %s\n",error_message(status)); + +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal does not exist.\n"); + return; +} + + +void +help(argc, argv) + int argc; + char *argv[]; +{ + if (argc == 1) { + printf("Welcome to the Kerberos administration program."); + printf("Type \"?\" to get\n"); + printf("a list of requests that are available. You can"); + printf(" get help on each of\n"); + printf("the commands by typing \"help command_name\"."); + printf(" Some functions of this\n"); + printf("program will require an \"admin\" password"); + printf(" from you. This is a password\n"); + printf("private to you, that is used to authenticate"); + printf(" requests from this\n"); + printf("program. You can change this password with"); + printf(" the \"change_admin_password\"\n"); + printf("(or short form \"cap\") command. Good Luck! \n"); + } else if (!strcmp(argv[1], "change_password") || + !strcmp(argv[1], "cpw")) { + printf("Usage: change_password user_name.\n"); + printf("\n"); + printf("user_name is the name of the user whose password"); + printf(" you wish to change. \n"); + printf("His/her password is changed in the kerberos database\n"); + printf("When this command is issued, first the \"Admin\""); + printf(" password will be prompted\n"); + printf("for and if correct the user's new password will"); + printf(" be prompted for (twice with\n"); + printf("appropriate comparison). Note: No minimum password"); + printf(" length restrictions apply, but\n"); + printf("longer passwords are more secure.\n"); + } else if (!strcmp(argv[1], "change_admin_password") || + !strcmp(argv[1], "cap")) { + printf("Usage: change_admin_password.\n"); + printf("\n"); + printf("This command takes no arguments and is used"); + printf(" to change your private\n"); + printf("\"Admin\" password. It will first prompt for"); + printf(" the (current) \"Admin\"\n"); + printf("password and then ask for the new password"); + printf(" by prompting:\n"); + printf("\n"); + printf("New password for <Your User Name>.admin:\n"); + printf("\n"); + printf("Enter the new admin password that you desire"); + printf(" (it will be asked for\n"); + printf("twice to avoid errors).\n"); + } else if (!strcmp(argv[1], "add_new_key") || + !strcmp(argv[1], "ank")) { + printf("Usage: add_new_key user_name.\n"); + printf("\n"); + printf("user_name is the name of a new user to put"); + printf(" in the kerberos database. Your\n"); + printf("\"Admin\" password and the user's password"); + printf(" are prompted for. The user's\n"); + printf("password will be asked for"); + printf(" twice to avoid errors.\n"); + } else if (!strcmp(argv[1], "get_entry") || + !strcmp(argv[1], "get")) { + printf("Usage: get_entry user_name.\n"); + printf("\n"); + printf("user_name is the name of a user whose"); + printf(" entry you wish to review. Your\n"); + printf("\"Admin\" password is prompted for. "); + printf(" The key field is not filled in, for\n"); + printf("security reasons.\n"); + } else if (!strcmp(argv[1], "destroy_tickets") || + !strcmp(argv[1], "dest")) { + printf("Usage: destroy_tickets\n"); + printf("\n"); + printf("Destroy your admin tickets. This will"); + printf(" cause you to be prompted for your\n"); + printf("admin password on your next request.\n"); + } else if (!strcmp(argv[1], "list_requests") || + !strcmp(argv[1], "lr") || + !strcmp(argv[1], "?")) { + printf("Usage: list_requests\n"); + printf("\n"); + printf("This command lists what other commands are"); + printf(" currently available.\n"); + } else if (!strcmp(argv[1], "exit") || + !strcmp(argv[1], "quit") || + !strcmp(argv[1], "q")) { + printf("Usage: quit\n"); + printf("\n"); + printf("This command exits this program.\n"); + } else { + printf("Sorry there is no such command as %s."); + printf(" Type \"help\" for more information. \n", argv[1]); + } + return; +} + +go_home(str,x) +char *str; +int x; +{ + fprintf(stderr, "%s: %s\n", str, error_message(x)); + clean_up(); + exit(1); +} + +static int inited = 0; + +void usage() +{ + fprintf(stderr, "Usage: kadmin [-u admin_name] [-r default_realm]"); +#ifndef NO_MULTIPLE + fprintf(stderr, " [-m]"); +#endif + fprintf(stderr, "\n"); +#ifndef NO_MULTIPLE + fprintf(stderr, " -m allows multiple admin requests to be "); + fprintf(stderr, "serviced with one entry of admin\n"); + fprintf(stderr, " password.\n"); +#endif + exit(1); +} + +static void +do_init(argc, argv) + int argc; + char *argv[]; +{ + struct passwd *pw; + extern char *optarg; + extern int optind; + int c; +#ifndef NO_MULTIPLE +#define OPTION_STRING "u:r:m" +#else +#define OPTION_STRING "u:r:" +#endif + + bzero(myname, sizeof(myname)); + + if (!inited) { + /* + * This is only as a default/initial realm; we don't care + * about failure. + */ + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) + strcpy(default_realm, KRB_REALM); + + /* + * If we can reach the local realm, initialize to it. Otherwise, + * don't initialize. + */ + if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) + bzero(krbrlm, sizeof(krbrlm)); + else + strcpy(krbrlm, default_realm); + + while ((c = getopt(argc, argv, OPTION_STRING)) != EOF) + switch (c) { + case 'u': + strncpy(myname, optarg, sizeof(myname) - 1); + break; + case 'r': + bzero(default_realm, sizeof(default_realm)); + strncpy(default_realm, optarg, sizeof(default_realm) - 1); + break; +#ifndef NO_MULTIPLE + case 'm': + multiple++; + break; +#endif + default: + usage(); + break; + } + if (optind < argc) + usage(); + if (!myname[0]) { + pw = getpwuid((int) getuid()); + if (!pw) { + fprintf(stderr, + "You aren't in the password file. Who are you?\n"); + exit(1); + } + (void) strcpy(myname, pw->pw_name); + } + inited = 1; + } +} + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif +extern int read_long_pw_string(); + +int +get_admin_password() +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ +#ifndef NO_MULTIPLE + CREDENTIALS c; + + if (multiple) { + /* If admin tickets exist and are valid, just exit. */ + bzero(&c, sizeof(c)); + if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) + /* + * If time is less than lifetime - FUDGE_VALUE after issue date, + * tickets will probably last long enough for the next + * transaction. + */ + if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) + return(KADM_SUCCESS); + ticket_life = DEFAULT_TKT_LIFE; + } +#endif + + if (princ_exists(myname, "admin", krbrlm) != PE_NO) { + if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1, + "Admin password:", 0)) { + fprintf(stderr, "Error reading admin password.\n"); + goto bad; + } + status = krb_get_pw_in_tkt(myname, "admin", krbrlm, PWSERV_NAME, + KADM_SINST, ticket_life, admin_passwd); + bzero(admin_passwd, sizeof(admin_passwd)); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s.admin@%s does not exist.\n", myname, krbrlm); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + + bad: + bzero(admin_passwd, sizeof(admin_passwd)); + (void) dest_tkt(); + return(BAD_PW); +} + +void +clean_up() +{ + (void) dest_tkt(); + return; +} + +void +quit() +{ + printf("Cleaning up and exiting.\n"); + clean_up(); + exit(0); +} + +int +princ_exists(name, instance, realm) + char *name; + char *instance; + char *realm; +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +int +get_password(low, high, prompt, byteswap) +unsigned long *low, *high; +char *prompt; +int byteswap; +{ + char new_passwd[MAX_KPW_LEN]; /* new password */ + des_cblock newkey; + + do { + if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) + return(BAD_PW); + if (strlen(new_passwd) == 0) + printf("Null passwords are not allowed; try again.\n"); + } while (strlen(new_passwd) == 0); + +#ifdef NOENCRYPTION + bzero((char *) newkey, sizeof(newkey)); +#else + des_string_to_key(new_passwd, newkey); +#endif + bzero(new_passwd, sizeof(new_passwd)); + + bcopy((char *) newkey,(char *)low,4); + bcopy((char *)(((long *) newkey) + 1), (char *)high,4); + + bzero((char *) newkey, sizeof(newkey)); + +#ifdef NOENCRYPTION + *low = 1; +#endif + + if (byteswap != DONTSWAP) { + *low = htonl(*low); + *high = htonl(*high); + } + return(GOOD_PW); +} diff --git a/eBones/kadmin/kadmin_cmds.ct b/eBones/kadmin/kadmin_cmds.ct new file mode 100644 index 0000000..92d31fd --- /dev/null +++ b/eBones/kadmin/kadmin_cmds.ct @@ -0,0 +1,41 @@ +# $Source: /mit/kerberos/src/kadmin/RCS/kadmin_cmds.ct,v $ +# $Author: jtkohl $ +# $Header: /mit/kerberos/src/kadmin/RCS/kadmin_cmds.ct,v 4.1 89/07/25 17:02:28 jtkohl Exp $ +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Command table for Kerberos administration tool +# + command_table admin_cmds; + + request change_password, + "Change a user's password", + change_password, cpw; + + request change_admin_password, "Change your admin password", + change_admin_password, cap; + + request add_new_key, "Add new user to kerberos database", + add_new_key, ank; + + request get_entry, "Get entry from kerberos database", + get_entry, get; + + request clean_up, "Destroy admin tickets", + destroy_tickets, dest; + + request help,"Request help with this program", + help; + +# list_requests is generic -- unrelated to Kerberos + + request ss_list_requests, "List available requests.", + list_requests, lr, "?"; + + request quit, "Exit program.", + quit, exit, q; + + end; diff --git a/eBones/kadmind/HOW-TO b/eBones/kadmind/HOW-TO new file mode 100644 index 0000000..f41982a --- /dev/null +++ b/eBones/kadmind/HOW-TO @@ -0,0 +1,267 @@ +This directory was created from eBones by the following procedure: + +1) Get the files listed in the Makefile + +2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' + +3) Apply the patch listed below. + +diff -rc2 ../kadmind.orig/admin_server.c ./admin_server.c +*** ../kadmind.orig/admin_server.c Thu Jan 19 18:04:04 1995 +--- ./admin_server.c Thu Jan 19 21:58:51 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/admin_server.c,v $ +- * $Author: jtkohl $ +- * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * Top-level loop of the kerberos Administration server +--- 1,7 ---- + /* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * Top-level loop of the kerberos Administration server +*************** +*** 12,20 **** + + #ifndef lint + static char rcsid_admin_server_c[] = +! "$Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp $"; + #endif lint + +- #include <mit-copyright.h> + /* + admin_server.c +--- 9,20 ---- + + #ifndef lint ++ #if 0 + static char rcsid_admin_server_c[] = +! "Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; +! #endif +! static const char rcsid[] = +! "$Id"; + #endif lint + + /* + admin_server.c +*************** +*** 389,393 **** +--- 389,397 ---- + register int i, j; + ++ #ifdef POSIX ++ int status; ++ #else + union wait status; ++ #endif + + pid = wait(&status); +*************** +*** 400,406 **** + pidarray[j] = pidarray[j+1]; + pidarraysize--; +! if (status.w_retcode || status.w_coredump || status.w_termsig) + log("child %d: termsig %d, coredump %d, retcode %d", pid, +! status.w_termsig, status.w_coredump, status.w_retcode); + #ifdef POSIX + return; +--- 404,410 ---- + pidarray[j] = pidarray[j+1]; + pidarraysize--; +! if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) + log("child %d: termsig %d, coredump %d, retcode %d", pid, +! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); + #ifdef POSIX + return; +*************** +*** 410,414 **** + } + log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, +! status.w_termsig, status.w_coredump, status.w_retcode); + #ifdef POSIX + return; +--- 414,418 ---- + } + log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, +! WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); + #ifdef POSIX + return; +Only in .: admin_server.c~ +diff -rc2 ../kadmind.orig/kadm_funcs.c ./kadm_funcs.c +*** ../kadmind.orig/kadm_funcs.c Thu Jan 19 18:04:04 1995 +--- ./kadm_funcs.c Thu Jan 19 21:56:31 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_funcs.c,v $ +- * $Author: jon $ +- * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * Kerberos administration server-side database manipulation routines +--- 1,7 ---- + /* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT + * + * Kerberos administration server-side database manipulation routines +*************** +*** 12,20 **** + + #ifndef lint + static char rcsid_kadm_funcs_c[] = +! "$Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp $"; + #endif lint + +- #include <mit-copyright.h> + /* + kadm_funcs.c +--- 9,20 ---- + + #ifndef lint ++ #if 0 + static char rcsid_kadm_funcs_c[] = +! "Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; +! #endif +! static const char rcsid[] = +! "$Id$"; + #endif lint + + /* + kadm_funcs.c +Only in .: kadm_funcs.c~ +diff -rc2 ../kadmind.orig/kadm_ser_wrap.c ./kadm_ser_wrap.c +*** ../kadmind.orig/kadm_ser_wrap.c Thu Jan 19 18:04:04 1995 +--- ./kadm_ser_wrap.c Thu Jan 19 21:59:15 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v $ +- * $Author: jtkohl $ +- * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * Kerberos administration server-side support functions +--- 1,7 ---- + /* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * Kerberos administration server-side support functions +*************** +*** 16,20 **** + #endif lint + +- #include <mit-copyright.h> + /* + kadm_ser_wrap.c +--- 13,16 ---- +Only in .: kadm_ser_wrap.c~ +diff -rc2 ../kadmind.orig/kadm_server.c ./kadm_server.c +*** ../kadmind.orig/kadm_server.c Thu Jan 19 18:04:04 1995 +--- ./kadm_server.c Thu Jan 19 21:59:31 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v $ +- * $Author: jtkohl $ +- * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * Kerberos administration server-side subroutines +--- 1,7 ---- + /* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * Kerberos administration server-side subroutines +*************** +*** 15,20 **** + "Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; + #endif lint +- +- #include <mit-copyright.h> + + #include <kadm.h> +--- 12,15 ---- +Only in .: kadm_server.c~ +diff -rc2 ../kadmind.orig/kadm_server.h ./kadm_server.h +*** ../kadmind.orig/kadm_server.h Thu Jan 19 18:04:05 1995 +--- ./kadm_server.h Thu Jan 19 18:06:36 1995 +*************** +*** 7,11 **** + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * Definitions for Kerberos administration server & client +--- 7,11 ---- + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * Definitions for Kerberos administration server & client +*************** +*** 15,19 **** + #define KADM_SERVER_DEFS + +- #include <mit-copyright.h> + /* + * kadm_server.h +--- 15,18 ---- +*************** +*** 25,30 **** + + #include <sys/types.h> +! #include <krb.h> +! #include <des.h> + + typedef struct { +--- 24,29 ---- + + #include <sys/types.h> +! #include <kerberosIV/krb.h> +! #include <kerberosIV/des.h> + + typedef struct { +*************** +*** 43,49 **** + + /* the default syslog file */ +! #define KADM_SYSLOG "/kerberos/admin_server.syslog" + +! #define DEFAULT_ACL_DIR "/kerberos" + #define ADD_ACL_FILE "/admin_acl.add" + #define GET_ACL_FILE "/admin_acl.get" +--- 42,48 ---- + + /* the default syslog file */ +! #define KADM_SYSLOG "/var/log/kadmind.syslog" + +! #define DEFAULT_ACL_DIR "/etc/kerberosIV" + #define ADD_ACL_FILE "/admin_acl.add" + #define GET_ACL_FILE "/admin_acl.get" diff --git a/eBones/kadmind/Makefile b/eBones/kadmind/Makefile new file mode 100644 index 0000000..77069be --- /dev/null +++ b/eBones/kadmind/Makefile @@ -0,0 +1,11 @@ +# $Id$ + +PROG= kadmind +SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c +CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \ + -I${.CURDIR}/../libkadm -I${KADMOBJDIR} +LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ + -L${DESOBJDIR} -ldes -L${ACLOBJDIR} -lacl -lcom_err +NOMAN= # man page in ../man + +.include <bsd.prog.mk> diff --git a/eBones/kadmind/admin_server.c b/eBones/kadmind/admin_server.c new file mode 100644 index 0000000..ce36eb6 --- /dev/null +++ b/eBones/kadmind/admin_server.c @@ -0,0 +1,457 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Top-level loop of the kerberos Administration server + */ + +#ifndef lint +#if 0 +static char rcsid_admin_server_c[] = +"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id"; +#endif lint + +/* + admin_server.c + this holds the main loop and initialization and cleanup code for the server +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <signal.h> +#ifndef sigmask +#define sigmask(m) (1 <<((m)-1)) +#endif +#include <sys/wait.h> +#include <errno.h> +#include <sys/socket.h> +#include <syslog.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +/* Almost all procs and such need this, so it is global */ +admin_params prm; /* The command line parameters struct */ + +char prog[32]; /* WHY IS THIS NEEDED??????? */ +char *progname = prog; +char *acldir = DEFAULT_ACL_DIR; +char krbrlm[REALM_SZ]; +extern Kadm_Server server_parm; + +/* +** Main does the logical thing, it sets up the database and RPC interface, +** as well as handling the creation and maintenance of the syslog file... +*/ +main(argc, argv) /* admin_server main routine */ +int argc; +char *argv[]; +{ + int errval; + int c; + extern char *optarg; + + prog[sizeof(prog)-1]='\0'; /* Terminate... */ + (void) strncpy(prog, argv[0], sizeof(prog)-1); + + /* initialize the admin_params structure */ + prm.sysfile = KADM_SYSLOG; /* default file name */ + prm.inter = 1; + + bzero(krbrlm, sizeof(krbrlm)); + + while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) + switch(c) { + case 'f': /* Syslog file name change */ + prm.sysfile = optarg; + break; + case 'n': + prm.inter = 0; + break; + case 'a': /* new acl directory */ + acldir = optarg; + break; + case 'd': + /* put code to deal with alt database place */ + if (errval = kerb_db_set_name(optarg)) { + fprintf(stderr, "opening database %s: %s", + optarg, error_message(errval)); + exit(1); + } + break; + case 'r': + (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + break; + case 'h': /* get help on using admin_server */ + default: + printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); + exit(-1); /* failure */ + } + + if (krbrlm[0] == 0) + if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { + fprintf(stderr, + "Unable to get local realm. Fix krb.conf or use -r.\n"); + exit(1); + } + + printf("KADM Server %s initializing\n",KADM_VERSTR); + printf("Please do not use 'kill -9' to kill this job, use a\n"); + printf("regular kill instead\n\n"); + + set_logfile(prm.sysfile); + log("Admin server starting"); + + (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); + errval = kerb_init(); /* Open the Kerberos database */ + if (errval) { + fprintf(stderr, "error: kerb_init() failed"); + close_syslog(); + byebye(); + } + /* set up the server_parm struct */ + if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + kerb_fini(); /* Close the Kerberos database-- + will re-open later */ + errval = kadm_listen(); /* listen for calls to server from + clients */ + } + if (errval != KADM_SUCCESS) { + fprintf(stderr,"error: %s\n",error_message(errval)); + kerb_fini(); /* Close if error */ + } + close_syslog(); /* Close syslog file, print + closing note */ + byebye(); /* Say bye bye on the terminal + in use */ +} /* procedure main */ + + +/* close the system log file */ +close_syslog() +{ + log("Shutting down admin server"); +} + +byebye() /* say goodnight gracie */ +{ + printf("Admin Server (kadm server) has completed operation.\n"); +} + +static clear_secrets() +{ + bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); + bzero((char *)server_parm.master_key_schedule, + sizeof(server_parm.master_key_schedule)); + server_parm.master_key_version = 0L; + return; +} + +static exit_now = 0; + +sigtype +doexit() +{ + exit_now = 1; +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +unsigned pidarraysize = 0; +int *pidarray = (int *)0; + +/* +kadm_listen +listen on the admin servers port for a request +*/ +kadm_listen() +{ + extern int errno; + int found; + int admin_fd; + int peer_fd; + fd_set mask, readfds; + struct sockaddr_in peer; + int addrlen; + void process_client(), kill_children(); + int pid; + sigtype do_child(); + + (void) signal(SIGINT, doexit); + (void) signal(SIGTERM, doexit); + (void) signal(SIGHUP, doexit); + (void) signal(SIGQUIT, doexit); + (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ + (void) signal(SIGALRM, doexit); + (void) signal(SIGCHLD, do_child); + + if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + return KADM_NO_SOCK; + if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, + sizeof(struct sockaddr_in)) < 0) + return KADM_NO_BIND; + (void) listen(admin_fd, 1); + FD_ZERO(&mask); + FD_SET(admin_fd, &mask); + + for (;;) { /* loop nearly forever */ + if (exit_now) { + clear_secrets(); + kill_children(); + return(0); + } + readfds = mask; + if ((found = select(admin_fd+1,&readfds,(fd_set *)0, + (fd_set *)0, (struct timeval *)0)) == 0) + continue; /* no things read */ + if (found < 0) { + if (errno != EINTR) + log("select: %s",error_message(errno)); + continue; + } + if (FD_ISSET(admin_fd, &readfds)) { + /* accept the conn */ + addrlen = sizeof(peer); + if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, + &addrlen)) < 0) { + log("accept: %s",error_message(errno)); + continue; + } + addrlen = sizeof(server_parm.admin_addr); + if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, + &addrlen)) { + log("getsockname: %s",error_message(errno)); + continue; + } +#ifdef DEBUG + printf("Connection recieved on %s\n", + inet_ntoa(server_parm.admin_addr.sin_addr)); +#endif /* DEBUG */ +#ifndef DEBUG + /* if you want a sep daemon for each server */ + if (pid = fork()) { + /* parent */ + if (pid < 0) { + log("fork: %s",error_message(errno)); + (void) close(peer_fd); + continue; + } + /* fork succeded: keep tabs on child */ + (void) close(peer_fd); + if (pidarray) { + pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); + pidarray[pidarraysize-1] = pid; + } else { + pidarray = (int *)malloc(pidarraysize = 1); + pidarray[0] = pid; + } + } else { + /* child */ + (void) close(admin_fd); +#endif /* DEBUG */ + /* do stuff */ + process_client (peer_fd, &peer); +#ifndef DEBUG + } +#endif + } else { + log("something else woke me up!"); + return(0); + } + } + /*NOTREACHED*/ +} + +#ifdef DEBUG +#define cleanexit(code) {kerb_fini(); return;} +#endif + +void +process_client(fd, who) +int fd; +struct sockaddr_in *who; +{ + u_char *dat; + int dat_len; + u_short dlen; + int retval; + int on = 1; + Principal service; + des_cblock skey; + int more; + int status; + + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + log("setsockopt keepalive: %d",errno); + + server_parm.recv_addr = *who; + + if (kerb_init()) { /* Open as client */ + log("can't open krb db"); + cleanexit(1); + } + /* need to set service key to changepw.KRB_MASTER */ + + status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, + 1, &more); + if (status == -1) { + /* db locked */ + u_long retcode = KADM_DB_INUSE; + char *pdat; + + dat_len = KADM_VERSIZE + sizeof(u_long); + dat = (u_char *) malloc((unsigned)dat_len); + pdat = (char *) dat; + retcode = htonl((u_long) KADM_DB_INUSE); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + goto out; + } else if (!status) { + log("no service %s.%s",server_parm.sname, server_parm.sinst); + cleanexit(2); + } + + bcopy((char *)&service.key_low, (char *)skey, 4); + bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); + bzero((char *)&service, sizeof(service)); + kdb_encrypt_key (skey, skey, server_parm.master_key, + server_parm.master_key_schedule, DECRYPT); + (void) krb_set_key((char *)skey, 0); /* if error, will show up when + rd_req fails */ + bzero((char *)skey, sizeof(skey)); + + while (1) { + if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != + sizeof(u_short)) { + if (retval < 0) + log("dlen read: %s",error_message(errno)); + else if (retval) + log("short dlen read: %d",retval); + (void) close(fd); + cleanexit(retval ? 3 : 0); + } + if (exit_now) { + cleanexit(0); + } + dat_len = (int) ntohs(dlen); + dat = (u_char *) malloc((unsigned)dat_len); + if (!dat) { + log("malloc: No memory"); + (void) close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { + if (retval < 0) + log("data read: %s",error_message(errno)); + else + log("short read: %d vs. %d", dat_len, retval); + (void) close(fd); + cleanexit(5); + } + if (exit_now) { + cleanexit(0); + } + if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + log("processing request: %s", error_message(retval)); + + /* kadm_ser_in did the processing and returned stuff in + dat & dat_len , return the appropriate data */ + + out: + dlen = (u_short) dat_len; + + if (dat_len != (int)dlen) { + clear_secrets(); + abort(); /* XXX */ + } + dlen = htons(dlen); + + if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { + log("writing dlen to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(6); + } + + if (krb_net_write(fd, (char *)dat, dat_len) < 0) { + log(LOG_ERR, "writing to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(7); + } + free((char *)dat); + } + /*NOTREACHED*/ +} + +sigtype +do_child() +{ + /* SIGCHLD brings us here */ + int pid; + register int i, j; + +#ifdef POSIX + int status; +#else + union wait status; +#endif + + pid = wait(&status); + + for (i = 0; i < pidarraysize; i++) + if (pidarray[i] == pid) { + /* found it */ + for (j = i; j < pidarraysize-1; j++) + /* copy others down */ + pidarray[j] = pidarray[j+1]; + pidarraysize--; + if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) + log("child %d: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ + } + log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +#ifndef DEBUG +cleanexit(val) +{ + kerb_fini(); + clear_secrets(); + exit(val); +} +#endif + +void +kill_children() +{ + register int i; + int osigmask; + + osigmask = sigblock(sigmask(SIGCHLD)); + + for (i = 0; i < pidarraysize; i++) { + kill(pidarray[i], SIGINT); + log("killing child %d", pidarray[i]); + } + sigsetmask(osigmask); + return; +} diff --git a/eBones/kadmind/kadm_funcs.c b/eBones/kadmind/kadm_funcs.c new file mode 100644 index 0000000..9f06e30 --- /dev/null +++ b/eBones/kadmind/kadm_funcs.c @@ -0,0 +1,373 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT + * + * Kerberos administration server-side database manipulation routines + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_funcs_c[] = +"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_funcs.c,v 1.1 1995/01/20 03:12:55 wollman Exp $"; +#endif lint + +/* +kadm_funcs.c +the actual database manipulation code +*/ + +#include <sys/param.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +extern Kadm_Server server_parm; + +check_access(pname, pinst, prealm, acltype) +char *pname; +char *pinst; +char *prealm; +enum acl_types acltype; +{ + char checkname[MAX_K_NAME_SZ]; + char filename[MAXPATHLEN]; + extern char *acldir; + + (void) sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); + + switch (acltype) { + case ADDACL: + (void) sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); + break; + case GETACL: + (void) sprintf(filename, "%s%s", acldir, GET_ACL_FILE); + break; + case MODACL: + (void) sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); + break; + } + return(acl_check(filename, checkname)); +} + +int +wildcard(str) +char *str; +{ + if (!strcmp(str, WILDCARD_STR)) + return(1); + return(0); +} + +#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; +Kadm_vals *valsout; +{ + long numfound; /* check how many we get written */ + int more; /* pointer to more grabbed records */ + Principal data_i, data_o; /* temporary principal */ + u_char flags[4]; + des_cblock newpw; + Principal default_princ; + + if (!check_access(rname, rinstance, rrealm, ADDACL)) { + (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failadd(KADM_ILL_WILDCARD); + } + + (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound != 1) { + failadd(KADM_UK_RERROR); + } + + kadm_vals_to_prin(valsin->fields, &data_i, valsin); + (void) strncpy(data_i.name, valsin->name, ANAME_SZ); + (void) strncpy(data_i.instance, valsin->instance, INST_SZ); + + if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) + data_i.exp_date = default_princ.exp_date; + if (!IS_FIELD(KADM_ATTR,valsin->fields)) + data_i.attributes = default_princ.attributes; + if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) + data_i.max_life = default_princ.max_life; + + bzero((char *)&default_princ, sizeof(default_princ)); + + /* convert to host order */ + data_i.key_low = ntohl(data_i.key_low); + data_i.key_high = ntohl(data_i.key_high); + + + bcopy(&data_i.key_low,newpw,4); + bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_i.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + + data_o = data_i; + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_INUSE); + } else { + data_i.key_version++; + data_i.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); + (void) strncpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)-1); + + numfound = kerb_put_principal(&data_i, 1); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((numfound!=1) || (more!=0)) { + failadd(KADM_UK_RERROR); + } + bzero((char *)flags, sizeof(flags)); + SET_FIELD(KADM_NAME,flags); + SET_FIELD(KADM_INST,flags); + SET_FIELD(KADM_EXPDATE,flags); + SET_FIELD(KADM_ATTR,flags); + SET_FIELD(KADM_MAXLIFE,flags); + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' added.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } +} +#undef failadd + +#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; /* what they wannt to get */ +u_char *flags; /* which fields we want */ +Kadm_vals *valsout; /* what data is there */ +{ + long numfound; /* check how many were returned */ + int more; /* To point to more name.instances */ + Principal data_o; /* Data object to hold Principal */ + + + if (!check_access(rname, rinstance, rrealm, GETACL)) { + (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failget(KADM_ILL_WILDCARD); + } + + (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + /* Look up the record in the database */ + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failget(KADM_DB_INUSE); + } else if (numfound) { /* We got the record, let's return it */ + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } else { + failget(KADM_NOENTRY); /* Else whimper and moan */ + } +} +#undef failget + +#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } + +kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin1, *valsin2; /* holds the parameters being + passed in */ +Kadm_vals *valsout; /* the actual record which is returned */ +{ + long numfound; + int more; + Principal data_o, temp_key; + u_char fields[4]; + des_cblock newpw; + + if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { + failmod(KADM_ILL_WILDCARD); + } + + if (!check_access(rname, rinstance, rrealm, MODACL)) { + (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", + rname, rinstance, rrealm, valsin1->name, valsin1->instance); + return KADM_UNAUTH; + } + + (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", + valsin1->name, valsin1->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if (numfound == -1) { + failmod(KADM_DB_INUSE); + } else if (numfound) { + kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); + (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); + (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) + data_o.exp_date = temp_key.exp_date; + if (IS_FIELD(KADM_ATTR,valsin2->fields)) + data_o.attributes = temp_key.attributes; + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) + data_o.max_life = temp_key.max_life; + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + + + /* convert to host order */ + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + + + bcopy(&temp_key.key_low,newpw,4); + bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_o.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + } + bzero((char *)&temp_key, sizeof(temp_key)); + + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + + bzero((char *)&data_o, sizeof(data_o)); + + if (more == -1) { + failmod(KADM_DB_INUSE); + } else if (more) { + failmod(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if ((more!=0)||(numfound!=1)) { + failmod(KADM_UK_RERROR); + } + bzero((char *) fields, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } + else { + failmod(KADM_NOENTRY); + } +} +#undef failmod + +#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } + +kadm_change (rname, rinstance, rrealm, newpw) +char *rname; +char *rinstance; +char *rrealm; +des_cblock newpw; +{ + long numfound; + int more; + Principal data_o; + des_cblock local_pw; + + if (strcmp(server_parm.krbrlm, rrealm)) { + (void) log("change key request from wrong realm, '%s.%s@%s'!\n", + rname, rinstance, rrealm); + return(KADM_WRONG_REALM); + } + + if (wildcard(rname) || wildcard(rinstance)) { + failchange(KADM_ILL_WILDCARD); + } + (void) log("'%s.%s@%s' wants to change its password", + rname, rinstance, rrealm); + + bcopy(newpw, local_pw, sizeof(local_pw)); + + /* encrypt new key in master key */ + kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + + numfound = kerb_get_principal(rname, rinstance, + &data_o, 1, &more); + if (numfound == -1) { + failchange(KADM_DB_INUSE); + } else if (numfound) { + bcopy(local_pw,&data_o.key_low,4); + bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + bzero((char *) local_pw, sizeof(local_pw)); + bzero((char *) &data_o, sizeof(data_o)); + if (more == -1) { + failchange(KADM_DB_INUSE); + } else if (more) { + failchange(KADM_UK_SERROR); + } else { + (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); + return KADM_SUCCESS; + } + } + else { + failchange(KADM_NOENTRY); + } +} +#undef failchange diff --git a/eBones/kadmind/kadm_ser_wrap.c b/eBones/kadmind/kadm_ser_wrap.c new file mode 100644 index 0000000..23664d4 --- /dev/null +++ b/eBones/kadmind/kadm_ser_wrap.c @@ -0,0 +1,205 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side support functions + */ + +#ifndef lint +static char rcsid_module_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; +#endif lint + +/* +kadm_ser_wrap.c +unwraps wrapped packets and calls the appropriate server subroutine +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <netdb.h> +#include <sys/socket.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_err.h> +#include "kadm_server.h" + +Kadm_Server server_parm; + +/* +kadm_ser_init +set up the server_parm structure +*/ +kadm_ser_init(inter, realm) +int inter; /* interactive or from file */ +char realm[]; +{ + struct servent *sep; + struct hostent *hp; + char hostname[MAXHOSTNAMELEN]; + + (void) init_kadm_err_tbl(); + (void) init_krb_err_tbl(); + if (gethostname(hostname, sizeof(hostname))) + return KADM_NO_HOSTNAME; + + (void) strcpy(server_parm.sname, PWSERV_NAME); + (void) strcpy(server_parm.sinst, KRB_MASTER); + (void) strcpy(server_parm.krbrlm, realm); + + server_parm.admin_fd = -1; + /* setting up the addrs */ + if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) + return KADM_NO_SERV; + bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); + server_parm.admin_addr.sin_family = AF_INET; + if ((hp = gethostbyname(hostname)) == NULL) + return KADM_NO_HOSTNAME; + server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + server_parm.admin_addr.sin_port = sep->s_port; + /* setting up the database */ + if (kdb_get_master_key((inter==1),server_parm.master_key, + server_parm.master_key_schedule) != 0) + return KADM_NO_MAST; + if ((server_parm.master_key_version = + kdb_verify_master_key(server_parm.master_key, + server_parm.master_key_schedule,stderr))<0) + return KADM_NO_VERI; + return KADM_SUCCESS; +} + +static void errpkt(dat, dat_len, code) +u_char **dat; +int *dat_len; +int code; +{ + u_long retcode; + char *pdat; + + free((char *)*dat); /* free up req */ + *dat_len = KADM_VERSIZE + sizeof(u_long); + *dat = (u_char *) malloc((unsigned)*dat_len); + pdat = (char *) *dat; + retcode = htonl((u_long) code); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + return; +} + +/* +kadm_ser_in +unwrap the data stored in dat, process, and return it. +*/ +kadm_ser_in(dat,dat_len) +u_char **dat; +int *dat_len; +{ + u_char *in_st; /* pointer into the sent packet */ + int in_len,retc; /* where in packet we are, for + returns */ + u_long r_len; /* length of the actual packet */ + KTEXT_ST authent; /* the authenticator */ + AUTH_DAT ad; /* who is this, klink */ + u_long ncksum; /* checksum of encrypted data */ + des_key_schedule sess_sched; /* our schedule */ + MSG_DAT msg_st; + u_char *retdat, *tmpdat; + int retval, retlen; + + if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { + errpkt(dat, dat_len, KADM_BAD_VER); + return KADM_BAD_VER; + } + in_len = KADM_VERSIZE; + /* get the length */ + if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) + return KADM_LENGTH_ERROR; + in_len += retc; + authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); + bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); + authent.mbz = 0; + /* service key should be set before here */ + if (retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, + server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0)) + { + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + +#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} + + in_st = *dat + *dat_len - r_len; +#ifdef NOENCRYPTION + ncksum = 0; +#else + ncksum = quad_cksum(in_st, (u_long *)0, (long) r_len, 0, ad.session); +#endif + if (ncksum!=ad.checksum) { /* yow, are we correct yet */ + clr_cli_secrets(); + errpkt(dat, dat_len,KADM_BAD_CHK); + return KADM_BAD_CHK; + } +#ifdef NOENCRYPTION + bzero(sess_sched, sizeof(sess_sched)); +#else + des_key_sched(ad.session, sess_sched); +#endif + if (retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, + &server_parm.recv_addr, + &server_parm.admin_addr, &msg_st)) { + clr_cli_secrets(); + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + switch (msg_st.app_data[0]) { + case CHANGE_PW: + retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case ADD_ENT: + retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case GET_ENT: + retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case MOD_ENT: + retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + default: + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_OPCODE); + return KADM_NO_OPCODE; + } + /* Now seal the response back into a priv msg */ + free((char *)*dat); + tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + + sizeof(u_long))); + (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); + retval = htonl((u_long)retval); + bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); + if (retlen) { + bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), + retlen); + free((char *)retdat); + } + /* slop for mk_priv stuff */ + *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + + sizeof(u_long) + 200)); + if ((*dat_len = krb_mk_priv(tmpdat, *dat, + (u_long) (retlen + KADM_VERSIZE + + sizeof(u_long)), + sess_sched, + ad.session, &server_parm.admin_addr, + &server_parm.recv_addr)) < 0) { + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_ENCRYPT); + return KADM_NO_ENCRYPT; + } + clr_cli_secrets(); + return KADM_SUCCESS; +} diff --git a/eBones/kadmind/kadm_server.c b/eBones/kadmind/kadm_server.c new file mode 100644 index 0000000..25a58be --- /dev/null +++ b/eBones/kadmind/kadm_server.c @@ -0,0 +1,159 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side subroutines + */ + +#ifndef lint +static char rcsid_kadm_server_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; +#endif lint + +#include <kadm.h> +#include <kadm_err.h> + +/* +kadm_ser_cpw - the server side of the change_password routine + recieves : KTEXT, {key} + returns : CKSUM, RETCODE + acl : caller can change only own password + +Replaces the password (i.e. des key) of the caller with that specified in key. +Returns no actual data from the master server, since this is called by a user +*/ +kadm_ser_cpw(dat, len, ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + unsigned long keylow, keyhigh; + des_cblock newkey; + int stvlen; + + /* take key off the stream, and change the database */ + + if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) + return(KADM_LENGTH_ERROR); + if (stv_long(dat, &keylow, stvlen, len) < 0) + return(KADM_LENGTH_ERROR); + + keylow = ntohl(keylow); + keyhigh = ntohl(keyhigh); + bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); + bcopy((char *)&keylow, (char *)newkey, 4); + *datout = 0; + *outlen = 0; + + return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); +} + +/* +kadm_ser_add - the server side of the add_entry routine + recieves : KTEXT, {values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as alloc) + +Adds and entry containing values to the database +returns the values of the entry, so if you leave certain fields blank you will + be able to determine the default values they are set to +*/ +kadm_ser_add(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + int status; + + if ((status = stream_to_vals(dat, &values, len)) < 0) + return(KADM_LENGTH_ERROR); + if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, + &values, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_mod - the server side of the mod_entry routine + recieves : KTEXT, {values, values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as register or dealloc) + +Modifies all entries corresponding to the first values so they match the + second values. +returns the values for the changed entries +*/ +kadm_ser_mod(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals vals1, vals2, retvals; + int wh; + int status; + + if ((wh = stream_to_vals(dat, &vals1, len)) < 0) + return KADM_LENGTH_ERROR; + if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) + return KADM_LENGTH_ERROR; + if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, + &vals2, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_get + recieves : KTEXT, {values, flags} + returns : CKSUM, RETCODE, {count, values, values, values} + acl : su + +gets the fields requested by flags from all entries matching values +returns this data for each matching recipient, after a count of how many such + matches there were +*/ +kadm_ser_get(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + u_char fl[FLDSZ]; + int loop,wh; + int status; + + if ((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if (wh + FLDSZ > len) + return KADM_LENGTH_ERROR; + for (loop=FLDSZ-1; loop>=0; loop--) + fl[loop] = dat[wh++]; + if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, + &values, fl, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + diff --git a/eBones/kadmind/kadm_server.h b/eBones/kadmind/kadm_server.h new file mode 100644 index 0000000..33b1904 --- /dev/null +++ b/eBones/kadmind/kadm_server.h @@ -0,0 +1,51 @@ +/* + * $Source: /home/ncvs/src/eBones/kadmind/kadm_server.h,v $ + * $Author: wollman $ + * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +#include <sys/types.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + C_Block master_key; + C_Block session_key; + Key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +/* the default syslog file */ +#define KADM_SYSLOG "/var/log/kadmind.syslog" + +#define DEFAULT_ACL_DIR "/etc/kerberosIV" +#define ADD_ACL_FILE "/admin_acl.add" +#define GET_ACL_FILE "/admin_acl.get" +#define MOD_ACL_FILE "/admin_acl.mod" + +#endif KADM_SERVER_DEFS diff --git a/eBones/kadmind/kadmind.8 b/eBones/kadmind/kadmind.8 index 59075ee..1eb10d7 100644 --- a/eBones/kadmind/kadmind.8 +++ b/eBones/kadmind/kadmind.8 @@ -1,5 +1,5 @@ .\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $ +.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -95,19 +95,19 @@ in the database. A principal is always granted authorization to change its own password. .SH FILES .TP 20n -/kerberos/admin_server.syslog +/var/log/kadmind.syslog Default log file. .TP -/kerberos -Default access control list directory. +/etc/kerberosIV/admin_acl.{add,get,mod} +Access control list files .TP -admin_acl.{add,get,mod} -Access control list files (within the directory) +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -Default DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) diff --git a/eBones/kdb/krb_cache.c b/eBones/kdb/krb_cache.c index 4d8c594..8da1d7d 100644 --- a/eBones/kdb/krb_cache.c +++ b/eBones/kdb/krb_cache.c @@ -1,17 +1,17 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file * <Copyright.MIT>. * * This is where a cache would be implemented, if it were necessary. * * from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $ - * $Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $ + * $Id: krb_cache.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $"; +"$Id: krb_cache.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> @@ -34,7 +34,7 @@ extern long kerb_debug; static init = 0; /* - * initialization routine for cache + * initialization routine for cache */ int @@ -45,7 +45,7 @@ kerb_cache_init() } /* - * look up a principal in the cache returns number of principals found + * look up a principal in the cache returns number of principals found */ int @@ -66,7 +66,7 @@ kerb_cache_get_principal(serv, inst, principal, max) fprintf(stderr, "cache_get_principal for %s %s max = %d\n", serv, inst, max); #endif DEBUG - + #ifdef DEBUG if (kerb_debug & 2) { if (found) { @@ -83,7 +83,7 @@ kerb_cache_get_principal(serv, inst, principal, max) /* * insert/replace a principal in the cache returns number of principals - * inserted + * inserted */ int @@ -106,13 +106,13 @@ kerb_cache_put_principal(principal, max) max); } #endif - + for (i = 0; i < max; i++) { #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "\n %s %s", principal->name, principal->instance); -#endif +#endif /* DO IT */ count++; principal++; @@ -121,7 +121,7 @@ kerb_cache_put_principal(principal, max) } /* - * look up a dba in the cache returns number of dbas found + * look up a dba in the cache returns number of dbas found */ int @@ -158,7 +158,7 @@ kerb_cache_get_dba(serv, inst, dba, max) } /* - * insert/replace a dba in the cache returns number of dbas inserted + * insert/replace a dba in the cache returns number of dbas inserted */ int @@ -183,7 +183,7 @@ kerb_cache_put_dba(dba, max) if (kerb_debug & 2) fprintf(stderr, "\n %s %s", dba->name, dba->instance); -#endif +#endif /* DO IT */ count++; dba++; diff --git a/eBones/kdb/krb_dbm.c b/eBones/kdb/krb_dbm.c index 754dd68..8bc283b 100644 --- a/eBones/kdb/krb_dbm.c +++ b/eBones/kdb/krb_dbm.c @@ -1,15 +1,15 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $ - * $Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $ + * $Id: krb_dbm.c,v 1.2 1995/01/25 19:45:25 ache Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $"; +"$Id: krb_dbm.c,v 1.2 1995/01/25 19:45:25 ache Exp $"; #endif lint #if defined(__FreeBSD__) @@ -69,14 +69,14 @@ static int non_blocking = 0; /* * Locking: - * + * * There are two distinct locking protocols used. One is designed to * lock against processes (the admin_server, for one) which make * incremental changes to the database; the other is designed to lock * against utilities (kdb_util, kpropd) which replace the entire * database in one fell swoop. * - * The first locking protocol is implemented using flock() in the + * The first locking protocol is implemented using flock() in the * krb_dbl_lock() and krb_dbl_unlock routines. * * The second locking protocol is necessary because DBM "files" are @@ -93,12 +93,12 @@ static int non_blocking = 0; * either time, the reader sleeps for a second to let things * stabilize, and then tries again; if it does not succeed after * KERB_DB_MAX_RETRY attempts, it gives up. - * + * * On update, the semaphore file is deleted (if it exists) before any * update takes place; at the end of the update, it is replaced, with * a version number strictly greater than the version number which * existed at the start of the update. - * + * * If the system crashes in the middle of an update, the semaphore * file is not automatically created on reboot; this is a feature, not * a bug, since the database may be inconsistant. Note that the @@ -140,7 +140,7 @@ static char *gen_dbsuffix(db_name, sfx) char *sfx; { char *dbsuffix; - + if (sfx == NULL) sfx = ".ok"; @@ -162,7 +162,7 @@ kerb_db_init() /* * gracefully shut down database--must be called by ANY program that does - * a kerb_db_init + * a kerb_db_init */ kerb_db_fini() @@ -201,7 +201,7 @@ long kerb_get_db_age() struct stat st; char *okname; long age; - + okname = gen_dbsuffix(current_db_name, ".ok"); if (stat (okname, &st) < 0) @@ -226,7 +226,7 @@ static long kerb_start_update(db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); long age = kerb_get_db_age(); - + if (unlink(okname) < 0 && errno != ENOENT) { age = -1; @@ -243,7 +243,7 @@ static long kerb_end_update(db_name, age) int retval = 0; char *new_okname = gen_dbsuffix(db_name, ".ok#"); char *okname = gen_dbsuffix(db_name, ".ok"); - + fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); if (fd < 0) retval = errno; @@ -343,25 +343,39 @@ kerb_db_rename(from, to) char *from; char *to; { +#ifndef __FreeBSD__ char *fromdir = gen_dbsuffix (from, ".dir"); char *todir = gen_dbsuffix (to, ".dir"); char *frompag = gen_dbsuffix (from , ".pag"); char *topag = gen_dbsuffix (to, ".pag"); +#else + char *fromdb = gen_dbsuffix (from, ".db"); + char *todb = gen_dbsuffix (to, ".db"); +#endif char *fromok = gen_dbsuffix(from, ".ok"); long trans = kerb_start_update(to); int ok; - + +#ifndef __FreeBSD__ if ((rename (fromdir, todir) == 0) && (rename (frompag, topag) == 0)) { +#else + if (rename (fromdb, todb) == 0) { +#endif (void) unlink (fromok); ok = 1; } free (fromok); +#ifndef __FreeBSD__ free (fromdir); free (todir); free (frompag); free (topag); +#else + free(fromdb); + free(todb); +#endif if (ok) return kerb_end_update(to, trans); else @@ -370,7 +384,7 @@ kerb_db_rename(from, to) /* * look up a principal in the data base returns number of principals - * found , and whether there were more than requested. + * found , and whether there were more than requested. */ kerb_db_get_principal(name, inst, principal, max, more) @@ -613,7 +627,7 @@ delta_stat(a, b, c) /* * look up a dba in the data base returns number of dbas found , and - * whether there were more than requested. + * whether there were more than requested. */ kerb_db_get_dba(dba_name, dba_inst, dba, max, more) @@ -636,7 +650,7 @@ kerb_db_iterate (func, arg) Principal *principal; int code; DBM *db; - + kerb_db_init(); /* initialize and open the database */ if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) return code; @@ -687,7 +701,7 @@ static int kerb_dbl_lock(mode) int mode; { int flock_mode; - + if (!inited) kerb_dbl_init(); if (mylock) { /* Detect lock call when lock already @@ -709,8 +723,8 @@ static int kerb_dbl_lock(mode) } if (non_blocking) flock_mode |= LOCK_NB; - - if (flock(dblfd, flock_mode) < 0) + + if (flock(dblfd, flock_mode) < 0) return errno; mylock++; return 0; diff --git a/eBones/kdb/krb_kdb_utils.c b/eBones/kdb/krb_kdb_utils.c index 5fccc53..c283e0f 100644 --- a/eBones/kdb/krb_kdb_utils.c +++ b/eBones/kdb/krb_kdb_utils.c @@ -10,12 +10,12 @@ * Jon Rochlis, MIT Telecom, March 1988 * * from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $ - * $Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $ + * $Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $"; +"$Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <des.h> @@ -79,7 +79,7 @@ long kdb_verify_master_key (master_key, master_key_sched, out) n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, 1 /* only one please */, &more); if ((n != 1) || more) { - if (out != (FILE *) NULL) + if (out != (FILE *) NULL) fprintf(out, "verify_master_key: %s, %d found.\n", "Kerberos error on master key version lookup", @@ -96,11 +96,11 @@ long kdb_verify_master_key (master_key, master_key_sched, out) /* * now use the master key to decrypt the key in the db, had better - * be the same! + * be the same! */ bcopy(&principal_data[0].key_low, key_from_db, 4); bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4); - kdb_encrypt_key (key_from_db, key_from_db, + kdb_encrypt_key (key_from_db, key_from_db, master_key, master_key_sched, DECRYPT); /* the decrypted database key had better equal the master key */ diff --git a/eBones/kdb/krb_lib.c b/eBones/kdb/krb_lib.c index f0f1f6f..b90d1a5 100644 --- a/eBones/kdb/krb_lib.c +++ b/eBones/kdb/krb_lib.c @@ -1,16 +1,16 @@ /* - * $Source: /home/CVS/src/eBones/kdb/krb_lib.c,v $ - * $Author: g89r4222 $ + * $Source: /home/ncvs/src/eBones/kdb/krb_lib.c,v $ + * $Author: csgr $ * - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file - * <mit-copyright.h>. + * <mit-copyright.h>. */ #ifndef lint static char rcsid[] = -"$Id: krb_lib.c,v 1.2 1994/07/19 19:23:39 g89r4222 Exp $"; +"$Id: krb_lib.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> @@ -37,7 +37,7 @@ extern char *getenv(); static init = 0; /* - * initialization routine for data base + * initialization routine for data base */ int @@ -64,7 +64,7 @@ kerb_init() /* * finalization routine for database -- NOTE: MUST be called by any * program using kerb_init. ALSO will have to be modified to finalize - * caches, if they're ever really implemented. + * caches, if they're ever really implemented. */ int @@ -75,7 +75,7 @@ kerb_fini() /* * look up a principal in the cache or data base returns number of - * principals found + * principals found */ int @@ -99,10 +99,10 @@ kerb_get_principal(name, inst, principal, max, more) fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", progname, name, inst, max); #endif - + /* * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. + * since the cache may not be exhaustive. */ /* clear the principal area */ @@ -111,7 +111,7 @@ kerb_get_principal(name, inst, principal, max, more) #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. + * preceeded by a backslash. */ wild = 0; if (index(name, '*') || index(name, '?') || @@ -206,7 +206,7 @@ kerb_get_dba(name, inst, dba, max, more) #endif /* * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. + * since the cache may not be exhaustive. */ /* clear the dba area */ @@ -215,7 +215,7 @@ kerb_get_dba(name, inst, dba, max, more) #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. + * preceeded by a backslash. */ wild = 0; diff --git a/eBones/kdb/print_princ.c b/eBones/kdb/print_princ.c index 730cfb7..d04ca39 100644 --- a/eBones/kdb/print_princ.c +++ b/eBones/kdb/print_princ.c @@ -1,15 +1,15 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * from: $Header: /home/CVS/src/eBones/kdb/print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $ - * $Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $ + * from: $Header: /home/ncvs/src/eBones/kdb/print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ + * $Id: print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $"; +"$Id: print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> diff --git a/eBones/kdb_destroy/kdb_destroy.8 b/eBones/kdb_destroy/kdb_destroy.8 index 93db466..2e57876 100644 --- a/eBones/kdb_destroy/kdb_destroy.8 +++ b/eBones/kdb_destroy/kdb_destroy.8 @@ -1,5 +1,5 @@ .\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id: kdb_destroy.8,v 1.2 1994/07/19 19:27:26 g89r4222 Exp $ +.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -27,7 +27,10 @@ access permission error). The user aborted the deletion. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database +.TP +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .SH SEE ALSO kdb_init(8) diff --git a/eBones/kdb_destroy/kdb_destroy.c b/eBones/kdb_destroy/kdb_destroy.c index 0c45896..29c68a8 100644 --- a/eBones/kdb_destroy/kdb_destroy.c +++ b/eBones/kdb_destroy/kdb_destroy.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: kdb_destroy.c,v 4.0 89/01/24 21:49:02 jtkohl Exp $ - * $Id: kdb_destroy.c,v 1.2 1994/07/19 19:23:49 g89r4222 Exp $ + * $Id: kdb_destroy.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_destroy.c,v 1.2 1994/07/19 19:23:49 g89r4222 Exp $"; +"$Id: kdb_destroy.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <strings.h> @@ -22,12 +22,20 @@ main() char answer[10]; /* user input */ char dbm[256]; /* database path and name */ char dbm1[256]; /* database path and name */ +#ifndef __FreeBSD__ char *file1, *file2; /* database file names */ +#else + char *file; /* database file names */ +#endif strcpy(dbm, DBM_FILE); +#ifndef __FreeBSD__ strcpy(dbm1, DBM_FILE); file1 = strcat(dbm, ".dir"); file2 = strcat(dbm1, ".pag"); +#else + file = strcat(dbm, ".db"); +#endif printf("You are about to destroy the Kerberos database "); printf("on this machine.\n"); @@ -35,7 +43,11 @@ main() fgets(answer, sizeof(answer), stdin); if (answer[0] == 'y' || answer[0] == 'Y') { +#ifndef __FreeBSD__ if (unlink(file1) == 0 && unlink(file2) == 0) +#else + if (unlink(file) == 0) +#endif fprintf(stderr, "Database deleted at %s\n", DBM_FILE); else fprintf(stderr, "Database cannot be deleted at %s\n", diff --git a/eBones/kdb_edit/kdb_edit.8 b/eBones/kdb_edit/kdb_edit.8 index 1cfd6ed..b2630c5 100644 --- a/eBones/kdb_edit/kdb_edit.8 +++ b/eBones/kdb_edit/kdb_edit.8 @@ -1,5 +1,5 @@ .\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id: kdb_edit.8,v 1.2 1994/07/19 19:27:27 g89r4222 Exp $ +.\" $Id: kdb_edit.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -48,8 +48,11 @@ printed. The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/kdb_edit/kdb_edit.c b/eBones/kdb_edit/kdb_edit.c index 4c02db6..438317f 100644 --- a/eBones/kdb_edit/kdb_edit.c +++ b/eBones/kdb_edit/kdb_edit.c @@ -5,19 +5,19 @@ * <Copyright.MIT>. * * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. + * i.e., users or services. * * from: kdb_edit.c,v 4.2 90/01/09 16:05:09 raeburn Exp $ - * $Id: kdb_edit.c,v 1.3 1994/09/09 21:43:46 g89r4222 Exp $ + * $Id: kdb_edit.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ /* - * exit returns 0 ==> success -1 ==> error + * exit returns 0 ==> success -1 ==> error */ #ifndef lint static char rcsid[] = -"$Id: kdb_edit.c,v 1.3 1994/09/09 21:43:46 g89r4222 Exp $"; +"$Id: kdb_edit.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <stdio.h> @@ -158,7 +158,7 @@ main(argc, argv) #endif - if (kdb_get_master_key ((nflag == 0), + if (kdb_get_master_key ((nflag == 0), master_key, master_key_schedule) != 0) { fprintf (stdout, "Couldn't read master key.\n"); fflush (stdout); @@ -241,7 +241,7 @@ change_principal() if (!creating) { /* * copy the existing data so we can use the old values - * for the qualifier clause of the replace + * for the qualifier clause of the replace */ principal_data[i].old = (char *) &old_principal; bcopy(&principal_data[i], &old_principal, @@ -310,7 +310,7 @@ change_principal() } /* seal it under the kerberos master key */ - kdb_encrypt_key (new_key, new_key, + kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, ENCRYPT); bcopy(new_key, &principal_data[i].key_low, 4); @@ -398,7 +398,7 @@ change_principal() /* * remaining fields -- key versions and mod info, should - * not be directly manipulated + * not be directly manipulated */ if (changed) { if (kerb_put_principal(&principal_data[i], 1)) { diff --git a/eBones/kdb_init/kdb_init.8 b/eBones/kdb_init/kdb_init.8 index 54537ad..d884d00 100644 --- a/eBones/kdb_init/kdb_init.8 +++ b/eBones/kdb_init/kdb_init.8 @@ -1,5 +1,5 @@ .\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id: kdb_init.8,v 1.2 1994/07/19 19:27:29 g89r4222 Exp $ +.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -21,21 +21,25 @@ If the optional .I realm argument is not present, .I kdb_init -prompts for a realm name (defaulting to the definition in /usr/include/krb.h). +prompts for a realm name (defaulting to the definition in +/usr/include/kerberosIV/krb.h). After determining the realm to be created, it prompts for a master key password. The master key password is used to encrypt every encryption key stored in the database. .SH DIAGNOSTICS .TP 20n -"/kerberos/principal: File exists" +"/etc/kerberosIV/principal: File exists" An attempt was made to create a database on a machine which already had an existing database. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/usr/include/krb.h +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/usr/include/kerberosIV/krb.h Include file defining default realm .SH SEE ALSO kdb_destroy(8) diff --git a/eBones/kdb_init/kdb_init.c b/eBones/kdb_init/kdb_init.c index dc7055e..7a8e32f 100644 --- a/eBones/kdb_init/kdb_init.c +++ b/eBones/kdb_init/kdb_init.c @@ -1,18 +1,18 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * program to initialize the database, reports error if database file - * already exists. + * already exists. * * from: kdb_init.c,v 4.0 89/01/24 21:50:45 jtkohl Exp $ - * $Id: kdb_init.c,v 1.3 1994/09/24 14:04:17 g89r4222 Exp $ + * $Id: kdb_init.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_init.c,v 1.3 1994/09/24 14:04:17 g89r4222 Exp $"; +"$Id: kdb_init.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <stdio.h> @@ -44,7 +44,7 @@ main(argc, argv) char *cp; int code; char *database; - + progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; if (argc > 3) { @@ -96,7 +96,7 @@ main(argc, argv) add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) || add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) || add_principal("krbtgt", realm, RANDOM_KEY) || - add_principal("changepw", KRB_MASTER, RANDOM_KEY) + add_principal("changepw", KRB_MASTER, RANDOM_KEY) ) { fprintf(stderr, "\n%s: couldn't initialize database.\n", progname); @@ -169,7 +169,7 @@ add_principal(name, instance, aap_op) principal.old = 0; kerb_db_put_principal(&principal, 1); - + /* let's play it safe */ bzero (new_key, sizeof (C_Block)); bzero (&principal.key_low, 4); diff --git a/eBones/kdb_util/kdb_util.8 b/eBones/kdb_util/kdb_util.8 index 30a3b9f..4183ef3 100644 --- a/eBones/kdb_util/kdb_util.8 +++ b/eBones/kdb_util/kdb_util.8 @@ -1,5 +1,5 @@ .\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.2 1994/07/19 19:27:30 g89r4222 Exp $ +.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -56,9 +56,9 @@ is encrypted using the new format (encrypted directly with master key). The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -.IR filename .ok +.IR filename .dump_ok semaphore file created by .IR slave_dump. diff --git a/eBones/kdb_util/kdb_util.c b/eBones/kdb_util/kdb_util.c index 8465b5b..7bc8559 100644 --- a/eBones/kdb_util/kdb_util.c +++ b/eBones/kdb_util/kdb_util.c @@ -7,17 +7,17 @@ * dump a kerberos database to an ascii readable file and load this * file into the database. Read locking of the database is done during a * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. + * should happen with other processes shutdown. * * Written July 9, 1987 by Jeffrey I. Schiller * * from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $ - * $Id: kdb_util.c,v 1.3 1994/09/24 14:04:21 g89r4222 Exp $ + * $Id: kdb_util.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_util.c,v 1.3 1994/09/24 14:04:21 g89r4222 Exp $"; +"$Id: kdb_util.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> @@ -62,7 +62,7 @@ main(argc, argv) char *db_name; progname = prog; - + if (argc != 3 && argc != 4) { fprintf(stderr, "Usage: %s operation file-name [database name].\n", argv[0]); @@ -77,7 +77,7 @@ main(argc, argv) perror("Can't open database"); exit(1); } - + if (!strcmp(argv[1], "load")) op = OP_LOAD; else if (!strcmp(argv[1], "dump")) @@ -134,7 +134,7 @@ main(argc, argv) break; case OP_CONVERT_OLD_DB: convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); break; } exit(0); @@ -148,7 +148,7 @@ clear_secrets () bzero((char *)new_master_key_schedule, sizeof (Key_schedule)); } -/* cv_key is a procedure which takes a principle and changes its key, +/* cv_key is a procedure which takes a principle and changes its key, either for a new method of encrypting the keys, or a new master key. if cv_key is null no transformation of key is done (other than net byte order). */ @@ -163,7 +163,7 @@ static int dump_db_1(arg, principal) Principal *principal; { /* replace null strings with "*" */ struct callback_args *a = (struct callback_args *)arg; - + if (principal->instance[0] == '\0') { principal->instance[0] = '*'; principal->instance[1] = '\0'; @@ -205,7 +205,7 @@ dump_db (db_file, output_file, cv_key) a.cv_key = cv_key; a.output_file = output_file; - + kerb_db_iterate (dump_db_1, (char *)&a); return fflush(output_file); } @@ -432,7 +432,7 @@ convert_old_format_db (db_file, out) /* * now use the master key to decrypt (old style) the key in the db, had better - * be the same! + * be the same! */ bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4); bcopy((char *)&principal_data[0].key_high, @@ -451,7 +451,7 @@ convert_old_format_db (db_file, out) fprintf(stderr, "does not match database.\n"); exit (-1); } - + fprintf(stderr, "Master key verified.\n"); (void) fflush(stderr); @@ -468,14 +468,14 @@ register char *cp; int local; zaptime(&tp); /* clear out the struct */ - + if (strlen(cp) > 10) { /* new format */ (void) strncpy(wbuf, cp, 4); wbuf[4] = 0; tp.tm_year = atoi(wbuf); cp += 4; /* step over the year */ local = 0; /* GMT */ - } else { /* old format: local time, + } else { /* old format: local time, year is 2 digits, assuming 19xx */ wbuf[0] = *cp++; wbuf[1] = *cp++; @@ -492,11 +492,11 @@ register char *cp; wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_mday = atoi(wbuf); - + wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_hour = atoi(wbuf); - + wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_min = atoi(wbuf); diff --git a/eBones/kdestroy/kdestroy.c b/eBones/kdestroy/kdestroy.c index f010fcd..8a7cbb7 100644 --- a/eBones/kdestroy/kdestroy.c +++ b/eBones/kdestroy/kdestroy.c @@ -1,21 +1,21 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * This program causes Kerberos tickets to be destroyed. - * Options are: + * Options are: * * -q[uiet] - no bell even if tickets not destroyed - * -f[orce] - no message printed at all + * -f[orce] - no message printed at all * * from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $ - * $Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $ + * $Id: kdestroy.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $"; +"$Id: kdestroy.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> diff --git a/eBones/kerberos/Makefile b/eBones/kerberos/Makefile index 7f36cf7..44853ef 100644 --- a/eBones/kerberos/Makefile +++ b/eBones/kerberos/Makefile @@ -1,9 +1,9 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.2 1994/07/19 19:24:22 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ PROG= kerberos SRCS= kerberos.c cr_err_reply.c -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include +CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes NOMAN= noman diff --git a/eBones/kerberos/cr_err_reply.c b/eBones/kerberos/cr_err_reply.c index 585fd03..c5178fe 100644 --- a/eBones/kerberos/cr_err_reply.c +++ b/eBones/kerberos/cr_err_reply.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: cr_err_reply.c,v 4.10 89/01/10 11:34:42 steiner Exp $ - * $Id: cr_err_reply.c,v 1.1 1994/07/19 19:24:24 g89r4222 Exp $ + * $Id: cr_err_reply.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: cr_err_reply.c,v 1.1 1994/07/19 19:24:24 g89r4222 Exp $"; +"$Id: cr_err_reply.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif /* lint */ #include <sys/types.h> @@ -30,28 +30,28 @@ extern int req_act_vno; /* this is defined in the kerberos * and an error string as arguments. Its return value is undefined. * * The packet is built in the following format: - * + * * type variable data * or constant * ---- ----------- ---- * * unsigned char req_ack_vno protocol version number - * + * * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * + * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order - * + * * string pname principal's name - * + * * string pinst principal's instance - * + * * string prealm principal's realm - * + * * unsigned long time_ws client's timestamp - * + * * unsigned long e error code - * + * * string e_string error text */ diff --git a/eBones/kerberos/kerberos.c b/eBones/kerberos/kerberos.c index b980577..a7f391c 100644 --- a/eBones/kerberos/kerberos.c +++ b/eBones/kerberos/kerberos.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: kerberos.c,v 4.19 89/11/01 17:18:07 qjb Exp $ - * $Id: kerberos.c,v 1.3 1994/09/09 21:43:51 g89r4222 Exp $ + * $Id: kerberos.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kerberos.c,v 1.3 1994/09/09 21:43:51 g89r4222 Exp $"; +"$Id: kerberos.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> @@ -97,7 +97,7 @@ static void hang(); */ static void usage() { - fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, + fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, " [-a max_age] [-l log_file] [-r realm]" ," [database_pathname]" ); @@ -160,7 +160,7 @@ main(argc, argv) break; case 'a': /* Set max age. */ - if (!isdigit(optarg[0])) + if (!isdigit(optarg[0])) usage(); max_age = atoi(optarg); if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { @@ -194,9 +194,9 @@ main(argc, argv) if (optind != argc) usage(); - + printf("Kerberos server starting\n"); - + if ((!nflag) && (max_age != -1)) printf("\tMaximum database age: %d seconds\n", max_age); if (pause_int != -1) @@ -205,12 +205,12 @@ main(argc, argv) printf("\tSleep forever on error\n"); if (mflag) printf("\tMaster key will be entered manually\n"); - + printf("\tLog file is %s\n", lflag ? log_file : KRBLOG); if (lflag) kset_logfile(log_file); - + /* find our hostname, and use it as the instance */ if (gethostname(k_instance, INST_SZ)) { fprintf(stderr, "%s: gethostname error\n", progname); @@ -249,7 +249,7 @@ main(argc, argv) /* Make sure database isn't stale */ check_db_age(); - + /* setup master key */ if (kdb_get_master_key (mflag, master_key, master_key_schedule) != 0) { klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); @@ -449,7 +449,7 @@ kerberos(client, pkt) /* * get the user's key, unseal it from the server's key, and - * use it to seal the cipher + * use it to seal the cipher */ /* a_name_data.key_low a_name_data.key_high */ @@ -457,7 +457,7 @@ kerberos(client, pkt) bcopy(&a_name_data.key_high, ((long *) key) + 1, 4); /* unseal the a_name key from the master key */ - kdb_encrypt_key(key, key, master_key, + kdb_encrypt_key(key, key, master_key, master_key_schedule, DECRYPT); create_ciph(ciph, session_key, s_name_data.name, @@ -616,10 +616,10 @@ kerberos(client, pkt) /* - * setup_disc + * setup_disc * * disconnect all descriptors, remove ourself from the process - * group that spawned us. + * group that spawned us. */ setup_disc() @@ -648,7 +648,7 @@ setup_disc() /* * kerb_er_reply creates an error reply packet and sends it to the - * client. + * client. */ kerb_err_reply(client, pkt, err, string) @@ -680,7 +680,7 @@ kerb_err_reply(client, pkt, err, string) static void check_db_age() { long age; - + if (max_age != -1) { /* Requires existance of kerb_get_db_age() */ gettimeofday(&kerb_time, 0); @@ -712,16 +712,16 @@ check_princ(p_name, instance, lifetime, p) klog(L_ALL_REQ, "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d", p_name, instance, lifetime, n, 0); - + if (n < 0) { lt = klog(L_KRB_PERR, "Database unavailable!"); hang(); } - + /* * if more than one p_name, pick one, randomly create a session key, * compute maximum lifetime, lookup authorizations if applicable, - * and stuff into cipher. + * and stuff into cipher. */ if (n == 0) { /* service unknown, log error, skip to next request */ diff --git a/eBones/kinit/kinit.c b/eBones/kinit/kinit.c index 94ce0fe..9f531d1 100644 --- a/eBones/kinit/kinit.c +++ b/eBones/kinit/kinit.c @@ -1,13 +1,13 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Routine to initialize user to Kerberos. Prompts optionally for * user, instance and realm. Authenticates user and gets a ticket - * for the Kerberos ticket-granting service for future use. + * for the Kerberos ticket-granting service for future use. * - * Options are: + * Options are: * * -i[instance] * -r[realm] @@ -15,12 +15,12 @@ * -l[ifetime] * * from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $ - * $Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $ + * $Id: kinit.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $"; +"$Id: kinit.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $"; #endif lint #include <stdio.h> @@ -151,7 +151,7 @@ main(argc, argv) strncpy(aname, pwd->pw_name, sizeof(aname)); } } - + if (!*aname) exit(0); if (!k_isname(aname)) { diff --git a/eBones/klist/klist.1 b/eBones/klist/klist.1 index a66e668..af7e31a 100644 --- a/eBones/klist/klist.1 +++ b/eBones/klist/klist.1 @@ -1,5 +1,5 @@ .\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.2 1994/07/19 19:27:38 g89r4222 Exp $ +.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -65,16 +65,16 @@ keys contained therein are printed. If no file is specified with a .B \-file option, the default is -.IR /etc/srvtab . +.IR /etc/kerberosIV/srvtab . .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm .TP /tmp/tkt[uid] as the default ticket file ([uid] is the decimal UID of the user). .TP -/etc/srvtab +/etc/kerberosIV/srvtab as the default service key file .SH SEE ALSO .PP diff --git a/eBones/klist/klist.c b/eBones/klist/klist.c index 4a95bc0..bfc3aa0 100644 --- a/eBones/klist/klist.c +++ b/eBones/klist/klist.c @@ -1,18 +1,18 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Lists your current Kerberos tickets. * Written by Bill Sommerfeld, MIT Project Athena. * * from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $ - * $Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $ + * $Id: klist.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $"; +"$Id: klist.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $"; #endif lint #include <stdio.h> @@ -97,11 +97,11 @@ int tgt_test, long_form; if (long_form) printf("Ticket file: %s\n", file); - /* - * Since krb_get_tf_realm will return a ticket_file error, + /* + * Since krb_get_tf_realm will return a ticket_file error, * we will call tf_init and tf_close first to filter out - * things like no ticket file. Otherwise, the error that - * the user would see would be + * things like no ticket file. Otherwise, the error that + * the user would see would be * klist: can't find realm of ticket file: No ticket file (tf_util) * instead of * klist: No ticket file (tf_util) @@ -116,7 +116,7 @@ int tgt_test, long_form; /* Close ticket file */ (void) tf_close(); - /* + /* * We must find the realm of the ticket file here before calling * tf_init because since the realm of the ticket file is not * really stored in the principal section of the file, the @@ -143,13 +143,13 @@ int tgt_test, long_form; exit(1); } - /* + /* * You may think that this is the obvious place to get the * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why + * routine to do this must open the ticket file. This is why * it was done before tf_init. */ - + if (!tgt_test && long_form) printf("Principal:\t%s%s%s%s%s\n\n", pname, (pinst[0] ? "." : ""), pinst, @@ -218,7 +218,7 @@ char *file; int count; printf("Server key file: %s\n", file); - + if ((stab = open(file, O_RDONLY, 0400)) < 0) { perror(file); exit(1); diff --git a/eBones/krb/Makefile b/eBones/krb/Makefile index 8336132..205b024 100644 --- a/eBones/krb/Makefile +++ b/eBones/krb/Makefile @@ -1,11 +1,11 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.4 1994/09/07 16:10:17 g89r4222 Exp $ +# $Id: Makefile,v 1.4 1995/01/20 01:12:19 wollman Exp $ LIB= krb SHLIB_MAJOR= 2 SHLIB_MINOR= 0 CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -I${.CURDIR}/../include -DBSD42 -SRCS= create_auth_reply.c create_ciph.c \ +SRCS= krb_err.c create_auth_reply.c create_ciph.c \ create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \ des_rw.c dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c \ get_admhst.c get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c \ @@ -20,12 +20,15 @@ SRCS= create_auth_reply.c create_ciph.c \ tkt_string.c util.c TDIR= ${.CURDIR}/.. -krb_err.et.c: ${COMPILE_ET} - (cd ${TDIR}/compile_et; make) - ${COMPILE_ET} ${.CURDIR}/krb_err.et -n +krb_err.c krb_err.h: krb_err.et + test -e krb_err.et || ln -s ${.CURDIR}/krb_err.et . + ${COMPILE_ET} krb_err.et +LDADD+= -lcom_err -beforedepend: krb_err.et.c - -CLEANFILES+= krb_err.et.c krb_err.h +beforeinstall: + -cd ${.OBJDIR}; cmp -s krb_err.h \ + ${DESTDIR}/usr/include/kerberosIV/krb_err.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 krb_err.h \ + ${DESTDIR}/usr/include/kerberosIV .include <bsd.lib.mk> diff --git a/eBones/krb/create_auth_reply.c b/eBones/krb/create_auth_reply.c index e47d4df..bfc3cfe 100644 --- a/eBones/krb/create_auth_reply.c +++ b/eBones/krb/create_auth_reply.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_auth_reply.c,v 4.10 89/01/13 17:47:38 steiner Exp $ - * $Id: create_auth_reply.c,v 1.2 1994/07/19 19:24:56 g89r4222 Exp $ + * $Id: create_auth_reply.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_auth_reply.c,v 1.2 1994/07/19 19:24:56 g89r4222 Exp $"; +"$Id: create_auth_reply.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -30,34 +30,34 @@ static char *rcsid = * must copy it elsewhere. * * The packet is built in the following format: - * + * * variable * type or constant data * ---- ----------- ---- - * + * * unsigned char KRB_PROT_VERSION protocol version number - * + * * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * + * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order - * + * * string pname principal's name - * + * * string pinst principal's instance - * + * * string prealm principal's realm - * + * * unsigned long time_ws client's timestamp - * + * * unsigned char n number of tickets - * + * * unsigned long x_date expiration date - * + * * unsigned char kvno master key version - * + * * short w_1 cipher length - * + * * --- cipher->dat cipher data */ diff --git a/eBones/krb/create_ciph.c b/eBones/krb/create_ciph.c index c3bc0db..634d371 100644 --- a/eBones/krb/create_ciph.c +++ b/eBones/krb/create_ciph.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_ciph.c,v 4.8 89/05/18 21:24:26 jis Exp $ - * $Id: create_ciph.c,v 1.2 1994/07/19 19:24:58 g89r4222 Exp $ + * $Id: create_ciph.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_ciph.c,v 1.2 1994/07/19 19:24:58 g89r4222 Exp $"; +"$Id: create_ciph.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -30,24 +30,24 @@ static char *rcsid = * variable * type or constant data * ---- ----------- ---- - * - * + * + * * 8 bytes session session key for client, service - * + * * string service service name - * + * * string instance service instance - * + * * string realm KDC realm - * + * * unsigned char life ticket lifetime - * + * * unsigned char kvno service key version number - * + * * unsigned char tkt->length length of following ticket - * + * * data tkt->dat ticket for service - * + * * 4 bytes kdc_time KDC's timestamp * * <=7 bytes null null pad to 8 byte multiple diff --git a/eBones/krb/create_death_packet.c b/eBones/krb/create_death_packet.c index f747d6b..080e8a8 100644 --- a/eBones/krb/create_death_packet.c +++ b/eBones/krb/create_death_packet.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_death_packet.c,v 4.9 89/01/17 16:05:59 rfrench Exp $ - * $Id: create_death_packet.c,v 1.2 1994/07/19 19:24:59 g89r4222 Exp $ + * $Id: create_death_packet.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_death_packet.c,v 1.2 1994/07/19 19:24:59 g89r4222 Exp $"; +"$Id: create_death_packet.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -32,12 +32,12 @@ static char *rcsid = * ---- ----------- ---- * * unsigned char KRB_PROT_VERSION protocol version number - * + * * unsigned char AUTH_MSG_DIE message type - * + * * [least significant HOST_BYTE_ORDER byte order of sender * bit of above field] - * + * * string a_name presumably, name of * principal sending killer * packet diff --git a/eBones/krb/create_ticket.c b/eBones/krb/create_ticket.c index 984d8e9..95d5ced 100644 --- a/eBones/krb/create_ticket.c +++ b/eBones/krb/create_ticket.c @@ -1,16 +1,16 @@ -/* +/* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * For copying and distribution information, please see the file * <Copyright.MIT>. * * from: create_ticket.c,v 4.11 89/03/22 14:43:23 jtkohl Exp $ - * $Id: create_ticket.c,v 1.2 1994/07/19 19:25:01 g89r4222 Exp $ + * $Id: create_ticket.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: create_ticket.c,v 1.2 1994/07/19 19:25:01 g89r4222 Exp $"; +"$Id: create_ticket.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -35,35 +35,35 @@ static char rcsid[] = * corresponding changes should also be made to that file. * * The packet is built in the following format: - * + * * variable * type or constant data * ---- ----------- ---- * * tkt->length length of ticket (multiple of 8 bytes) - * + * * tkt->dat: - * + * * unsigned char flags namely, HOST_BYTE_ORDER - * + * * string pname client's name - * + * * string pinstance client's instance - * + * * string prealm client's realm - * + * * 4 bytes paddress client's address - * + * * 8 bytes session session key - * + * * 1 byte life ticket lifetime - * + * * 4 bytes time_sec KDC timestamp - * + * * string sname service's name - * + * * string sinstance service's instance - * + * * <=7 bytes null null pad to 8 byte multiple * */ diff --git a/eBones/krb/des_rw.c b/eBones/krb/des_rw.c index c958355..e5acb39 100644 --- a/eBones/krb/des_rw.c +++ b/eBones/krb/des_rw.c @@ -11,7 +11,7 @@ * are met: * 1. Redistributions of source code must retain the entire comment, * including the above copyright notice, this list of conditions - * and the following disclaimer, verbatim, at the beginning of + * and the following disclaimer, verbatim, at the beginning of * the source file. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the @@ -35,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: des_rw.c,v 1.5 1994/09/24 18:54:41 g89r4222 Exp $ + * $Id: des_rw.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ /* @@ -61,11 +61,11 @@ * +--+--+--+--+--+--+--+--+ * | garbage | data | * | | - * +-----------------------+----> des_pcbc_encrypt() --> + * +-----------------------+----> des_pcbc_encrypt() --> * * (Note that the length field sent before the actual message specifies * the number of data bytes, not the length of the entire padded message. - * + * * When data is read, if the message received is longer than the number * of bytes requested, then the remaining bytes are stored until the * following call to des_read(). If the number of bytes received is @@ -160,7 +160,7 @@ int des_read(fd, buf, len) stored -= len; buff_ptr += len; return(len); - } else { + } else { if (stored) { bcopy(buff_ptr, buf, stored); nreturned = stored; @@ -184,11 +184,11 @@ int des_read(fd, buf, len) if(nread != pad_length) return(0); - des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr, + des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr, (msg_length < 8 ? 8 : msg_length), key_sched, (des_cblock*) &des_key, DES_DECRYPT); - + if(msg_length < 8) buff_ptr += (8 - msg_length); stored = msg_length; @@ -237,7 +237,7 @@ int des_write(fd, buf, len) for(i = 0 ; i < 8 ; i+= sizeof(long)) { rnd = random(); - bcopy(&rnd, garbage+i, + bcopy(&rnd, garbage+i, (i <= (8 - sizeof(long)))?sizeof(long):(8-i)); } bcopy(buf, garbage + 8 - len, len); @@ -253,7 +253,7 @@ int des_write(fd, buf, len) write_len = htonl(len); - if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len)) + if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len)) return(-1); if(write(fd, des_buff, pad_len) != pad_len) return(-1); diff --git a/eBones/krb/dest_tkt.c b/eBones/krb/dest_tkt.c index 17c7855..6a06454 100644 --- a/eBones/krb/dest_tkt.c +++ b/eBones/krb/dest_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: dest_tkt.c,v 4.9 89/10/02 16:23:07 jtkohl Exp $ - * $Id: dest_tkt.c,v 1.2 1994/07/19 19:25:07 g89r4222 Exp $ + * $Id: dest_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: dest_tkt.c,v 1.2 1994/07/19 19:25:07 g89r4222 Exp $"; +"$Id: dest_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -75,8 +75,8 @@ out: if (errno == ENOENT) return RET_TKFIL; else if (errno != 0) return KFAILURE; #ifdef TKT_SHMEM - /* - * handle the shared memory case + /* + * handle the shared memory case */ (void) strcpy(shmidname, file); (void) strcat(shmidname, ".shm"); diff --git a/eBones/krb/fgetst.c b/eBones/krb/fgetst.c index d938013..b855541 100644 --- a/eBones/krb/fgetst.c +++ b/eBones/krb/fgetst.c @@ -1,15 +1,15 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * from: fgetst.c,v 4.0 89/01/23 10:08:31 jtkohl Exp $ - * $Id: fgetst.c,v 1.2 1994/07/19 19:25:10 g89r4222 Exp $ + * $Id: fgetst.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: fgetst.c,v 1.2 1994/07/19 19:25:10 g89r4222 Exp $"; +"$Id: fgetst.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -20,7 +20,7 @@ static char rcsid[] = * until it reads a null byte. When finished, what has been read exists * in "s". If "count" characters were actually read, the last is changed * to a null, so the returned string is always null-terminated. fgetst - * returns the number of characters read, including the null terminator. + * returns the number of characters read, including the null terminator. */ fgetst(f, s, n) diff --git a/eBones/krb/get_ad_tkt.c b/eBones/krb/get_ad_tkt.c index d8e1283..1c14d3c 100644 --- a/eBones/krb/get_ad_tkt.c +++ b/eBones/krb/get_ad_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_ad_tkt.c,v 4.15 89/07/07 15:18:51 jtkohl Exp $ - * $Id: get_ad_tkt.c,v 1.2 1994/07/19 19:25:11 g89r4222 Exp $ + * $Id: get_ad_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_ad_tkt.c,v 1.2 1994/07/19 19:25:11 g89r4222 Exp $"; +"$Id: get_ad_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -55,7 +55,7 @@ unsigned long rep_err_code; * * TEXT original contents of authenticator+ticket * pkt->dat built in krb_mk_req call - * + * * 4 bytes time_ws always 0 (?) * char lifetime lifetime argument passed * string service service name argument @@ -106,12 +106,12 @@ get_ad_tkt(service,sinstance,realm,lifetime) /* * Look for the session key (and other stuff we don't need) - * in the ticket file for krbtgt.realm@lrealm where "realm" - * is the service's realm (passed in "realm" argument) and - * lrealm is the realm of our initial ticket. If we don't + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't * have this, we will try to get it. */ - + if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) { /* * If realm == lrealm, we have no hope, so let's not even try. @@ -119,20 +119,20 @@ get_ad_tkt(service,sinstance,realm,lifetime) if ((strncmp(realm, lrealm, REALM_SZ)) == 0) return(AD_NOTGT); else{ - if ((kerror = + if ((kerror = get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS) return(kerror); if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) return(kerror); } } - + /* * Make up a request packet to the "krbtgt.realm@lrealm". * Start by calling krb_mk_req() which puts ticket+authenticator * into "pkt". Then tack other stuff on the end. */ - + kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L); if (kerror) diff --git a/eBones/krb/get_cred.c b/eBones/krb/get_cred.c index baf7ae2..6eb63f6 100644 --- a/eBones/krb/get_cred.c +++ b/eBones/krb/get_cred.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_cred.c,v 4.10 89/05/31 17:46:22 jtkohl Exp $ - * $Id: get_cred.c,v 1.2 1994/07/19 19:25:14 g89r4222 Exp $ + * $Id: get_cred.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: get_cred.c,v 1.2 1994/07/19 19:25:14 g89r4222 Exp $"; +"$Id: get_cred.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -44,7 +44,7 @@ krb_get_cred(service,instance,realm,c) return (tf_status); /* Search for requested service credentials and copy into c */ - + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { /* Is this the right ticket? */ if ((strcmp(c->service,service) == 0) && diff --git a/eBones/krb/get_in_tkt.c b/eBones/krb/get_in_tkt.c index 5fb1560..00fc57a 100644 --- a/eBones/krb/get_in_tkt.c +++ b/eBones/krb/get_in_tkt.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_in_tkt.c,v 4.12 89/07/18 16:32:56 jtkohl Exp $ - * $Id: get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $ + * $Id: get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $"; +"$Id: get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -69,7 +69,7 @@ static int passwd_to_key(user,instance,realm,passwd,key) * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): * the name of a routine (passwd_to_key()) to be used to get the * password in case the "password" argument is null and NULL for the - * decryption procedure indicating that krb_get_in_tkt should use the + * decryption procedure indicating that krb_get_in_tkt should use the * default method of decrypting the response from the KDC. * * The result of the call to krb_get_in_tkt() is returned. @@ -86,8 +86,8 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) #ifdef NOENCRYPTION /* - * $Source: /home/CVS/src/eBones/krb/get_in_tkt.c,v $ - * $Author: g89r4222 $ + * $Source: /home/ncvs/src/eBones/krb/get_in_tkt.c,v $ + * $Author: csgr $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. @@ -102,7 +102,7 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) #ifndef lint static char rcsid_read_password_c[] = -"Bones$Header: /home/CVS/src/eBones/krb/get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $"; +"Bones$Header: /home/ncvs/src/eBones/krb/get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif lint #include <des.h> @@ -170,7 +170,7 @@ placebo_read_pw_string(s,max,prompt,verify) { int ok = 0; char *ptr; - + #ifdef BSDUNIX jmp_buf old_env; struct sgttyb tty_state; @@ -187,7 +187,7 @@ placebo_read_pw_string(s,max,prompt,verify) goto lose; /* save terminal state*/ - if (ioctl(0,TIOCGETP,&tty_state) == -1) + if (ioctl(0,TIOCGETP,&tty_state) == -1) return -1; push_signals(); diff --git a/eBones/krb/get_krbhst.c b/eBones/krb/get_krbhst.c index 16c4ff2..bb1ea50 100644 --- a/eBones/krb/get_krbhst.c +++ b/eBones/krb/get_krbhst.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_krbhst.c,v 4.8 89/01/22 20:00:29 rfrench Exp $ - * $Id: get_krbhst.c,v 1.2 1994/07/19 19:25:17 g89r4222 Exp $ + * $Id: get_krbhst.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: get_krbhst.c,v 1.2 1994/07/19 19:25:17 g89r4222 Exp $"; +"$Id: get_krbhst.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -33,7 +33,7 @@ static char *rcsid = * * The KRB_CONF file contains the name of the local realm in the first * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that + * entries. The words "admin server" following the hostname indicate that * the host provides an administrative database server. * * For example: diff --git a/eBones/krb/get_svc_in_tkt.c b/eBones/krb/get_svc_in_tkt.c index 6d9702f..0b0fe71 100644 --- a/eBones/krb/get_svc_in_tkt.c +++ b/eBones/krb/get_svc_in_tkt.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_svc_in_tkt.c,v 4.9 89/07/18 16:33:34 jtkohl Exp $ - * $Id: get_svc_in_tkt.c,v 1.2 1994/07/19 19:25:26 g89r4222 Exp $ + * $Id: get_svc_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_svc_in_tkt.c,v 1.2 1994/07/19 19:25:26 g89r4222 Exp $"; +"$Id: get_svc_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -57,7 +57,7 @@ static int srvtab_to_key(user, instance, realm, srvtab, key) * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), * plus two additional arguments: a pointer to the srvtab_to_key() * function to be used to get the key from the key file and a NULL - * for the decryption procedure indicating that krb_get_in_tkt should + * for the decryption procedure indicating that krb_get_in_tkt should * use the default method of decrypting the response from the KDC. * * It returns the return value of the krb_get_in_tkt() call. diff --git a/eBones/krb/get_tf_fullname.c b/eBones/krb/get_tf_fullname.c index 753ad1e..540e828 100644 --- a/eBones/krb/get_tf_fullname.c +++ b/eBones/krb/get_tf_fullname.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_tf_fullname.c,v 4.3 90/03/10 22:40:20 jon Exp $ - * $Id: get_tf_fullname.c,v 1.2 1994/07/19 19:25:28 g89r4222 Exp $ + * $Id: get_tf_fullname.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_tf_fullname.c,v 1.2 1994/07/19 19:25:28 g89r4222 Exp $"; +"$Id: get_tf_fullname.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -22,10 +22,10 @@ static char rcsid[] = */ /* - * krb_get_tf_fullname() takes four arguments: the name of the + * krb_get_tf_fullname() takes four arguments: the name of the * ticket file, and variables for name, instance, and realm to be - * returned in. Since the realm of a ticket file is not really fully - * supported, the realm used will be that of the the first ticket in + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in * the file as this is the one that was obtained with a password by * krb_get_in_tkt(). */ @@ -45,7 +45,7 @@ krb_get_tf_fullname(ticket_file, name, instance, realm) if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) return (tf_status); - + if (name) strcpy(name, c.pname); if (instance) @@ -59,8 +59,8 @@ krb_get_tf_fullname(ticket_file, name, instance, realm) return(KFAILURE); else return(tf_status); - } + } (void) tf_close(); - + return(tf_status); } diff --git a/eBones/krb/get_tf_realm.c b/eBones/krb/get_tf_realm.c index f405dcb..df2845e 100644 --- a/eBones/krb/get_tf_realm.c +++ b/eBones/krb/get_tf_realm.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_tf_realm.c,v 4.2 90/01/02 13:40:19 jtkohl Exp $ - * $Id: get_tf_realm.c,v 1.2 1994/07/19 19:25:30 g89r4222 Exp $ + * $Id: get_tf_realm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_tf_realm.c,v 1.2 1994/07/19 19:25:30 g89r4222 Exp $"; +"$Id: get_tf_realm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -21,9 +21,9 @@ static char rcsid[] = */ /* - * krb_get_tf_realm() takes two arguments: the name of a ticket + * krb_get_tf_realm() takes two arguments: the name of a ticket * and a variable to store the name of the realm in. - * + * */ krb_get_tf_realm(ticket_file, realm) diff --git a/eBones/krb/getrealm.c b/eBones/krb/getrealm.c index 96e9588..c850bd0 100644 --- a/eBones/krb/getrealm.c +++ b/eBones/krb/getrealm.c @@ -6,12 +6,12 @@ * routine to convert hostname into realm name. * * from: getrealm.c,v 4.6 90/01/02 13:35:56 jtkohl Exp $ - * $Id: getrealm.c,v 1.2 1994/07/19 19:25:31 g89r4222 Exp $ + * $Id: getrealm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: getrealm.c,v 1.2 1994/07/19 19:25:31 g89r4222 Exp $"; +"$Id: getrealm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif lint #include <strings.h> @@ -92,7 +92,7 @@ char *host; fclose(trans_file); return(ret_realm); } - if ((trans_host[0] == '.') && domain) { + if ((trans_host[0] == '.') && domain) { /* this is a domain match */ if (!strcasecmp(trans_host, domain)) { /* domain match, save for later */ diff --git a/eBones/krb/in_tkt.c b/eBones/krb/in_tkt.c index 53510da..5a05259 100644 --- a/eBones/krb/in_tkt.c +++ b/eBones/krb/in_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: kt.c,v 4.9 89/10/25 19:03:35 qjb Exp $ - * $Id: in_tkt.c,v 1.5 1994/09/24 14:30:09 g89r4222 Exp $ + * $Id: in_tkt.c,v 1.1.1.1 1994/09/30 14:50:01 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: in_tkt.c,v 1.5 1994/09/24 14:30:09 g89r4222 Exp $"; +"$Id: in_tkt.c,v 1.1.1.1 1994/09/30 14:50:01 csgr Exp $"; #endif /* lint */ #include <unistd.h> @@ -73,7 +73,7 @@ in_tkt(pname,pinst) (void) close(fd); goto out; } - + (void) fsync(fd); (void) close(fd); } diff --git a/eBones/krb/krb.3 b/eBones/krb/krb.3 index 208f034..98a720b 100644 --- a/eBones/krb/krb.3 +++ b/eBones/krb/krb.3 @@ -1,6 +1,6 @@ -.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $ -.\" $Author: bostic $ -.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $ +.\" $Source: /home/ncvs/src/eBones/man/krb.3,v $ +.\" $Author: rgrimes $ +.\" $Header: /home/ncvs/src/eBones/man/krb.3,v 1.1.1.1 1994/05/27 05:12:09 rgrimes Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -133,7 +133,7 @@ to the calling procedure. It is up to the application to get the authenticator to the service where it will be read by .I krb_rd_req. -Unless an attacker possesses the session key contained in the ticket, it +Unless an attacker posesses the session key contained in the ticket, it will be unable to modify the authenticator. Thus, the checksum can be used to verify the authenticity of the other data that will pass through a connection. @@ -171,15 +171,15 @@ particular problem encountered. See for the list of error codes. .PP If the last argument is the null string (""), krb_rd_req will use the -file /etc/srvtab to find its keys. If the last argument is NULL, it -will assume that the key has been set by +file /etc/kerberosIV/srvtab to find its keys. If the last argument is +NULL, it will assume that the key has been set by .I krb_set_key and will not bother looking further. .PP .I krb_kntoln converts a Kerberos name to a local name. It takes a structure of type AUTH_DAT and uses the name and instance to look in the database -/etc/aname to find the corresponding local name. The local name is +/etc/kerberosIV/aname to find the corresponding local name. The local name is returned and can be used by an application to change uids, directories, or other parameters. It is not an integral part of Kerberos, but is instead provided to support the use of Kerberos in existing utilities. diff --git a/eBones/krb/krb_get_in_tkt.c b/eBones/krb/krb_get_in_tkt.c index a37bb60..af92bc6 100644 --- a/eBones/krb/krb_get_in_tkt.c +++ b/eBones/krb/krb_get_in_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: der: krb_get_in_tkt.c,v 4.19 89/07/18 16:31:31 jtkohl Exp $ - * $Id: krb_get_in_tkt.c,v 1.2 1994/07/19 19:25:47 g89r4222 Exp $ + * $Id: krb_get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: krb_get_in_tkt.c,v 1.2 1994/07/19 19:25:47 g89r4222 Exp $"; +"$Id: krb_get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -48,16 +48,16 @@ static int decrypt_tkt(user, instance, realm, arg, key_proc, cipp) #ifndef NOENCRYPTION /* Attempt to decrypt it */ #endif - + /* generate a key */ - + { register int rc; rc = (*key_proc)(user,instance,realm,arg,key); if (rc) return(rc); } - + #ifndef NOENCRYPTION key_sched(key,key_s); pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat, @@ -259,7 +259,7 @@ krb_get_in_tkt(user, instance, realm, service, sinstance, life, kvno = (unsigned char) ptr[1]; tkt->length = (unsigned char) ptr[2]; ptr += 3; - + if ((tkt->length < 0) || ((tkt->length + (ptr - (char *) cip->dat)) > cip->length)) return(INTK_BADPW); diff --git a/eBones/krb/krb_realmofhost.3 b/eBones/krb/krb_realmofhost.3 index f284069..63aa1eb 100644 --- a/eBones/krb/krb_realmofhost.3 +++ b/eBones/krb/krb_realmofhost.3 @@ -1,5 +1,5 @@ .\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $ -.\" $Id: krb_realmofhost.3,v 1.2 1994/07/19 19:27:46 g89r4222 Exp $ +.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ krb_get_lrealm \- additional Kerberos utility routines .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .ft B @@ -48,7 +48,7 @@ int n; returns the Kerberos realm of the host .IR host , as determined by the translation table -.IR /etc/krb.realms . +.IR /etc/kerberosIV/krb.realms . .I host should be the fully-qualified domain-style primary host name of the host in question. In order to prevent certain security attacks, this routine @@ -96,7 +96,7 @@ with the hostname of the host running a Kerberos key distribution center (KDC) for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). The configuration file is described by .IR krb.conf (5). If the host is successfully filled in, the routine @@ -119,7 +119,7 @@ with the hostname of the host running a Kerberos KDC database administration server for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). If the file cannot be opened or is malformed, or there are fewer than .I n hosts running a Kerberos KDC database administration server, @@ -145,10 +145,10 @@ should be at least REALM_SZ (from kerberos(3), krb.conf(5), krb.realms(5) .SH FILES .TP 20n -/etc/krb.realms +/etc/kerberosIV/krb.realms translation file for host-to-realm mapping. .TP -/etc/krb.conf +/etc/kerberosIV/krb.conf local realm-name and realm/server configuration file. .SH BUGS The current convention for instance names is too limited; the full diff --git a/eBones/krb/krb_sendauth.3 b/eBones/krb/krb_sendauth.3 index f5e95b7..a749bb5 100644 --- a/eBones/krb/krb_sendauth.3 +++ b/eBones/krb/krb_sendauth.3 @@ -1,5 +1,5 @@ .\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.2 1994/07/19 19:27:47 g89r4222 Exp $ +.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1988 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ Kerberos routines for sending authentication via network stream sockets .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .fi @@ -295,7 +295,7 @@ function. If you set this argument to "", .I krb_rd_req looks for the service key in the file -.IR /etc/srvtab. +.IR /etc/kerberosIV/srvtab. If the client and server are performing mutual authenication, the @@ -345,4 +345,4 @@ John T. Kohl, MIT Project Athena .SH RESTRICTIONS Copyright 1988, Massachusetts Instititute of Technology. For copying and distribution information, -please see the file <mit-copyright.h>. +please see the file <Copyright.h>. diff --git a/eBones/krb/krb_set_tkt_string.3 b/eBones/krb/krb_set_tkt_string.3 index c9f3dcf..73b5e5d 100644 --- a/eBones/krb/krb_set_tkt_string.3 +++ b/eBones/krb/krb_set_tkt_string.3 @@ -1,5 +1,5 @@ .\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $ -.\" $Id: krb_set_tkt_string.3,v 1.2 1994/07/19 19:27:49 g89r4222 Exp $ +.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ krb_set_tkt_string \- set Kerberos ticket cache file name .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B void krb_set_tkt_string(filename) diff --git a/eBones/krb/kuserok.3 b/eBones/krb/kuserok.3 index 36968ba..c7581a6 100644 --- a/eBones/krb/kuserok.3 +++ b/eBones/krb/kuserok.3 @@ -1,5 +1,5 @@ .\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $ -.\" $Id: kuserok.3,v 1.2 1994/07/19 19:27:58 g89r4222 Exp $ +.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ kuserok \- Kerberos version of ruserok .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B kuserok(kdata, localuser) diff --git a/eBones/krb/kuserok.c b/eBones/krb/kuserok.c index cb1f708..404532d 100644 --- a/eBones/krb/kuserok.c +++ b/eBones/krb/kuserok.c @@ -7,12 +7,12 @@ * access to a local account * * from: kuserok.c,v 4.5 89/01/23 09:25:21 jtkohl Exp $ - * $Id: kuserok.c,v 1.2 1994/07/19 19:25:50 g89r4222 Exp $ + * $Id: kuserok.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kuserok.c,v 1.2 1994/07/19 19:25:50 g89r4222 Exp $"; +"$Id: kuserok.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif lint #include <krb.h> @@ -60,9 +60,9 @@ static char rcsid[] = * The parmtable defines the keywords we will recognize with their * default values, and keeps a pointer to the found value. The found * value should be filled in with strsave(), since FreeParameterSet() - * will release memory for all non-NULL found strings. + * will release memory for all non-NULL found strings. * -*** NOTE WELL! *** +*** NOTE WELL! *** * * The table below is very nice, but we cannot hard-code a default for the * realm: we have to get the realm via krb_get_lrealm(). Even though the @@ -70,7 +70,7 @@ static char rcsid[] = * kuserok to whatever krb_get_lrealm() tells us. That code assumes that * the realm will be the entry number in the table below, so if you * change the order of the entries below, you have to change the - * #definition of REALM_SCRIPT to reflect it. + * #definition of REALM_SCRIPT to reflect it. */ #define REALM_SUBSCRIPT 1 parmtable kparm[] = { @@ -113,7 +113,7 @@ kuserok(kdata, luser) * if he's trying to log in as himself, and there is no .klogin file, * let him. To find out, call * krb_kntoln to convert the triple in kdata to a name which we can - * string compare. + * string compare. */ if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) { return(OK); @@ -141,7 +141,7 @@ kuserok(kdata, luser) /* * change the default realm from the hard-coded value to the - * accepted realm that Kerberos specifies. + * accepted realm that Kerberos specifies. */ rc = krb_get_lrealm(local_realm, 1); if (rc == KSUCCESS) diff --git a/eBones/krb/mk_priv.c b/eBones/krb/mk_priv.c index 3bae4ed..3050cf4 100644 --- a/eBones/krb/mk_priv.c +++ b/eBones/krb/mk_priv.c @@ -16,12 +16,12 @@ * Steve Miller Project Athena MIT/DEC * * from: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $ - * $Id: mk_priv.c,v 1.2 1994/07/19 19:25:56 g89r4222 Exp $ + * $Id: mk_priv.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: mk_priv.c,v 1.2 1994/07/19 19:25:56 g89r4222 Exp $"; +"$Id: mk_priv.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -80,7 +80,7 @@ static long msg_time_sec; #ifndef NOENCRYPT * we encrypt from here with pcbc_encrypt #endif - * + * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds @@ -154,15 +154,15 @@ long krb_mk_priv(in,out,length,schedule,key,sender,receiver) * direction bit is the sign bit of the timestamp. Ok * until 2038?? */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ + receiver->sin_addr.s_addr)==-1) + msg_time_sec = -msg_time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) + if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) + msg_time_sec = -msg_time_sec; /* stuff time sec */ bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); p += sizeof(msg_time_sec); diff --git a/eBones/krb/mk_req.c b/eBones/krb/mk_req.c index bb0f097..fd31717 100644 --- a/eBones/krb/mk_req.c +++ b/eBones/krb/mk_req.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: der: mk_req.c,v 4.17 89/07/07 15:20:35 jtkohl Exp $ - * $Id: mk_req.c,v 1.2 1994/07/19 19:25:57 g89r4222 Exp $ + * $Id: mk_req.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: mk_req.c,v 1.2 1994/07/19 19:25:57 g89r4222 Exp $"; +"$Id: mk_req.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -95,14 +95,14 @@ krb_mk_req(authent,service,instance,realm,checksum) /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) printf("Realm: %s\n",realm); - /* + /* * Determine realm of these tickets. We will send this to the * KDC from which we are requesting tickets so it knows what to * with our session key. */ if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS) return(retval); - + retval = krb_get_cred(service,instance,realm,&cr); if (retval == RET_NOTKT) { @@ -177,10 +177,10 @@ krb_mk_req(authent,service,instance,realm,checksum) return(KSUCCESS); } -/* +/* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). - * + * * It returns the previous value of the default lifetime. */ diff --git a/eBones/krb/mk_safe.c b/eBones/krb/mk_safe.c index 567004b..46a80f7 100644 --- a/eBones/krb/mk_safe.c +++ b/eBones/krb/mk_safe.c @@ -15,12 +15,12 @@ * Steve Miller Project Athena MIT/DEC * * from: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $ - * $Id: mk_safe.c,v 1.2 1994/07/19 19:25:59 g89r4222 Exp $ + * $Id: mk_safe.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: mk_safe.c,v 1.2 1994/07/19 19:25:59 g89r4222 Exp $"; +"$Id: mk_safe.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -65,7 +65,7 @@ static long msg_time_sec; * HOST_BYTE_ORDER byte order in low bit * * ===================== begin checksum ================================ - * + * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds @@ -132,15 +132,15 @@ long krb_mk_safe(in,out,length,key,sender,receiver) * direction bit is the sign bit of the timestamp. Ok until * 2038?? */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ + receiver->sin_addr.s_addr)==-1) + msg_time_sec = -msg_time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) + if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) + msg_time_sec = -msg_time_sec; /* * all that for one tiny bit! Heaven help those that talk to * themselves. diff --git a/eBones/krb/rd_priv.c b/eBones/krb/rd_priv.c index 9adefec..0e3d906 100644 --- a/eBones/krb/rd_priv.c +++ b/eBones/krb/rd_priv.c @@ -15,12 +15,12 @@ * Steve Miller Project Athena MIT/DEC * * from: rd_priv.c,v 4.14 89/04/28 11:59:42 jtkohl Exp $ - * $Id: rd_priv.c,v 1.2 1994/07/19 19:26:11 g89r4222 Exp $ + * $Id: rd_priv.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[]= -"$Id: rd_priv.c,v 1.2 1994/07/19 19:26:11 g89r4222 Exp $"; +"$Id: rd_priv.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -154,17 +154,17 @@ long krb_rd_priv(in,in_length,schedule,key,sender,receiver,m_data) p += sizeof(m_data->time_sec); /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) + receiver->sin_addr.s_addr)==-1) + /* src < recv */ + m_data->time_sec = - m_data->time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) /* src < recv */ - m_data->time_sec = - m_data->time_sec; + m_data->time_sec = - m_data->time_sec; /* * all that for one tiny bit! * Heaven help those that talk to themselves. diff --git a/eBones/krb/rd_safe.c b/eBones/krb/rd_safe.c index e500b4d..3bfc490 100644 --- a/eBones/krb/rd_safe.c +++ b/eBones/krb/rd_safe.c @@ -13,12 +13,12 @@ * Steve Miller Project Athena MIT/DEC * * from: rd_safe.c,v 4.12 89/01/23 15:16:16 steiner Exp $ - * $Id: rd_safe.c,v 1.2 1994/07/19 19:26:15 g89r4222 Exp $ + * $Id: rd_safe.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: rd_safe.c,v 1.2 1994/07/19 19:26:15 g89r4222 Exp $"; +"$Id: rd_safe.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -134,17 +134,17 @@ krb_rd_safe protocol err sizeof(u_long) != sizeof(struct in_addr)"); p += sizeof(m_data->time_sec); /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) + receiver->sin_addr.s_addr)==-1) + /* src < recv */ + m_data->time_sec = - m_data->time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) /* src < recv */ - m_data->time_sec = - m_data->time_sec; + m_data->time_sec = - m_data->time_sec; /* * All that for one tiny bit! Heaven help those that talk to diff --git a/eBones/krb/read_service_key.c b/eBones/krb/read_service_key.c index 4d66710..c68a8fc 100644 --- a/eBones/krb/read_service_key.c +++ b/eBones/krb/read_service_key.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: _service_key.c,v 4.10 90/03/10 19:06:56 jon Exp $ - * $Id: read_service_key.c,v 1.2 1994/07/19 19:26:16 g89r4222 Exp $ + * $Id: read_service_key.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: read_service_key.c,v 1.2 1994/07/19 19:26:16 g89r4222 Exp $"; +"$Id: read_service_key.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -26,7 +26,7 @@ static char *rcsid = * and "realm" and a key version number "kvno", and looks in the given * "file" for the corresponding entry, and if found, returns the entry's * key field in "key". - * + * * If "instance" contains the string "*", then it will match * any instance, and the chosen instance will be copied to that * string. For this reason it is important that the there is enough @@ -102,7 +102,7 @@ read_service_key(service,instance,realm,kvno,file,key) strcmp(realm,"ATHENA.MIT.EDU"))) continue; #else /* ! ATHENA_COMPAT */ - if (strcmp(rlm,realm)) + if (strcmp(rlm,realm)) continue; #endif /* ATHENA_COMPAT */ diff --git a/eBones/krb/recvauth.c b/eBones/krb/recvauth.c index fe26814..2ab364f 100644 --- a/eBones/krb/recvauth.c +++ b/eBones/krb/recvauth.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: recvauth.c,v 4.4 90/03/10 19:03:08 jon Exp $"; - * $Id: recvauth.c,v 1.2 1994/07/19 19:26:18 g89r4222 Exp $ + * $Id: recvauth.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: recvauth.c,v 1.2 1994/07/19 19:26:18 g89r4222 Exp $"; +"$Id: recvauth.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif lint #include <krb.h> @@ -214,7 +214,7 @@ char *version; /* version string (filled in) */ if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != sizeof(tkt_len)) return(errno); - + /* sanity check */ ticket->length = ntohl((unsigned long)tkt_len); if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { diff --git a/eBones/krb/send_to_kdc.c b/eBones/krb/send_to_kdc.c index aeaf389..43f04a2 100644 --- a/eBones/krb/send_to_kdc.c +++ b/eBones/krb/send_to_kdc.c @@ -4,7 +4,7 @@ * <Copyright.MIT>. * * from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $ - * $Id: send_to_kdc.c,v 1.2 1994/07/19 19:26:21 g89r4222 Exp $ + * $Id: send_to_kdc.c,v 1.3 1995/01/25 06:37:33 gibbs Exp $ */ #ifndef lint @@ -213,17 +213,19 @@ send_to_kdc(pkt,rpkt,realm) rtn: (void) close(f); if (hostlist) { - register struct hostent *hp; - for (hp = hostlist; hp->h_name; hp++) + if(!no_host) { + register struct hostent *hp; + for (hp = hostlist; hp->h_name; hp++) #if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - if (hp->h_addr_list) { + if (hp->h_addr_list) { #endif /* ULTRIX022 || SunOS */ - if (hp->h_addr) - free(hp->h_addr); + if (hp->h_addr) + free(hp->h_addr); #if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - free((char *)hp->h_addr_list); - } + free((char *)hp->h_addr_list); + } #endif /* ULTRIX022 || SunOS */ + } free((char *)hostlist); } return(retval); @@ -255,7 +257,7 @@ static send_recv(pkt,rpkt,f,_to,addrs) printf("Sending message..."); (void) fflush(stdout); } - if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0, + if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0, (struct sockaddr *)_to, S_AD_SZ)) != pkt->length) { if (krb_debug) diff --git a/eBones/krb/tf_shm.c b/eBones/krb/tf_shm.c index 5548f0d..f2f97ab 100644 --- a/eBones/krb/tf_shm.c +++ b/eBones/krb/tf_shm.c @@ -7,12 +7,12 @@ * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu). * * from: tf_shm.c,v 4.2 89/10/25 23:26:46 qjb Exp $ - * $Id: tf_shm.c,v 1.2 1994/07/19 19:26:26 g89r4222 Exp $ + * $Id: tf_shm.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: tf_shm.c,v 1.2 1994/07/19 19:26:26 g89r4222 Exp $"; +"$Id: tf_shm.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif lint #include <stdio.h> @@ -51,15 +51,15 @@ char *file_name; don't slowly lose memory. */ shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT); - if (shmid == -1) { + if (shmid == -1) { if (krb_debug) perror("krb_shm_create shmget"); return(KFAILURE); /* XXX */ } me = getuid(); metoo = geteuid(); - /* - * now set up the buffer so that we can modify it + /* + * now set up the buffer so that we can modify it */ shm_buf.shm_perm.uid = me; shm_buf.shm_perm.gid = getgid(); @@ -89,13 +89,13 @@ char *file_name; perror("krb_shm_create file"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } if (fchmod(fileno(sfile),0600) < 0) { if (krb_debug) perror("krb_shm_create fchmod"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } if (me != metoo) { if (setreuid(me, metoo) < 0) { /* can't switch??? barf! */ @@ -126,11 +126,11 @@ char *file_name; int krb_is_diskless() { struct stat buf; - if (stat("/.diskless",&buf) < 0) + if (stat("/.diskless",&buf) < 0) return(0); else return(1); } - + /* * krb_shm_dest: destroy shared memory segment with session keys, and remove * file pointing to it. @@ -156,7 +156,7 @@ char *file; perror("krb_shm_dest: cannot delete shm segment"); (void) fclose(sfile); return(KFAILURE); /* XXX */ - } + } } else { if (krb_debug) fprintf(stderr, "bad format in shmid file\n"); @@ -170,5 +170,5 @@ char *file; return(RET_TKFIL); /* XXX */ } - + diff --git a/eBones/krb/tf_util.3 b/eBones/krb/tf_util.3 index 3a9bc94..ee6e436 100644 --- a/eBones/krb/tf_util.3 +++ b/eBones/krb/tf_util.3 @@ -1,5 +1,5 @@ .\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $ -.\" $Id: tf_util.3,v 1.2 1994/07/19 19:28:05 g89r4222 Exp $ +.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,7 +13,7 @@ tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B extern char *krb_err_txt[]; diff --git a/eBones/krb/tf_util.c b/eBones/krb/tf_util.c index a9e8551..cb4908e 100644 --- a/eBones/krb/tf_util.c +++ b/eBones/krb/tf_util.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: tf_util.c,v 4.9 90/03/10 19:19:45 jon Exp $ - * $Id: tf_util.c,v 1.2 1994/07/19 19:26:28 g89r4222 Exp $ + * $Id: tf_util.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: tf_util.c,v 1.2 1994/07/19 19:26:28 g89r4222 Exp $"; +"$Id: tf_util.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -51,7 +51,7 @@ char *shmat(); * are invalid (ie. when deciding whether tf_init has been * called.) * c. In tf_close, be sure it gets reinitialized to a negative - * number. + * number. */ static fd = -1; static curpos; /* Position in tfbfr */ @@ -109,13 +109,13 @@ static tf_gets(), tf_read(); /* * tf_init() should be called before the other ticket file routines. * It takes the name of the ticket file to use, "tf_name", and a - * read/write flag "rw" as arguments. + * read/write flag "rw" as arguments. * * It tries to open the ticket file, checks the mode, and if everything * is okay, locks the file. If it's opened for reading, the lock is - * shared. If it's opened for writing, the lock is exclusive. + * shared. If it's opened for writing, the lock is exclusive. * - * Returns KSUCCESS if all went well, otherwise one of the following: + * Returns KSUCCESS if all went well, otherwise one of the following: * * NO_TKT_FIL - file wasn't there * TKT_FIL_ACC - file was in wrong mode, etc. @@ -129,7 +129,7 @@ tf_init(tf_name, rw) uid_t me, getuid(); struct stat stat_buf; #ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; + char shmidname[MAXPATHLEN]; FILE *sfp; int shmid; #endif @@ -170,7 +170,7 @@ tf_init(tf_name, rw) * If "wflag" is set, open the ticket file in append-writeonly mode * and lock the ticket file in exclusive mode. If unable to lock * the file, sleep and try again. If we fail again, return with the - * proper error message. + * proper error message. */ curpos = sizeof(tfbfr); @@ -214,7 +214,7 @@ tf_init(tf_name, rw) } tmp_shm_addr = krb_shm_addr; #endif /* TKT_SHMEM */ - + if (wflag) { fd = open(tf_name, O_RDWR, 0600); if (fd < 0) { @@ -232,7 +232,7 @@ tf_init(tf_name, rw) } /* * Otherwise "wflag" is not set and the ticket file should be opened - * for read-only operations and locked for shared access. + * for read-only operations and locked for shared access. */ fd = open(tf_name, O_RDONLY, 0600); @@ -256,7 +256,7 @@ tf_init(tf_name, rw) * principal's name is filled into the "p" parameter. If all goes well, * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is * returned. If the name was null, or EOF was encountered, or the name - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. */ tf_get_pname(p) @@ -279,7 +279,7 @@ tf_get_pname(p) * goes well, KSUCCESS is returned. If tf_init() wasn't called, * TKT_FIL_INI is returned. If EOF was encountered, or the instance * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the - * instance may be null. + * instance may be null. */ tf_get_pinst(inst) @@ -299,7 +299,7 @@ tf_get_pinst(inst) * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills * in the given structure "c". It should only be called after tf_init(), * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, - * KSUCCESS is returned. Possible error codes are: + * KSUCCESS is returned. Possible error codes are: * * TKT_FIL_INI - tf_init wasn't called first * TKT_FIL_FMT - bad format @@ -394,7 +394,7 @@ tf_close() * tf_gets() is an internal routine. It takes a string "s" and a count * "n", and reads from the file until either it has read "n" characters, * or until it reads a null byte. When finished, what has been read exists - * in "s". If it encounters EOF or an error, it closes the ticket file. + * in "s". If it encounters EOF or an error, it closes the ticket file. * * Possible return values are: * @@ -408,7 +408,7 @@ tf_close() * file is seriously ill. */ -static +static tf_gets(s, n) register char *s; { @@ -455,7 +455,7 @@ tf_read(s, n) register n; { register count; - + for (count = n; count > 0; --count) { if (curpos >= sizeof(tfbfr)) { lastpos = read(fd, tfbfr, sizeof(tfbfr)); @@ -469,7 +469,7 @@ tf_read(s, n) } return n; } - + char *tkt_string(); /* diff --git a/eBones/ksrvtgt/ksrvtgt.1 b/eBones/ksrvtgt/ksrvtgt.1 index 25fd939..129c745 100644 --- a/eBones/ksrvtgt/ksrvtgt.1 +++ b/eBones/ksrvtgt/ksrvtgt.1 @@ -1,5 +1,5 @@ .\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.2 1994/07/19 19:27:52 g89r4222 Exp $ +.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -25,7 +25,7 @@ is not supplied on the command line), decrypts the response using the service key found in .I srvtab (or in -.B /etc/srvtab +.B /etc/kerberosIV/srvtab if .I srvtab is not specified on the command line), and stores the ticket in the @@ -39,13 +39,13 @@ problems, the most common of which is the inability to read the service key file. .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm. .TP /tmp/tkt[uid] The default ticket file. .TP -/etc/srvtab +/etc/kerberosIV/srvtab The default service key file. .SH SEE ALSO kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/ksrvtgt/ksrvtgt.c b/eBones/ksrvtgt/ksrvtgt.c index 46bbd56..79acf3e 100644 --- a/eBones/ksrvtgt/ksrvtgt.c +++ b/eBones/ksrvtgt/ksrvtgt.c @@ -1,18 +1,18 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Get a ticket-granting-ticket given a service key file (srvtab) * The lifetime is the shortest allowed [1 five-minute interval] * * from: ksrvtgt.c,v 4.3 89/07/28 10:17:28 jtkohl Exp $ - * $Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $ + * $Id: ksrvtgt.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint const char rcsid[] = -"$Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $"; +"$Id: ksrvtgt.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -36,10 +36,10 @@ main(argc,argv) argv[0]); exit(1); } - + if (argc == 4) (void) strncpy(srvtab, argv[3], sizeof(srvtab) -1); - + if (argc == 5) { (void) strncpy(realm, argv[3], sizeof(realm) - 1); (void) strncpy(srvtab, argv[4], sizeof(srvtab) -1); diff --git a/eBones/ksrvutil/HOW-TO b/eBones/ksrvutil/HOW-TO new file mode 100644 index 0000000..53f719c --- /dev/null +++ b/eBones/ksrvutil/HOW-TO @@ -0,0 +1,291 @@ +To re-create this export-controlled program from eBones: + +1) Copy ksrvutil.c from the kadmin directory. +2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' *.[ch] +3) Apply this patch: + +*** ksrvutil.c.orig Fri Jan 20 17:19:45 1995 +--- ksrvutil.c Fri Jan 20 17:27:38 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v $ +- * $Author: jtkohl $ +- * + * Copyright 1989 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * list and update contents of srvtab files +--- 1,7 ---- + /* + * Copyright 1989 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * list and update contents of srvtab files +*************** +*** 12,20 **** + + #ifndef lint + static char rcsid_ksrvutil_c[] = +! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; + #endif lint + +- #include <mit-copyright.h> + /* + * ksrvutil +--- 9,20 ---- + + #ifndef lint ++ #if 0 + static char rcsid_ksrvutil_c[] = +! "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; +! #endif +! static const char rcsid[] = +! "$Id$"; + #endif lint + + /* + * ksrvutil +*************** +*** 37,40 **** +--- 37,41 ---- + #include <errno.h> + #include <kadm.h> ++ #include <err.h> + + #ifdef NOENCRYPTION +*************** +*** 54,58 **** + + extern int errno; +- extern char *sys_errlist[]; + + extern void krb_set_tkt_string(); +--- 55,58 ---- +*************** +*** 79,85 **** + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) { +! (void)fprintf(stderr, "%s: Unable to read %s: %s\n", progname, +! keyfile, sys_errlist[errno]); +! exit(1); + } + else { +--- 79,83 ---- + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) { +! err(1, "unable to read %s", keyfile); + } + else { +*************** +*** 88,100 **** + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { +! (void) fprintf(stderr, "%s: Unable to create %s: %s\n", +! progname, keyfile, sys_errlist[errno]); +! exit(1); + } + else + if (close(keyfile_fd) < 0) { +! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", +! progname, keyfile, sys_errlist[errno]); +! exit(1); + } + } +--- 86,94 ---- + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { +! err(1, "unable to create %s", keyfile); + } + else + if (close(keyfile_fd) < 0) { +! err(1, "failure closing %s", keyfile); + } + } +*************** +*** 107,135 **** + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) { +! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", progname, +! backup_keyfile, sys_errlist[errno]); +! exit(1); + } + do { + if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { +! (void) fprintf(stderr, "%s: Error reading %s: %s\n", progname, +! keyfile, sys_errlist[errno]); +! exit(1); + } + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { +! (void) fprintf(stderr, "%s: Error writing %s: %s\n", progname, +! backup_keyfile, sys_errlist[errno]); +! exit(1); + } + } while (rcount); + if (close(backup_keyfile_fd) < 0) { +! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, +! backup_keyfile, sys_errlist[errno]); +! exit(1); + } + if (close(keyfile_fd) < 0) { +! (void) fprintf(stderr, "%s: Error closing %s: %s\n", progname, +! keyfile, sys_errlist[errno]); +! exit(1); + } + } +--- 101,119 ---- + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) { +! err(1, "unable to write %s", backup_keyfile); + } + do { + if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { +! err(1, "error reading %s", keyfile); + } + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { +! err(1, "error writing %s", backup_keyfile); + } + } while (rcount); + if (close(backup_keyfile_fd) < 0) { +! err(1, "error closing %s", backup_keyfile); + } + if (close(keyfile_fd) < 0) { +! err(1, "error closing %s", keyfile); + } + } +*************** +*** 145,151 **** + (void) bzero(buf, size); + if (read(0, buf, size - 1) < 0) { +! (void) fprintf(stderr, "Failure reading from stdin: %s\n", +! sys_errlist[errno]); +! leave((char *)NULL, 1); + } + fflush(stdin); +--- 129,134 ---- + (void) bzero(buf, size); + if (read(0, buf, size - 1) < 0) { +! warn("failure reading from stdin"); +! leave((char *)NULL, 1); + } + fflush(stdin); +*************** +*** 163,170 **** + { + if (write(fd, buf, len) != len) { +! (void) fprintf(stderr, "%s: Failure writing to %s: %s\n", progname, +! filename, sys_errlist[errno]); +! (void) close(fd); +! leave("In progress srvtab in this file.", 1); + } + } +--- 146,152 ---- + { + if (write(fd, buf, len) != len) { +! warn("failure writing %s", filename); +! close(fd); +! leave("In progress srvtab in this file.", 1); + } + } +*************** +*** 343,349 **** + if (change || list) { + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { +! (void) fprintf(stderr, "%s: Unable to read %s: %s\n", argv[0], +! backup_keyfile, sys_errlist[errno]); +! exit(1); + } + } +--- 325,329 ---- + if (change || list) { + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { +! err(1, "unable to read %s", backup_keyfile); + } + } +*************** +*** 353,359 **** + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) { +! (void) fprintf(stderr, "%s: Unable to write %s: %s\n", argv[0], +! work_keyfile, sys_errlist[errno]); +! exit(1); + } + } +--- 333,337 ---- + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) { +! err(1, "unable to write %s", work_keyfile); + } + } +*************** +*** 361,367 **** + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { +! (void) fprintf(stderr, "%s: Unable to open %s for append: %s\n", +! argv[0], work_keyfile, sys_errlist[errno]); +! exit(1); + } + } +--- 339,343 ---- + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { +! err(1, "unable to append to %s", work_keyfile); + } + } +*************** +*** 456,463 **** + } + else { +! (void)fprintf(stderr, +! "%s: Unable to revert keyfile: %s\n", +! argv[0], sys_errlist[errno]); +! leave("", 1); + } + } +--- 432,437 ---- + } + else { +! warn("unable to revert keyfile"); +! leave("", 1); + } + } +*************** +*** 499,518 **** + if (change || list) + if (close(backup_keyfile_fd) < 0) { +! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", +! argv[0], backup_keyfile, sys_errlist[errno]); +! (void) fprintf(stderr, "continuing...\n"); + } + + if (change || add) { + if (close(work_keyfile_fd) < 0) { +! (void) fprintf(stderr, "%s: Failure closing %s: %s\n", +! argv[0], work_keyfile, sys_errlist[errno]); +! exit(1); + } + if (rename(work_keyfile, keyfile) < 0) { +! (void) fprintf(stderr, "%s: Failure renaming %s to %s: %s\n", +! argv[0], work_keyfile, keyfile, +! sys_errlist[errno]); +! exit(1); + } + (void) chmod(backup_keyfile, keyfile_mode); +--- 473,485 ---- + if (change || list) + if (close(backup_keyfile_fd) < 0) { +! warn("failure closing %s, continuing", backup_keyfile); + } + + if (change || add) { + if (close(work_keyfile_fd) < 0) { +! err(1, "failure closing %s", work_keyfile); + } + if (rename(work_keyfile, keyfile) < 0) { +! err(1, "failure renaming %s to %s", work_keyfile, keyfile); + } + (void) chmod(backup_keyfile, keyfile_mode); diff --git a/eBones/ksrvutil/Makefile b/eBones/ksrvutil/Makefile new file mode 100644 index 0000000..bdff452 --- /dev/null +++ b/eBones/ksrvutil/Makefile @@ -0,0 +1,10 @@ +# $Id$ + +PROG= ksrvutil +SRCS= ksrvutil.c +CFLAGS+= -I${.CURDIR}/../include -I${.CURDIR}/../libkadm +LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes \ + -lcom_err +NOMAN= #man page installed by ../man + +.include <bsd.prog.mk> diff --git a/eBones/ksrvutil/ksrvutil.c b/eBones/ksrvutil/ksrvutil.c new file mode 100644 index 0000000..d1e9474 --- /dev/null +++ b/eBones/ksrvutil/ksrvutil.c @@ -0,0 +1,580 @@ +/* + * Copyright 1989 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * list and update contents of srvtab files + */ + +#ifndef lint +#if 0 +static char rcsid_ksrvutil_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: ksrvutil.c,v 1.2 1995/01/23 22:54:08 wollman Exp $"; +#endif lint + +/* + * ksrvutil + * list and update the contents of srvtab files + */ + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#include <sys/types.h> +#include <sys/file.h> +#include <sys/param.h> +#include <stdio.h> +#include <sys/stat.h> +#include <errno.h> +#include <kadm.h> +#include <err.h> +#include <com_err.h> + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else /* NOENCRYPTION */ +#define read_long_pw_string des_read_pw_string +#endif /* NOENCRYPTION */ +int read_long_pw_string(); + +#define SRVTAB_MODE 0600 /* rw------- */ +#define PAD " " +#define VNO_HEADER "Version" +#define VNO_FORMAT "%4d " +#define KEY_HEADER " Key " /* 17 characters long */ +#define PRINC_HEADER " Principal\n" +#define PRINC_FORMAT "%s" + +extern int errno; + +extern void krb_set_tkt_string(); +void leave(); +unsigned short get_mode(); + +void +copy_keyfile(progname, keyfile, backup_keyfile) + char *progname; + char *keyfile; + char *backup_keyfile; +{ + int keyfile_fd; + int backup_keyfile_fd; + int keyfile_mode; + char buf[BUFSIZ]; /* for copying keyfiles */ + int rcount; /* for copying keyfiles */ + int try_again; + + (void) bzero((char *)buf, sizeof(buf)); + + do { + try_again = FALSE; + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) { + err(1, "unable to read %s", keyfile); + } + else { + try_again = TRUE; + if ((keyfile_fd = + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { + err(1, "unable to create %s", keyfile); + } + else + if (close(keyfile_fd) < 0) { + err(1, "failure closing %s", keyfile); + } + } + } + } while(try_again); + + keyfile_mode = get_mode(keyfile); + + if ((backup_keyfile_fd = + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) { + err(1, "unable to write %s", backup_keyfile); + } + do { + if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { + err(1, "error reading %s", keyfile); + } + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { + err(1, "error writing %s", backup_keyfile); + } + } while (rcount); + if (close(backup_keyfile_fd) < 0) { + err(1, "error closing %s", backup_keyfile); + } + if (close(keyfile_fd) < 0) { + err(1, "error closing %s", keyfile); + } +} + +void +safe_read_stdin(prompt, buf, size) + char *prompt; + char *buf; + int size; +{ + (void) printf(prompt); + (void) fflush(stdout); + (void) bzero(buf, size); + if (read(0, buf, size - 1) < 0) { + warn("failure reading from stdin"); + leave((char *)NULL, 1); + } + fflush(stdin); + buf[strlen(buf)-1] = 0; +} + + +void +safe_write(progname, filename, fd, buf, len) + char *progname; + char *filename; + int fd; + char *buf; + int len; +{ + if (write(fd, buf, len) != len) { + warn("failure writing %s", filename); + close(fd); + leave("In progress srvtab in this file.", 1); + } +} + +int +yn(string) + char *string; +{ + char ynbuf[5]; + + (void) printf("%s (y,n) [y] ", string); + for (;;) { + safe_read_stdin("", ynbuf, sizeof(ynbuf)); + + if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) + return(0); + else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y') || (ynbuf[0] == 0)) + return(1); + else { + (void) printf("Please enter 'y' or 'n': "); + fflush(stdout); + } + } +} + +void +append_srvtab(progname, filename, fd, sname, sinst, + srealm, key_vno, key) + char *progname; + char *filename; + int fd; + char *sname; + char *sinst; + char *srealm; + unsigned char key_vno; + des_cblock key; +{ + /* Add one to append null */ + safe_write(progname, filename, fd, sname, strlen(sname) + 1); + safe_write(progname, filename, fd, sinst, strlen(sinst) + 1); + safe_write(progname, filename, fd, srealm, strlen(srealm) + 1); + safe_write(progname, filename, fd, (char *)&key_vno, 1); + safe_write(progname, filename, fd, (char *)key, sizeof(des_cblock)); + (void) fsync(fd); +} + +unsigned short +get_mode(filename) + char *filename; +{ + struct stat statbuf; + unsigned short mode; + + (void) bzero((char *)&statbuf, sizeof(statbuf)); + + if (stat(filename, &statbuf) < 0) + mode = SRVTAB_MODE; + else + mode = statbuf.st_mode; + + return(mode); +} + +main(argc,argv) + int argc; + char *argv[]; +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + unsigned char key_vno; /* key version number */ + int status; /* general purpose error status */ + des_cblock new_key; + des_cblock old_key; + char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */ + char keyfile[MAXPATHLEN]; /* Original keyfile */ + char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */ + char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */ + unsigned short keyfile_mode; /* Protections on keyfile */ + int work_keyfile_fd = -1; /* Initialize so that */ + int backup_keyfile_fd = -1; /* compiler doesn't complain */ + char local_realm[REALM_SZ]; /* local kerberos realm */ + int i; + int interactive = FALSE; + int list = FALSE; + int change = FALSE; + int add = FALSE; + int key = FALSE; /* do we show keys? */ + int arg_entered = FALSE; + int change_this_key = FALSE; + char databuf[BUFSIZ]; + int first_printed = FALSE; /* have we printed the first item? */ + + int get_svc_new_key(); + void get_key_from_password(); + void print_key(); + void print_name(); + + (void) bzero((char *)sname, sizeof(sname)); + (void) bzero((char *)sinst, sizeof(sinst)); + (void) bzero((char *)srealm, sizeof(srealm)); + + (void) bzero((char *)change_tkt, sizeof(change_tkt)); + (void) bzero((char *)keyfile, sizeof(keyfile)); + (void) bzero((char *)work_keyfile, sizeof(work_keyfile)); + (void) bzero((char *)backup_keyfile, sizeof(backup_keyfile)); + (void) bzero((char *)local_realm, sizeof(local_realm)); + + (void) sprintf(change_tkt, "/tmp/tkt_ksrvutil.%d", getpid()); + krb_set_tkt_string(change_tkt); + + /* This is used only as a default for adding keys */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + (void) strcpy(local_realm, KRB_REALM); + + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-i") == 0) + interactive++; + else if (strcmp(argv[i], "-k") == 0) + key++; + else if (strcmp(argv[i], "list") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + list++; + } + } + else if (strcmp(argv[i], "change") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + change++; + } + } + else if (strcmp(argv[i], "add") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + add++; + } + } + else if (strcmp(argv[i], "-f") == 0) { + if (++i == argc) + usage(); + else + (void) strcpy(keyfile, argv[i]); + } + else + usage(); + } + + if (!arg_entered) + usage(); + + if (!keyfile[0]) + (void) strcpy(keyfile, KEYFILE); + + (void) strcpy(work_keyfile, keyfile); + (void) strcpy(backup_keyfile, keyfile); + + if (change || add) { + (void) strcat(work_keyfile, ".work"); + (void) strcat(backup_keyfile, ".old"); + + copy_keyfile(argv[0], keyfile, backup_keyfile); + } + + if (add) + copy_keyfile(argv[0], backup_keyfile, work_keyfile); + + keyfile_mode = get_mode(keyfile); + + if (change || list) { + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { + err(1, "unable to read %s", backup_keyfile); + } + } + + if (change) { + if ((work_keyfile_fd = + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) { + err(1, "unable to write %s", work_keyfile); + } + } + else if (add) { + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { + err(1, "unable to append to %s", work_keyfile); + } + } + + if (change || list) { + while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && + (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && + (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && + (read(backup_keyfile_fd, &key_vno, 1) > 0) && + (read(backup_keyfile_fd,(char *)old_key,sizeof(old_key)) > 0)) { + if (list) { + if (!first_printed) { + (void) printf(VNO_HEADER); + (void) printf(PAD); + if (key) { + (void) printf(KEY_HEADER); + (void) printf(PAD); + } + (void) printf(PRINC_HEADER); + first_printed = 1; + } + (void) printf(VNO_FORMAT, key_vno); + (void) printf(PAD); + if (key) { + print_key(old_key); + (void) printf(PAD); + } + print_name(sname, sinst, srealm); + (void) printf("\n"); + } + else if (change) { + (void) printf("\nPrincipal: "); + print_name(sname, sinst, srealm); + (void) printf("; version %d\n", key_vno); + if (interactive) + change_this_key = yn("Change this key?"); + else if (change) + change_this_key = 1; + else + change_this_key = 0; + + if (change_this_key) + (void) printf("Changing to version %d.\n", key_vno + 1); + else if (change) + (void) printf("Not changing this key.\n"); + + if (change_this_key) { + /* + * Pick a new key and determine whether or not + * it is safe to change + */ + if ((status = + get_svc_new_key(new_key, sname, sinst, + srealm, keyfile)) == KADM_SUCCESS) + key_vno++; + else { + (void) bcopy(old_key, new_key, sizeof(new_key)); + com_err(argv[0], status, ": key NOT changed"); + change_this_key = FALSE; + } + } + else + (void) bcopy(old_key, new_key, sizeof(new_key)); + append_srvtab(argv[0], work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + if (key && change_this_key) { + (void) printf("Old key: "); + print_key(old_key); + (void) printf("; new key: "); + print_key(new_key); + (void) printf("\n"); + } + if (change_this_key) { + if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { + (void) printf("Key changed.\n"); + (void) dest_tkt(); + } + else { + com_err(argv[0], status, + " attempting to change password."); + (void) dest_tkt(); + /* XXX This knows the format of a keyfile */ + if (lseek(work_keyfile_fd, -9, L_INCR) >= 0) { + key_vno--; + safe_write(argv[0], work_keyfile, + work_keyfile_fd, (char *)&key_vno, 1); + safe_write(argv[0], work_keyfile, work_keyfile_fd, + (char *)old_key, sizeof(des_cblock)); + (void) fsync(work_keyfile_fd); + (void) fprintf(stderr,"Key NOT changed.\n"); + } + else { + warn("unable to revert keyfile"); + leave("", 1); + } + } + } + } + bzero((char *)old_key, sizeof(des_cblock)); + bzero((char *)new_key, sizeof(des_cblock)); + } + } + else if (add) { + do { + do { + safe_read_stdin("Name: ", databuf, sizeof(databuf)); + (void) strncpy(sname, databuf, sizeof(sname) - 1); + safe_read_stdin("Instance: ", databuf, sizeof(databuf)); + (void) strncpy(sinst, databuf, sizeof(sinst) - 1); + safe_read_stdin("Realm: ", databuf, sizeof(databuf)); + (void) strncpy(srealm, databuf, sizeof(srealm) - 1); + safe_read_stdin("Version number: ", databuf, sizeof(databuf)); + key_vno = atoi(databuf); + if (!srealm[0]) + (void) strcpy(srealm, local_realm); + (void) printf("New principal: "); + print_name(sname, sinst, srealm); + (void) printf("; version %d\n", key_vno); + } while (!yn("Is this correct?")); + get_key_from_password(new_key); + if (key) { + (void) printf("Key: "); + print_key(new_key); + (void) printf("\n"); + } + append_srvtab(argv[0], work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + (void) printf("Key successfully added.\n"); + } while (yn("Would you like to add another key?")); + } + + if (change || list) + if (close(backup_keyfile_fd) < 0) { + warn("failure closing %s, continuing", backup_keyfile); + } + + if (change || add) { + if (close(work_keyfile_fd) < 0) { + err(1, "failure closing %s", work_keyfile); + } + if (rename(work_keyfile, keyfile) < 0) { + err(1, "failure renaming %s to %s", work_keyfile, keyfile); + } + (void) chmod(backup_keyfile, keyfile_mode); + (void) chmod(keyfile, keyfile_mode); + (void) printf("Old keyfile in %s.\n", backup_keyfile); + } + + exit(0); +} + +void +print_key(key) + des_cblock key; +{ + int i; + + for (i = 0; i < 4; i++) + (void) printf("%02x", key[i]); + (void) printf(" "); + for (i = 4; i < 8; i++) + (void) printf("%02x", key[i]); +} + +void +print_name(name, inst, realm) + char *name; + char *inst; + char *realm; +{ + (void) printf("%s%s%s%s%s", name, inst[0] ? "." : "", inst, + realm[0] ? "@" : "", realm); +} + +int +get_svc_new_key(new_key, sname, sinst, srealm, keyfile) + des_cblock new_key; + char *sname; + char *sinst; + char *srealm; + char *keyfile; +{ + int status = KADM_SUCCESS; + + if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, + KADM_SINST, 1, keyfile)) == KSUCCESS) && + ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == + KADM_SUCCESS)) { +#ifdef NOENCRYPTION + (void) bzero((char *) new_key, sizeof(des_cblock)); + new_key[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + (void) des_random_key(new_key); +#endif /* NOENCRYPTION */ + return(KADM_SUCCESS); + } + + return(status); +} + +void +get_key_from_password(key) + des_cblock key; +{ + char password[MAX_KPW_LEN]; /* storage for the password */ + + if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) + leave("Error reading password.", 1); + +#ifdef NOENCRYPTION + (void) bzero((char *) key, sizeof(des_cblock)); + key[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + (void) des_string_to_key(password, key); +#endif /* NOENCRYPTION */ + (void) bzero((char *)password, sizeof(password)); +} + +usage() +{ + (void) fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); + (void) fprintf(stderr, "{list | change | add}\n"); + (void) fprintf(stderr, " -i causes the program to ask for "); + (void) fprintf(stderr, "confirmation before changing keys.\n"); + (void) fprintf(stderr, " -k causes the key to printed for list or "); + (void) fprintf(stderr, "change.\n"); + exit(1); +} + +void +leave(str,x) +char *str; +int x; +{ + if (str) + (void) fprintf(stderr, "%s\n", str); + (void) dest_tkt(); + exit(x); +} diff --git a/eBones/kstash/Makefile b/eBones/kstash/Makefile index 8331c97a..d096b9c 100644 --- a/eBones/kstash/Makefile +++ b/eBones/kstash/Makefile @@ -1,10 +1,10 @@ # From: @(#)Makefile 5.2 (Berkeley) 3/5/91 -# $Id: Makefile,v 1.2 1994/07/19 19:27:04 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ PROG= kstash CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes NOMAN= noman .include <bsd.prog.mk> diff --git a/eBones/kstash/kstash.8 b/eBones/kstash/kstash.8 index d83379a..ac8c57b 100644 --- a/eBones/kstash/kstash.8 +++ b/eBones/kstash/kstash.8 @@ -1,5 +1,5 @@ .\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id: kstash.8,v 1.2 1994/07/19 19:27:55 g89r4222 Exp $ +.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -34,8 +34,11 @@ system call returned an error while was attempting to write the key to the file. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/kstash/kstash.c b/eBones/kstash/kstash.c index 696e4e1..d8afe20 100644 --- a/eBones/kstash/kstash.c +++ b/eBones/kstash/kstash.c @@ -1,16 +1,16 @@ /* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology + * of Technology * For copying and distribution information, please see the file * <Copyright.MIT>. * * from: kstash.c,v 4.0 89/01/23 09:45:43 jtkohl Exp $ - * $Id: kstash.c,v 1.2 1994/07/19 19:27:05 g89r4222 Exp $ + * $Id: kstash.c,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kstash.c,v 1.2 1994/07/19 19:27:05 g89r4222 Exp $"; +"$Id: kstash.c,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $"; #endif lint #include <stdio.h> @@ -84,7 +84,7 @@ main(argc, argv) clear_secrets(); } -static void +static void clear_secrets() { bzero(master_key_schedule, sizeof(master_key_schedule)); diff --git a/eBones/lib/libacl/acl_check.3 b/eBones/lib/libacl/acl_check.3 index c142506..2e5129c 100644 --- a/eBones/lib/libacl/acl_check.3 +++ b/eBones/lib/libacl/acl_check.3 @@ -1,5 +1,5 @@ .\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $ -.\" $Id: acl_check.3,v 1.2 1994/07/19 19:27:17 g89r4222 Exp $ +.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -16,7 +16,7 @@ acl_delete, acl_initialize \- Access control list routines cc <files> \-lacl \-lkrb .PP .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B acl_canonicalize_principal(principal, buf) @@ -98,7 +98,7 @@ must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in -.IR /usr/include/krb.h . +.IR /usr/include/kerberosIV/krb.h . .PP .I acl_check returns nonzero if diff --git a/eBones/lib/libacl/acl_files.c b/eBones/lib/libacl/acl_files.c index 6f7f3fd..1b97bb2 100644 --- a/eBones/lib/libacl/acl_files.c +++ b/eBones/lib/libacl/acl_files.c @@ -6,12 +6,12 @@ * <mit-copyright.h>. * * from: acl_files.c,v 4.4 89/12/19 13:30:53 jtkohl Exp $ - * $Id: acl_files.c,v 1.2 1994/07/19 19:21:18 g89r4222 Exp $ + * $Id: acl_files.c,v 1.1.1.1 1994/09/30 14:49:48 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: acl_files.c,v 1.2 1994/07/19 19:21:18 g89r4222 Exp $"; +"$Id: acl_files.c,v 1.1.1.1 1994/09/30 14:49:48 csgr Exp $"; #endif lint @@ -86,7 +86,7 @@ char *canon; dot = NULL; } } - + /* No such luck */ end = principal + strlen(principal); @@ -121,7 +121,7 @@ char *canon; strcpy(canon, KRB_REALM); } } - + /* Get a lock to modify acl_file */ /* Return new FILE pointer */ /* or NULL if file cannot be modified */ @@ -176,7 +176,7 @@ char *acl_file; /* Closes f */ static int acl_commit(acl_file, f) char *acl_file; -FILE *f; +FILE *f; { char new[LINESIZE]; int ret; @@ -203,7 +203,7 @@ FILE *f; static int acl_abort(acl_file, f) char *acl_file; -FILE *f; +FILE *f; { char new[LINESIZE]; int ret; @@ -471,7 +471,7 @@ char *principal; sprintf(buf, "*.*%s", realm); if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); - + return(0); } diff --git a/eBones/lib/libkadm/EXPORTABLE b/eBones/lib/libkadm/EXPORTABLE new file mode 100644 index 0000000..e478483 --- /dev/null +++ b/eBones/lib/libkadm/EXPORTABLE @@ -0,0 +1,4 @@ +The files in this directory are believed to be exportable. + +-GAWollman + diff --git a/eBones/lib/libkadm/Makefile b/eBones/lib/libkadm/Makefile new file mode 100644 index 0000000..f587d5c --- /dev/null +++ b/eBones/lib/libkadm/Makefile @@ -0,0 +1,23 @@ +# $Id$ + +LIB= kadm + +SRCS= kadm_err.c kadm_stream.c kadm_supp.c kadm_cli_wrap.c +CFLAGS+= -I. -I${.CURDIR} -I${.CURDIR}/../include -I${KRBOBJDIR} -DPOSIX +CLEANFILES+= kadm_err.c kadm_err.h + +kadm_err.c kadm_err.h: kadm_err.et + test -e kadm_err.et || ln -s ${.CURDIR}/kadm_err.et . + compile_et kadm_err.et + +beforeinstall: + -cd ${.CURDIR}; cmp -s kadm.h \ + ${DESTDIR}/usr/include/kerberosIV/kadm.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm.h \ + ${DESTDIR}/usr/include/kerberosIV + -cd ${.OBJDIR}; cmp -s kadm_err.h \ + ${DESTDIR}/usr/include/kerberosIV/kadm_err.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm_err.h \ + ${DESTDIR}/usr/include/kerberosIV + +.include <bsd.lib.mk> diff --git a/eBones/lib/libkadm/kadm.h b/eBones/lib/libkadm/kadm.h new file mode 100644 index 0000000..965b530 --- /dev/null +++ b/eBones/lib/libkadm/kadm.h @@ -0,0 +1,140 @@ +/* + * $Source: /home/ncvs/src/eBones/libkadm/kadm.h,v $ + * $Author: wollman $ + * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/kadm.h,v 4.2 89/09/26 09:15:20 jtkohl Exp + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +/* for those broken Unixes without this defined... should be in sys/param.h */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + +#include <sys/types.h> +#include <netinet/in.h> +#include <krb.h> +#include <des.h> + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_char fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + unsigned long key_low; + unsigned long key_high; + unsigned long exp_date; + unsigned short attributes; + unsigned char max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 + +extern long kdb_get_master_key(); /* XXX should be in krb_db.h */ +extern long kdb_verify_master_key(); /* XXX ditto */ + +extern long krb_mk_priv(), krb_rd_priv(); /* XXX should be in krb.h */ +extern void krb_set_tkt_string(); /* XXX ditto */ + +extern unsigned long quad_cksum(); /* XXX should be in des.h */ + +/* XXX This doesn't belong here!!! */ +char *malloc(), *realloc(); +#ifdef POSIX +typedef void sigtype; +#else +typedef int sigtype; +#endif + +#endif KADM_DEFS diff --git a/eBones/lib/libkadm/kadm_cli_wrap.c b/eBones/lib/libkadm/kadm_cli_wrap.c new file mode 100644 index 0000000..7e1cfa9 --- /dev/null +++ b/eBones/lib/libkadm/kadm_cli_wrap.c @@ -0,0 +1,499 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server client-side routines + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_cli_wrap_c[] = +"from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp"; +#endif +static const char rcsid[] = + "$Id: kadm_cli_wrap.c,v 1.1 1995/01/20 02:02:51 wollman Exp $"; +#endif lint + +/* + * kadm_cli_wrap.c the client side wrapping of the calls to the admin server + */ + +#include <sys/types.h> +#include <errno.h> +#include <signal.h> +#include <netdb.h> +#include <sys/socket.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_err.h> + +#ifndef NULL +#define NULL 0 +#endif + +static Kadm_Client client_parm; + +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} + +/* Keys for use in the transactions */ +static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ +static Key_schedule sess_sched; + +static +clear_secrets() +{ + bzero((char *)sess_key, sizeof(sess_key)); + bzero((char *)sess_sched, sizeof(sess_sched)); + return; +} + +/* + * kadm_init_link + * receives : name, inst, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ +kadm_init_link(n, i, r) +char n[]; +char i[]; +char r[]; +{ + struct servent *sep; /* service we will talk to */ + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MAXHOSTNAMELEN]; + + (void) init_kadm_err_tbl(); + (void) init_krb_err_tbl(); + (void) strcpy(client_parm.sname, n); + (void) strcpy(client_parm.sinst, i); + (void) strcpy(client_parm.krbrlm, r); + client_parm.admin_fd = -1; + + /* set up the admin_addr - fetch name of admin host */ + if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + if ((hop = gethostbyname(adm_hostname)) == NULL) + return KADM_UNK_HOST; /* couldnt find the admin servers + * address */ + if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) + return KADM_NO_SERV; /* couldnt find the admin service */ + bzero((char *) &client_parm.admin_addr, + sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_family = hop->h_addrtype; + bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr, + hop->h_length); + client_parm.admin_addr.sin_port = sep->s_port; + + return KADM_SUCCESS; +} /* procedure kadm_init_link */ + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ +kadm_change_pw(newkey) +des_cblock newkey; /* The DES form of the users key */ +{ + int stsize, retc; /* stream size and return code */ + u_char *send_st; /* send stream */ + u_char *ret_st; + int ret_sz; + u_long keytmp; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + /* possible problem with vts_long on a non-multiple of four boundary */ + + stsize = 0; /* start of our output packet */ + send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st[stsize++] = (u_char) CHANGE_PW; + + /* change key to stream */ + + bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4); + keytmp = htonl(keytmp); + stsize += vts_long(keytmp, &send_st, stsize); + + bcopy((char *) newkey, (char *) &keytmp, 4); + keytmp = htonl(keytmp); + stsize += vts_long(keytmp, &send_st, stsize); + + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); + free((char *)send_st); + if (retc == KADM_SUCCESS) { + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_add + * receives : vals + * returns : vals + * + * Adds and entry containing values to the database returns the values of the + * entry, so if you leave certain fields blank you will be able to determine + * the default values they are set to + */ +kadm_add(vals) +Kadm_vals *vals; +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) ADD_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_mod + * receives : KTEXT, {values, values} + * returns : CKSUM, RETCODE, {values} + * acl : su, sms (as register or dealloc) + * + * Modifies all entries corresponding to the first values so they match the + * second values. returns the values for the changed entries in vals2 + */ +kadm_mod(vals1, vals2) +Kadm_vals *vals1; +Kadm_vals *vals2; +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len, nlen; /* st2 the final stream with opcode */ + u_char *ret_st; + int ret_sz; + + /* nlen is the length of second vals */ + int retc; /* return code from call */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + + st_len = vals_to_stream(vals1, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) MOD_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len++); /* append st on */ + free((char *)st); + nlen = vals_to_stream(vals2, &st); + st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */ + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals2, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_get + * receives : KTEXT, {values, flags} + * returns : CKSUM, RETCODE, {count, values, values, values} + * acl : su + * + * gets the fields requested by flags from all entries matching values returns + * this data for each matching recipient, after a count of how many such + * matches there were + */ +kadm_get(vals, fl) +Kadm_vals *vals; +u_char fl[4]; + +{ + int loop; /* for copying the fields data */ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + *st2 = (u_char) GET_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + for (loop = FLDSZ - 1; loop >= 0; loop--) + *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) +u_char *st_dat; /* the actual data */ +int st_siz; /* length of said data */ +u_char **ret_dat; /* to give return info */ +int *ret_siz; /* length of returned info */ +{ + int act_len, retdat; /* current offset into packet, return + * data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + int priv_len; /* length of private packet */ + u_long cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + + act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ + (void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(sess_key, sess_sched)) != KADM_SUCCESS) { + free((char *)act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + /* 200 bytes for extra info case */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, + sess_sched, sess_key, &client_parm.my_addr, + &client_parm.admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose + * here */ + /* here is the length of priv data. receiver calcs + size of authenticator by subtracting vno size, priv size, and + sizeof(u_long) (for the size indication) from total size */ + + act_len += vts_long((u_long) priv_len, &act_st, act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = quad_cksum(priv_pak, (u_long *)0, (long)priv_len, 0, + sess_key); +#endif + if (retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, (long)cksum)) { + /* authenticator? */ + RET_N_FREE(retdat + krb_err_base); + } + + act_st = (u_char *) realloc((char *) act_st, + (unsigned) (act_len + authent.length + + priv_len)); + if (!act_st) { + clear_secrets(); + free((char *)priv_pak); + return(KADM_NOMEM); + } + bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length); + bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length, + priv_len); + free((char *)priv_pak); + if ((retdat = kadm_cli_out(act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free((char *)act_st); +#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);} + + /* first see if it's a YOULOUSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { + u_long errcode; + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + sizeof(u_long)) + RET_N_FREE2(KADM_BAD_VER); + bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode, + sizeof(u_long)); + retdat = (int) ntohl(errcode); + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if (retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, + sess_key, &client_parm.admin_addr, + &client_parm.my_addr, &mdat)) + RET_N_FREE2(retdat+krb_err_base); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + bcopy((char *)mdat.app_data+KADM_VERSIZE, + (char *)&retdat, sizeof(u_long)); + retdat = ntohl((u_long)retdat); + if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length - + KADM_VERSIZE - sizeof(u_long))))) + RET_N_FREE2(KADM_NOMEM); + bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_long), + (char *)return_dat, + (int)mdat.app_length - KADM_VERSIZE - sizeof(u_long)); + free((char *)*ret_dat); + clear_secrets(); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_long); + return retdat; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +kadm_cli_keyd(s_k, s_s) +des_cblock s_k; /* session key */ +des_key_schedule s_s; /* session key schedule */ +{ + CREDENTIALS cred; /* to get key data */ + int stat; + + /* want .sname and .sinst here.... */ + if (stat = krb_get_cred(client_parm.sname, client_parm.sinst, + client_parm.krbrlm, &cred)) + return stat + krb_err_base; + bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock)); + bzero((char *) cred.session, sizeof(des_cblock)); +#ifdef NOENCRYPTION + bzero(s_s, sizeof(des_key_schedule)); +#else + if (stat = key_sched(s_k,s_s)) + return(stat+krb_err_base); +#endif + return KADM_SUCCESS; +} /* This code "works" */ + +static sigtype (*opipe)(); + +kadm_cli_conn() +{ /* this connects and sets my_addr */ + int on = 1; + + if ((client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (connect(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.admin_addr))) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = signal(SIGPIPE, SIG_IGN); + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if (getsockname(client_parm.admin_fd, + (struct sockaddr *) & client_parm.my_addr, + &client_parm.my_addr_len) < 0) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) signal(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on, + sizeof(on)) < 0) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) signal(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } + return KADM_SUCCESS; +} + +kadm_cli_disconn() +{ + (void) close(client_parm.admin_fd); + (void) signal(SIGPIPE, opipe); + return; +} + +kadm_cli_out(dat, dat_len, ret_dat, ret_siz) +u_char *dat; +int dat_len; +u_char **ret_dat; +int *ret_siz; +{ + extern int errno; + u_short dlen; + int retval; + + dlen = (u_short) dat_len; + + if (dat_len != (int)dlen) + return (KADM_NO_ROOM); + + dlen = htons(dlen); + if (krb_net_write(client_parm.admin_fd, (char *) &dlen, + sizeof(u_short)) < 0) + return (errno); /* XXX */ + + if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + return (errno); /* XXX */ + + if (retval = krb_net_read(client_parm.admin_fd, (char *) &dlen, + sizeof(u_short)) != sizeof(u_short)) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + + dlen = ntohs(dlen); + *ret_dat = (u_char *)malloc((unsigned)dlen); + if (!*ret_dat) + return(KADM_NOMEM); + + if (retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat, + (int) dlen) != dlen) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + *ret_siz = (int) dlen; + return KADM_SUCCESS; +} diff --git a/eBones/lib/libkadm/kadm_err.et b/eBones/lib/libkadm/kadm_err.et new file mode 100644 index 0000000..9a04851 --- /dev/null +++ b/eBones/lib/libkadm/kadm_err.et @@ -0,0 +1,53 @@ +# $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v $ +# $Author: jtkohl $ +# $Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v 4.0 89/01/24 15:16:10 jtkohl Exp $ +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v 4.0 89/01/24 15:16:10 jtkohl Exp $" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database is locked or in use--try again later" +end diff --git a/eBones/lib/libkadm/kadm_stream.c b/eBones/lib/libkadm/kadm_stream.c new file mode 100644 index 0000000..6ceb02e --- /dev/null +++ b/eBones/lib/libkadm/kadm_stream.c @@ -0,0 +1,273 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Stream conversion functions for Kerberos administration server + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_stream_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_stream.c,v 4.2 89/09/26 09:20:48 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_stream.c,v 1.1 1995/01/20 02:02:53 wollman Exp $"; +#endif lint + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include "kadm.h" + +#define min(a,b) (((a) < (b)) ? (a) : (b)) + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +vals_to_stream(dt_in, dt_out) +Kadm_vals *dt_in; +u_char **dt_out; +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize+=vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize+=vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + break; + case KADM_ATTR: + stsize+=vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize+=vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize+=vts_long(dt_in->key_high, dt_out, stsize); + stsize+=vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } +} + return(stsize); +} + +build_field_header(cont, st) +u_char *cont; /* container for fields data */ +u_char **st; /* stream */ +{ + *st = (u_char *) malloc (4); + bcopy((char *) cont, (char *) *st, 4); + return 4; /* return pointer to current stream location */ +} + +vts_string(dat, st, loc) +char *dat; /* a string to put on the stream */ +u_char **st; /* base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1)); + bcopy(dat, (char *)(*st + loc), strlen(dat)+1); + return strlen(dat)+1; +} + +vts_short(dat, st, loc) +u_short dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + u_short temp; /* to hold the net order short */ + + temp = htons(dat); /* convert to network order */ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short))); + bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_short)); + return sizeof(u_short); +} + +vts_long(dat, st, loc) +u_long dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + u_long temp; /* to hold the net order short */ + + temp = htonl(dat); /* convert to network order */ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_long))); + bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_long)); + return sizeof(u_long); +} + + +vts_char(dat, st, loc) +u_char dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char))); + (*st)[loc] = (u_char) dat; + return 1; +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +stream_to_vals(dt_in, dt_out, maxlen) +u_char *dt_in; +Kadm_vals *dt_out; +int maxlen; /* max length to use */ +{ + register int vsloop, stsize; /* loop counter, stream size */ + register int status; + + bzero((char *) dt_out, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return(-1); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + if ((status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_INST: + if ((status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_EXPDATE: + if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_ATTR: + if ((status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MAXLIFE: + if ((status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_DESKEY: + if ((status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + if ((status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + default: + break; + } + return stsize; +} + +check_field_header(st, cont, maxlen) +u_char *st; /* stream */ +u_char *cont; /* container for fields data */ +int maxlen; +{ + if (4 > maxlen) + return(-1); + bcopy((char *) st, (char *) cont, 4); + return 4; /* return pointer to current stream location */ +} + +stv_string(st, dat, loc, stlen, maxlen) +register u_char *st; /* base pointer to the stream */ +char *dat; /* a string to read from the stream */ +register int loc; /* offset into the stream for current data */ +int stlen; /* max length of string to copy in */ +int maxlen; /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + maxcount = min(maxlen - loc, stlen); + + (void) strncpy(dat, (char *)st + loc, maxcount); + + if (dat[maxcount-1]) /* not null-term --> not enuf room */ + return(-1); + return strlen(dat)+1; +} + +stv_short(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_short *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; +{ + u_short temp; /* to hold the net order short */ + + if (loc + sizeof(u_short) > maxlen) + return(-1); + bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short)); + *dat = ntohs(temp); /* convert to network order */ + return sizeof(u_short); +} + +stv_long(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_long *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; /* maximum length of st */ +{ + u_long temp; /* to hold the net order short */ + + if (loc + sizeof(u_long) > maxlen) + return(-1); + bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long)); + *dat = ntohl(temp); /* convert to network order */ + return sizeof(u_long); +} + +stv_char(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_char *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; +{ + if (loc + 1 > maxlen) + return(-1); + *dat = *(st + loc); + return 1; +} + diff --git a/eBones/lib/libkadm/kadm_supp.c b/eBones/lib/libkadm/kadm_supp.c new file mode 100644 index 0000000..8b18621 --- /dev/null +++ b/eBones/lib/libkadm/kadm_supp.c @@ -0,0 +1,114 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Support functions for Kerberos administration server & clients + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_supp_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_supp.c,v 4.1 89/09/26 09:21:07 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_supp.c,v 1.1 1995/01/20 02:02:54 wollman Exp $"; +#endif lint + +/* + kadm_supp.c + this holds the support routines for the kerberos administration server + + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits + prin_vals: prints out data associated with a Principal in the vals + structure +*/ + +#include "kadm.h" +#include "krb_db.h" + +/* +prin_vals: + recieves : a vals structure +*/ +prin_vals(vals) +Kadm_vals *vals; +{ + printf("Info in Database for %s.%s:\n", vals->name, vals->instance); + printf(" Max Life: %d Exp Date: %s\n",vals->max_life, + asctime(localtime((long *)&vals->exp_date))); + printf(" Attribs: %.2x key: %u %u\n",vals->attributes, + vals->key_low, vals->key_high); +} + +#ifdef notdef +nierror(s) +int s; +{ + extern char *error_message(); + printf("Kerberos admin server loses..... %s\n",error_message(s)); + return(s); +} +#endif + +/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, + it copies the fields in Principal specified by fields into Kadm_vals, + i.e from old to new */ + +kadm_prin_to_vals(fields, new, old) +u_char fields[FLDSZ]; +Kadm_vals *new; +Principal *old; +{ + bzero((char *)new, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) { + (void) strncpy(new->name, old->name, ANAME_SZ); + SET_FIELD(KADM_NAME, new->fields); + } + if (IS_FIELD(KADM_INST,fields)) { + (void) strncpy(new->instance, old->instance, INST_SZ); + SET_FIELD(KADM_INST, new->fields); + } + if (IS_FIELD(KADM_EXPDATE,fields)) { + new->exp_date = old->exp_date; + SET_FIELD(KADM_EXPDATE, new->fields); + } + if (IS_FIELD(KADM_ATTR,fields)) { + new->attributes = old->attributes; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_MAXLIFE,fields)) { + new->max_life = old->max_life; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + SET_FIELD(KADM_DESKEY, new->fields); + } +} + +kadm_vals_to_prin(fields, new, old) +u_char fields[FLDSZ]; +Principal *new; +Kadm_vals *old; +{ + + bzero((char *)new, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) + (void) strncpy(new->name, old->name, ANAME_SZ); + if (IS_FIELD(KADM_INST,fields)) + (void) strncpy(new->instance, old->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,fields)) + new->exp_date = old->exp_date; + if (IS_FIELD(KADM_ATTR,fields)) + new->attributes = old->attributes; + if (IS_FIELD(KADM_MAXLIFE,fields)) + new->max_life = old->max_life; + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + } +} diff --git a/eBones/lib/libkdb/krb_cache.c b/eBones/lib/libkdb/krb_cache.c index 4d8c594..8da1d7d 100644 --- a/eBones/lib/libkdb/krb_cache.c +++ b/eBones/lib/libkdb/krb_cache.c @@ -1,17 +1,17 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file * <Copyright.MIT>. * * This is where a cache would be implemented, if it were necessary. * * from: krb_cache.c,v 4.5 89/01/24 18:12:34 jon Exp $ - * $Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $ + * $Id: krb_cache.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_cache.c,v 1.2 1994/07/19 19:23:35 g89r4222 Exp $"; +"$Id: krb_cache.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> @@ -34,7 +34,7 @@ extern long kerb_debug; static init = 0; /* - * initialization routine for cache + * initialization routine for cache */ int @@ -45,7 +45,7 @@ kerb_cache_init() } /* - * look up a principal in the cache returns number of principals found + * look up a principal in the cache returns number of principals found */ int @@ -66,7 +66,7 @@ kerb_cache_get_principal(serv, inst, principal, max) fprintf(stderr, "cache_get_principal for %s %s max = %d\n", serv, inst, max); #endif DEBUG - + #ifdef DEBUG if (kerb_debug & 2) { if (found) { @@ -83,7 +83,7 @@ kerb_cache_get_principal(serv, inst, principal, max) /* * insert/replace a principal in the cache returns number of principals - * inserted + * inserted */ int @@ -106,13 +106,13 @@ kerb_cache_put_principal(principal, max) max); } #endif - + for (i = 0; i < max; i++) { #ifdef DEBUG if (kerb_debug & 2) fprintf(stderr, "\n %s %s", principal->name, principal->instance); -#endif +#endif /* DO IT */ count++; principal++; @@ -121,7 +121,7 @@ kerb_cache_put_principal(principal, max) } /* - * look up a dba in the cache returns number of dbas found + * look up a dba in the cache returns number of dbas found */ int @@ -158,7 +158,7 @@ kerb_cache_get_dba(serv, inst, dba, max) } /* - * insert/replace a dba in the cache returns number of dbas inserted + * insert/replace a dba in the cache returns number of dbas inserted */ int @@ -183,7 +183,7 @@ kerb_cache_put_dba(dba, max) if (kerb_debug & 2) fprintf(stderr, "\n %s %s", dba->name, dba->instance); -#endif +#endif /* DO IT */ count++; dba++; diff --git a/eBones/lib/libkdb/krb_dbm.c b/eBones/lib/libkdb/krb_dbm.c index 754dd68..8bc283b 100644 --- a/eBones/lib/libkdb/krb_dbm.c +++ b/eBones/lib/libkdb/krb_dbm.c @@ -1,15 +1,15 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * from: krb_dbm.c,v 4.9 89/04/18 16:15:13 wesommer Exp $ - * $Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $ + * $Id: krb_dbm.c,v 1.2 1995/01/25 19:45:25 ache Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_dbm.c,v 1.2 1994/07/19 19:23:36 g89r4222 Exp $"; +"$Id: krb_dbm.c,v 1.2 1995/01/25 19:45:25 ache Exp $"; #endif lint #if defined(__FreeBSD__) @@ -69,14 +69,14 @@ static int non_blocking = 0; /* * Locking: - * + * * There are two distinct locking protocols used. One is designed to * lock against processes (the admin_server, for one) which make * incremental changes to the database; the other is designed to lock * against utilities (kdb_util, kpropd) which replace the entire * database in one fell swoop. * - * The first locking protocol is implemented using flock() in the + * The first locking protocol is implemented using flock() in the * krb_dbl_lock() and krb_dbl_unlock routines. * * The second locking protocol is necessary because DBM "files" are @@ -93,12 +93,12 @@ static int non_blocking = 0; * either time, the reader sleeps for a second to let things * stabilize, and then tries again; if it does not succeed after * KERB_DB_MAX_RETRY attempts, it gives up. - * + * * On update, the semaphore file is deleted (if it exists) before any * update takes place; at the end of the update, it is replaced, with * a version number strictly greater than the version number which * existed at the start of the update. - * + * * If the system crashes in the middle of an update, the semaphore * file is not automatically created on reboot; this is a feature, not * a bug, since the database may be inconsistant. Note that the @@ -140,7 +140,7 @@ static char *gen_dbsuffix(db_name, sfx) char *sfx; { char *dbsuffix; - + if (sfx == NULL) sfx = ".ok"; @@ -162,7 +162,7 @@ kerb_db_init() /* * gracefully shut down database--must be called by ANY program that does - * a kerb_db_init + * a kerb_db_init */ kerb_db_fini() @@ -201,7 +201,7 @@ long kerb_get_db_age() struct stat st; char *okname; long age; - + okname = gen_dbsuffix(current_db_name, ".ok"); if (stat (okname, &st) < 0) @@ -226,7 +226,7 @@ static long kerb_start_update(db_name) { char *okname = gen_dbsuffix(db_name, ".ok"); long age = kerb_get_db_age(); - + if (unlink(okname) < 0 && errno != ENOENT) { age = -1; @@ -243,7 +243,7 @@ static long kerb_end_update(db_name, age) int retval = 0; char *new_okname = gen_dbsuffix(db_name, ".ok#"); char *okname = gen_dbsuffix(db_name, ".ok"); - + fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); if (fd < 0) retval = errno; @@ -343,25 +343,39 @@ kerb_db_rename(from, to) char *from; char *to; { +#ifndef __FreeBSD__ char *fromdir = gen_dbsuffix (from, ".dir"); char *todir = gen_dbsuffix (to, ".dir"); char *frompag = gen_dbsuffix (from , ".pag"); char *topag = gen_dbsuffix (to, ".pag"); +#else + char *fromdb = gen_dbsuffix (from, ".db"); + char *todb = gen_dbsuffix (to, ".db"); +#endif char *fromok = gen_dbsuffix(from, ".ok"); long trans = kerb_start_update(to); int ok; - + +#ifndef __FreeBSD__ if ((rename (fromdir, todir) == 0) && (rename (frompag, topag) == 0)) { +#else + if (rename (fromdb, todb) == 0) { +#endif (void) unlink (fromok); ok = 1; } free (fromok); +#ifndef __FreeBSD__ free (fromdir); free (todir); free (frompag); free (topag); +#else + free(fromdb); + free(todb); +#endif if (ok) return kerb_end_update(to, trans); else @@ -370,7 +384,7 @@ kerb_db_rename(from, to) /* * look up a principal in the data base returns number of principals - * found , and whether there were more than requested. + * found , and whether there were more than requested. */ kerb_db_get_principal(name, inst, principal, max, more) @@ -613,7 +627,7 @@ delta_stat(a, b, c) /* * look up a dba in the data base returns number of dbas found , and - * whether there were more than requested. + * whether there were more than requested. */ kerb_db_get_dba(dba_name, dba_inst, dba, max, more) @@ -636,7 +650,7 @@ kerb_db_iterate (func, arg) Principal *principal; int code; DBM *db; - + kerb_db_init(); /* initialize and open the database */ if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) return code; @@ -687,7 +701,7 @@ static int kerb_dbl_lock(mode) int mode; { int flock_mode; - + if (!inited) kerb_dbl_init(); if (mylock) { /* Detect lock call when lock already @@ -709,8 +723,8 @@ static int kerb_dbl_lock(mode) } if (non_blocking) flock_mode |= LOCK_NB; - - if (flock(dblfd, flock_mode) < 0) + + if (flock(dblfd, flock_mode) < 0) return errno; mylock++; return 0; diff --git a/eBones/lib/libkdb/krb_kdb_utils.c b/eBones/lib/libkdb/krb_kdb_utils.c index 5fccc53..c283e0f 100644 --- a/eBones/lib/libkdb/krb_kdb_utils.c +++ b/eBones/lib/libkdb/krb_kdb_utils.c @@ -10,12 +10,12 @@ * Jon Rochlis, MIT Telecom, March 1988 * * from: krb_kdb_utils.c,v 4.1 89/07/26 11:01:12 jtkohl Exp $ - * $Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $ + * $Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: krb_kdb_utils.c,v 1.2 1994/07/19 19:23:38 g89r4222 Exp $"; +"$Id: krb_kdb_utils.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <des.h> @@ -79,7 +79,7 @@ long kdb_verify_master_key (master_key, master_key_sched, out) n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, 1 /* only one please */, &more); if ((n != 1) || more) { - if (out != (FILE *) NULL) + if (out != (FILE *) NULL) fprintf(out, "verify_master_key: %s, %d found.\n", "Kerberos error on master key version lookup", @@ -96,11 +96,11 @@ long kdb_verify_master_key (master_key, master_key_sched, out) /* * now use the master key to decrypt the key in the db, had better - * be the same! + * be the same! */ bcopy(&principal_data[0].key_low, key_from_db, 4); bcopy(&principal_data[0].key_high, ((long *) key_from_db) + 1, 4); - kdb_encrypt_key (key_from_db, key_from_db, + kdb_encrypt_key (key_from_db, key_from_db, master_key, master_key_sched, DECRYPT); /* the decrypted database key had better equal the master key */ diff --git a/eBones/lib/libkdb/krb_lib.c b/eBones/lib/libkdb/krb_lib.c index f0f1f6f..b90d1a5 100644 --- a/eBones/lib/libkdb/krb_lib.c +++ b/eBones/lib/libkdb/krb_lib.c @@ -1,16 +1,16 @@ /* - * $Source: /home/CVS/src/eBones/kdb/krb_lib.c,v $ - * $Author: g89r4222 $ + * $Source: /home/ncvs/src/eBones/kdb/krb_lib.c,v $ + * $Author: csgr $ * - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file - * <mit-copyright.h>. + * <mit-copyright.h>. */ #ifndef lint static char rcsid[] = -"$Id: krb_lib.c,v 1.2 1994/07/19 19:23:39 g89r4222 Exp $"; +"$Id: krb_lib.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> @@ -37,7 +37,7 @@ extern char *getenv(); static init = 0; /* - * initialization routine for data base + * initialization routine for data base */ int @@ -64,7 +64,7 @@ kerb_init() /* * finalization routine for database -- NOTE: MUST be called by any * program using kerb_init. ALSO will have to be modified to finalize - * caches, if they're ever really implemented. + * caches, if they're ever really implemented. */ int @@ -75,7 +75,7 @@ kerb_fini() /* * look up a principal in the cache or data base returns number of - * principals found + * principals found */ int @@ -99,10 +99,10 @@ kerb_get_principal(name, inst, principal, max, more) fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", progname, name, inst, max); #endif - + /* * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. + * since the cache may not be exhaustive. */ /* clear the principal area */ @@ -111,7 +111,7 @@ kerb_get_principal(name, inst, principal, max, more) #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. + * preceeded by a backslash. */ wild = 0; if (index(name, '*') || index(name, '?') || @@ -206,7 +206,7 @@ kerb_get_dba(name, inst, dba, max, more) #endif /* * if this is a request including a wild card, have to go to db - * since the cache may not be exhaustive. + * since the cache may not be exhaustive. */ /* clear the dba area */ @@ -215,7 +215,7 @@ kerb_get_dba(name, inst, dba, max, more) #ifdef CACHE /* * so check to see if the name contains a wildcard "*" or "?", not - * preceeded by a backslash. + * preceeded by a backslash. */ wild = 0; diff --git a/eBones/lib/libkdb/print_princ.c b/eBones/lib/libkdb/print_princ.c index 730cfb7..d04ca39 100644 --- a/eBones/lib/libkdb/print_princ.c +++ b/eBones/lib/libkdb/print_princ.c @@ -1,15 +1,15 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * - * from: $Header: /home/CVS/src/eBones/kdb/print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $ - * $Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $ + * from: $Header: /home/ncvs/src/eBones/kdb/print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ + * $Id: print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: print_princ.c,v 1.2 1994/07/19 19:23:41 g89r4222 Exp $"; +"$Id: print_princ.c,v 1.1.1.1 1994/09/30 14:49:55 csgr Exp $"; #endif lint #include <stdio.h> diff --git a/eBones/lib/libkrb/Makefile b/eBones/lib/libkrb/Makefile index 8336132..205b024 100644 --- a/eBones/lib/libkrb/Makefile +++ b/eBones/lib/libkrb/Makefile @@ -1,11 +1,11 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.4 1994/09/07 16:10:17 g89r4222 Exp $ +# $Id: Makefile,v 1.4 1995/01/20 01:12:19 wollman Exp $ LIB= krb SHLIB_MAJOR= 2 SHLIB_MINOR= 0 CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -I${.CURDIR}/../include -DBSD42 -SRCS= create_auth_reply.c create_ciph.c \ +SRCS= krb_err.c create_auth_reply.c create_ciph.c \ create_death_packet.c create_ticket.c debug_decl.c decomp_ticket.c \ des_rw.c dest_tkt.c extract_ticket.c fgetst.c get_ad_tkt.c \ get_admhst.c get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c \ @@ -20,12 +20,15 @@ SRCS= create_auth_reply.c create_ciph.c \ tkt_string.c util.c TDIR= ${.CURDIR}/.. -krb_err.et.c: ${COMPILE_ET} - (cd ${TDIR}/compile_et; make) - ${COMPILE_ET} ${.CURDIR}/krb_err.et -n +krb_err.c krb_err.h: krb_err.et + test -e krb_err.et || ln -s ${.CURDIR}/krb_err.et . + ${COMPILE_ET} krb_err.et +LDADD+= -lcom_err -beforedepend: krb_err.et.c - -CLEANFILES+= krb_err.et.c krb_err.h +beforeinstall: + -cd ${.OBJDIR}; cmp -s krb_err.h \ + ${DESTDIR}/usr/include/kerberosIV/krb_err.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 krb_err.h \ + ${DESTDIR}/usr/include/kerberosIV .include <bsd.lib.mk> diff --git a/eBones/lib/libkrb/create_auth_reply.c b/eBones/lib/libkrb/create_auth_reply.c index e47d4df..bfc3cfe 100644 --- a/eBones/lib/libkrb/create_auth_reply.c +++ b/eBones/lib/libkrb/create_auth_reply.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_auth_reply.c,v 4.10 89/01/13 17:47:38 steiner Exp $ - * $Id: create_auth_reply.c,v 1.2 1994/07/19 19:24:56 g89r4222 Exp $ + * $Id: create_auth_reply.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_auth_reply.c,v 1.2 1994/07/19 19:24:56 g89r4222 Exp $"; +"$Id: create_auth_reply.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -30,34 +30,34 @@ static char *rcsid = * must copy it elsewhere. * * The packet is built in the following format: - * + * * variable * type or constant data * ---- ----------- ---- - * + * * unsigned char KRB_PROT_VERSION protocol version number - * + * * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * + * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order - * + * * string pname principal's name - * + * * string pinst principal's instance - * + * * string prealm principal's realm - * + * * unsigned long time_ws client's timestamp - * + * * unsigned char n number of tickets - * + * * unsigned long x_date expiration date - * + * * unsigned char kvno master key version - * + * * short w_1 cipher length - * + * * --- cipher->dat cipher data */ diff --git a/eBones/lib/libkrb/create_ciph.c b/eBones/lib/libkrb/create_ciph.c index c3bc0db..634d371 100644 --- a/eBones/lib/libkrb/create_ciph.c +++ b/eBones/lib/libkrb/create_ciph.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_ciph.c,v 4.8 89/05/18 21:24:26 jis Exp $ - * $Id: create_ciph.c,v 1.2 1994/07/19 19:24:58 g89r4222 Exp $ + * $Id: create_ciph.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_ciph.c,v 1.2 1994/07/19 19:24:58 g89r4222 Exp $"; +"$Id: create_ciph.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -30,24 +30,24 @@ static char *rcsid = * variable * type or constant data * ---- ----------- ---- - * - * + * + * * 8 bytes session session key for client, service - * + * * string service service name - * + * * string instance service instance - * + * * string realm KDC realm - * + * * unsigned char life ticket lifetime - * + * * unsigned char kvno service key version number - * + * * unsigned char tkt->length length of following ticket - * + * * data tkt->dat ticket for service - * + * * 4 bytes kdc_time KDC's timestamp * * <=7 bytes null null pad to 8 byte multiple diff --git a/eBones/lib/libkrb/create_death_packet.c b/eBones/lib/libkrb/create_death_packet.c index f747d6b..080e8a8 100644 --- a/eBones/lib/libkrb/create_death_packet.c +++ b/eBones/lib/libkrb/create_death_packet.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: create_death_packet.c,v 4.9 89/01/17 16:05:59 rfrench Exp $ - * $Id: create_death_packet.c,v 1.2 1994/07/19 19:24:59 g89r4222 Exp $ + * $Id: create_death_packet.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: create_death_packet.c,v 1.2 1994/07/19 19:24:59 g89r4222 Exp $"; +"$Id: create_death_packet.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -32,12 +32,12 @@ static char *rcsid = * ---- ----------- ---- * * unsigned char KRB_PROT_VERSION protocol version number - * + * * unsigned char AUTH_MSG_DIE message type - * + * * [least significant HOST_BYTE_ORDER byte order of sender * bit of above field] - * + * * string a_name presumably, name of * principal sending killer * packet diff --git a/eBones/lib/libkrb/create_ticket.c b/eBones/lib/libkrb/create_ticket.c index 984d8e9..95d5ced 100644 --- a/eBones/lib/libkrb/create_ticket.c +++ b/eBones/lib/libkrb/create_ticket.c @@ -1,16 +1,16 @@ -/* +/* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. * For copying and distribution information, please see the file * <Copyright.MIT>. * * from: create_ticket.c,v 4.11 89/03/22 14:43:23 jtkohl Exp $ - * $Id: create_ticket.c,v 1.2 1994/07/19 19:25:01 g89r4222 Exp $ + * $Id: create_ticket.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: create_ticket.c,v 1.2 1994/07/19 19:25:01 g89r4222 Exp $"; +"$Id: create_ticket.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -35,35 +35,35 @@ static char rcsid[] = * corresponding changes should also be made to that file. * * The packet is built in the following format: - * + * * variable * type or constant data * ---- ----------- ---- * * tkt->length length of ticket (multiple of 8 bytes) - * + * * tkt->dat: - * + * * unsigned char flags namely, HOST_BYTE_ORDER - * + * * string pname client's name - * + * * string pinstance client's instance - * + * * string prealm client's realm - * + * * 4 bytes paddress client's address - * + * * 8 bytes session session key - * + * * 1 byte life ticket lifetime - * + * * 4 bytes time_sec KDC timestamp - * + * * string sname service's name - * + * * string sinstance service's instance - * + * * <=7 bytes null null pad to 8 byte multiple * */ diff --git a/eBones/lib/libkrb/des_rw.c b/eBones/lib/libkrb/des_rw.c index c958355..e5acb39 100644 --- a/eBones/lib/libkrb/des_rw.c +++ b/eBones/lib/libkrb/des_rw.c @@ -11,7 +11,7 @@ * are met: * 1. Redistributions of source code must retain the entire comment, * including the above copyright notice, this list of conditions - * and the following disclaimer, verbatim, at the beginning of + * and the following disclaimer, verbatim, at the beginning of * the source file. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the @@ -35,7 +35,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: des_rw.c,v 1.5 1994/09/24 18:54:41 g89r4222 Exp $ + * $Id: des_rw.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ /* @@ -61,11 +61,11 @@ * +--+--+--+--+--+--+--+--+ * | garbage | data | * | | - * +-----------------------+----> des_pcbc_encrypt() --> + * +-----------------------+----> des_pcbc_encrypt() --> * * (Note that the length field sent before the actual message specifies * the number of data bytes, not the length of the entire padded message. - * + * * When data is read, if the message received is longer than the number * of bytes requested, then the remaining bytes are stored until the * following call to des_read(). If the number of bytes received is @@ -160,7 +160,7 @@ int des_read(fd, buf, len) stored -= len; buff_ptr += len; return(len); - } else { + } else { if (stored) { bcopy(buff_ptr, buf, stored); nreturned = stored; @@ -184,11 +184,11 @@ int des_read(fd, buf, len) if(nread != pad_length) return(0); - des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr, + des_pcbc_encrypt((des_cblock*) des_buff, (des_cblock*) buff_ptr, (msg_length < 8 ? 8 : msg_length), key_sched, (des_cblock*) &des_key, DES_DECRYPT); - + if(msg_length < 8) buff_ptr += (8 - msg_length); stored = msg_length; @@ -237,7 +237,7 @@ int des_write(fd, buf, len) for(i = 0 ; i < 8 ; i+= sizeof(long)) { rnd = random(); - bcopy(&rnd, garbage+i, + bcopy(&rnd, garbage+i, (i <= (8 - sizeof(long)))?sizeof(long):(8-i)); } bcopy(buf, garbage + 8 - len, len); @@ -253,7 +253,7 @@ int des_write(fd, buf, len) write_len = htonl(len); - if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len)) + if(write(fd, &write_len, sizeof(write_len)) != sizeof(write_len)) return(-1); if(write(fd, des_buff, pad_len) != pad_len) return(-1); diff --git a/eBones/lib/libkrb/dest_tkt.c b/eBones/lib/libkrb/dest_tkt.c index 17c7855..6a06454 100644 --- a/eBones/lib/libkrb/dest_tkt.c +++ b/eBones/lib/libkrb/dest_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: dest_tkt.c,v 4.9 89/10/02 16:23:07 jtkohl Exp $ - * $Id: dest_tkt.c,v 1.2 1994/07/19 19:25:07 g89r4222 Exp $ + * $Id: dest_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: dest_tkt.c,v 1.2 1994/07/19 19:25:07 g89r4222 Exp $"; +"$Id: dest_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -75,8 +75,8 @@ out: if (errno == ENOENT) return RET_TKFIL; else if (errno != 0) return KFAILURE; #ifdef TKT_SHMEM - /* - * handle the shared memory case + /* + * handle the shared memory case */ (void) strcpy(shmidname, file); (void) strcat(shmidname, ".shm"); diff --git a/eBones/lib/libkrb/fgetst.c b/eBones/lib/libkrb/fgetst.c index d938013..b855541 100644 --- a/eBones/lib/libkrb/fgetst.c +++ b/eBones/lib/libkrb/fgetst.c @@ -1,15 +1,15 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * from: fgetst.c,v 4.0 89/01/23 10:08:31 jtkohl Exp $ - * $Id: fgetst.c,v 1.2 1994/07/19 19:25:10 g89r4222 Exp $ + * $Id: fgetst.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: fgetst.c,v 1.2 1994/07/19 19:25:10 g89r4222 Exp $"; +"$Id: fgetst.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -20,7 +20,7 @@ static char rcsid[] = * until it reads a null byte. When finished, what has been read exists * in "s". If "count" characters were actually read, the last is changed * to a null, so the returned string is always null-terminated. fgetst - * returns the number of characters read, including the null terminator. + * returns the number of characters read, including the null terminator. */ fgetst(f, s, n) diff --git a/eBones/lib/libkrb/get_ad_tkt.c b/eBones/lib/libkrb/get_ad_tkt.c index d8e1283..1c14d3c 100644 --- a/eBones/lib/libkrb/get_ad_tkt.c +++ b/eBones/lib/libkrb/get_ad_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_ad_tkt.c,v 4.15 89/07/07 15:18:51 jtkohl Exp $ - * $Id: get_ad_tkt.c,v 1.2 1994/07/19 19:25:11 g89r4222 Exp $ + * $Id: get_ad_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_ad_tkt.c,v 1.2 1994/07/19 19:25:11 g89r4222 Exp $"; +"$Id: get_ad_tkt.c,v 1.1.1.1 1994/09/30 14:49:59 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -55,7 +55,7 @@ unsigned long rep_err_code; * * TEXT original contents of authenticator+ticket * pkt->dat built in krb_mk_req call - * + * * 4 bytes time_ws always 0 (?) * char lifetime lifetime argument passed * string service service name argument @@ -106,12 +106,12 @@ get_ad_tkt(service,sinstance,realm,lifetime) /* * Look for the session key (and other stuff we don't need) - * in the ticket file for krbtgt.realm@lrealm where "realm" - * is the service's realm (passed in "realm" argument) and - * lrealm is the realm of our initial ticket. If we don't + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't * have this, we will try to get it. */ - + if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) { /* * If realm == lrealm, we have no hope, so let's not even try. @@ -119,20 +119,20 @@ get_ad_tkt(service,sinstance,realm,lifetime) if ((strncmp(realm, lrealm, REALM_SZ)) == 0) return(AD_NOTGT); else{ - if ((kerror = + if ((kerror = get_ad_tkt("krbtgt",realm,lrealm,lifetime)) != KSUCCESS) return(kerror); if ((kerror = krb_get_cred("krbtgt",realm,lrealm,&cr)) != KSUCCESS) return(kerror); } } - + /* * Make up a request packet to the "krbtgt.realm@lrealm". * Start by calling krb_mk_req() which puts ticket+authenticator * into "pkt". Then tack other stuff on the end. */ - + kerror = krb_mk_req(pkt,"krbtgt",realm,lrealm,0L); if (kerror) diff --git a/eBones/lib/libkrb/get_cred.c b/eBones/lib/libkrb/get_cred.c index baf7ae2..6eb63f6 100644 --- a/eBones/lib/libkrb/get_cred.c +++ b/eBones/lib/libkrb/get_cred.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_cred.c,v 4.10 89/05/31 17:46:22 jtkohl Exp $ - * $Id: get_cred.c,v 1.2 1994/07/19 19:25:14 g89r4222 Exp $ + * $Id: get_cred.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: get_cred.c,v 1.2 1994/07/19 19:25:14 g89r4222 Exp $"; +"$Id: get_cred.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -44,7 +44,7 @@ krb_get_cred(service,instance,realm,c) return (tf_status); /* Search for requested service credentials and copy into c */ - + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { /* Is this the right ticket? */ if ((strcmp(c->service,service) == 0) && diff --git a/eBones/lib/libkrb/get_in_tkt.c b/eBones/lib/libkrb/get_in_tkt.c index 5fb1560..00fc57a 100644 --- a/eBones/lib/libkrb/get_in_tkt.c +++ b/eBones/lib/libkrb/get_in_tkt.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_in_tkt.c,v 4.12 89/07/18 16:32:56 jtkohl Exp $ - * $Id: get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $ + * $Id: get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $"; +"$Id: get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -69,7 +69,7 @@ static int passwd_to_key(user,instance,realm,passwd,key) * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): * the name of a routine (passwd_to_key()) to be used to get the * password in case the "password" argument is null and NULL for the - * decryption procedure indicating that krb_get_in_tkt should use the + * decryption procedure indicating that krb_get_in_tkt should use the * default method of decrypting the response from the KDC. * * The result of the call to krb_get_in_tkt() is returned. @@ -86,8 +86,8 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) #ifdef NOENCRYPTION /* - * $Source: /home/CVS/src/eBones/krb/get_in_tkt.c,v $ - * $Author: g89r4222 $ + * $Source: /home/ncvs/src/eBones/krb/get_in_tkt.c,v $ + * $Author: csgr $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. @@ -102,7 +102,7 @@ krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) #ifndef lint static char rcsid_read_password_c[] = -"Bones$Header: /home/CVS/src/eBones/krb/get_in_tkt.c,v 1.2 1994/07/19 19:25:16 g89r4222 Exp $"; +"Bones$Header: /home/ncvs/src/eBones/krb/get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif lint #include <des.h> @@ -170,7 +170,7 @@ placebo_read_pw_string(s,max,prompt,verify) { int ok = 0; char *ptr; - + #ifdef BSDUNIX jmp_buf old_env; struct sgttyb tty_state; @@ -187,7 +187,7 @@ placebo_read_pw_string(s,max,prompt,verify) goto lose; /* save terminal state*/ - if (ioctl(0,TIOCGETP,&tty_state) == -1) + if (ioctl(0,TIOCGETP,&tty_state) == -1) return -1; push_signals(); diff --git a/eBones/lib/libkrb/get_krbhst.c b/eBones/lib/libkrb/get_krbhst.c index 16c4ff2..bb1ea50 100644 --- a/eBones/lib/libkrb/get_krbhst.c +++ b/eBones/lib/libkrb/get_krbhst.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: get_krbhst.c,v 4.8 89/01/22 20:00:29 rfrench Exp $ - * $Id: get_krbhst.c,v 1.2 1994/07/19 19:25:17 g89r4222 Exp $ + * $Id: get_krbhst.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: get_krbhst.c,v 1.2 1994/07/19 19:25:17 g89r4222 Exp $"; +"$Id: get_krbhst.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -33,7 +33,7 @@ static char *rcsid = * * The KRB_CONF file contains the name of the local realm in the first * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that + * entries. The words "admin server" following the hostname indicate that * the host provides an administrative database server. * * For example: diff --git a/eBones/lib/libkrb/get_svc_in_tkt.c b/eBones/lib/libkrb/get_svc_in_tkt.c index 6d9702f..0b0fe71 100644 --- a/eBones/lib/libkrb/get_svc_in_tkt.c +++ b/eBones/lib/libkrb/get_svc_in_tkt.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_svc_in_tkt.c,v 4.9 89/07/18 16:33:34 jtkohl Exp $ - * $Id: get_svc_in_tkt.c,v 1.2 1994/07/19 19:25:26 g89r4222 Exp $ + * $Id: get_svc_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_svc_in_tkt.c,v 1.2 1994/07/19 19:25:26 g89r4222 Exp $"; +"$Id: get_svc_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -57,7 +57,7 @@ static int srvtab_to_key(user, instance, realm, srvtab, key) * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), * plus two additional arguments: a pointer to the srvtab_to_key() * function to be used to get the key from the key file and a NULL - * for the decryption procedure indicating that krb_get_in_tkt should + * for the decryption procedure indicating that krb_get_in_tkt should * use the default method of decrypting the response from the KDC. * * It returns the return value of the krb_get_in_tkt() call. diff --git a/eBones/lib/libkrb/get_tf_fullname.c b/eBones/lib/libkrb/get_tf_fullname.c index 753ad1e..540e828 100644 --- a/eBones/lib/libkrb/get_tf_fullname.c +++ b/eBones/lib/libkrb/get_tf_fullname.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_tf_fullname.c,v 4.3 90/03/10 22:40:20 jon Exp $ - * $Id: get_tf_fullname.c,v 1.2 1994/07/19 19:25:28 g89r4222 Exp $ + * $Id: get_tf_fullname.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_tf_fullname.c,v 1.2 1994/07/19 19:25:28 g89r4222 Exp $"; +"$Id: get_tf_fullname.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -22,10 +22,10 @@ static char rcsid[] = */ /* - * krb_get_tf_fullname() takes four arguments: the name of the + * krb_get_tf_fullname() takes four arguments: the name of the * ticket file, and variables for name, instance, and realm to be - * returned in. Since the realm of a ticket file is not really fully - * supported, the realm used will be that of the the first ticket in + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in * the file as this is the one that was obtained with a password by * krb_get_in_tkt(). */ @@ -45,7 +45,7 @@ krb_get_tf_fullname(ticket_file, name, instance, realm) if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) return (tf_status); - + if (name) strcpy(name, c.pname); if (instance) @@ -59,8 +59,8 @@ krb_get_tf_fullname(ticket_file, name, instance, realm) return(KFAILURE); else return(tf_status); - } + } (void) tf_close(); - + return(tf_status); } diff --git a/eBones/lib/libkrb/get_tf_realm.c b/eBones/lib/libkrb/get_tf_realm.c index f405dcb..df2845e 100644 --- a/eBones/lib/libkrb/get_tf_realm.c +++ b/eBones/lib/libkrb/get_tf_realm.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: get_tf_realm.c,v 4.2 90/01/02 13:40:19 jtkohl Exp $ - * $Id: get_tf_realm.c,v 1.2 1994/07/19 19:25:30 g89r4222 Exp $ + * $Id: get_tf_realm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: get_tf_realm.c,v 1.2 1994/07/19 19:25:30 g89r4222 Exp $"; +"$Id: get_tf_realm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -21,9 +21,9 @@ static char rcsid[] = */ /* - * krb_get_tf_realm() takes two arguments: the name of a ticket + * krb_get_tf_realm() takes two arguments: the name of a ticket * and a variable to store the name of the realm in. - * + * */ krb_get_tf_realm(ticket_file, realm) diff --git a/eBones/lib/libkrb/getrealm.c b/eBones/lib/libkrb/getrealm.c index 96e9588..c850bd0 100644 --- a/eBones/lib/libkrb/getrealm.c +++ b/eBones/lib/libkrb/getrealm.c @@ -6,12 +6,12 @@ * routine to convert hostname into realm name. * * from: getrealm.c,v 4.6 90/01/02 13:35:56 jtkohl Exp $ - * $Id: getrealm.c,v 1.2 1994/07/19 19:25:31 g89r4222 Exp $ + * $Id: getrealm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: getrealm.c,v 1.2 1994/07/19 19:25:31 g89r4222 Exp $"; +"$Id: getrealm.c,v 1.1.1.1 1994/09/30 14:50:00 csgr Exp $"; #endif lint #include <strings.h> @@ -92,7 +92,7 @@ char *host; fclose(trans_file); return(ret_realm); } - if ((trans_host[0] == '.') && domain) { + if ((trans_host[0] == '.') && domain) { /* this is a domain match */ if (!strcasecmp(trans_host, domain)) { /* domain match, save for later */ diff --git a/eBones/lib/libkrb/in_tkt.c b/eBones/lib/libkrb/in_tkt.c index 53510da..5a05259 100644 --- a/eBones/lib/libkrb/in_tkt.c +++ b/eBones/lib/libkrb/in_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: kt.c,v 4.9 89/10/25 19:03:35 qjb Exp $ - * $Id: in_tkt.c,v 1.5 1994/09/24 14:30:09 g89r4222 Exp $ + * $Id: in_tkt.c,v 1.1.1.1 1994/09/30 14:50:01 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: in_tkt.c,v 1.5 1994/09/24 14:30:09 g89r4222 Exp $"; +"$Id: in_tkt.c,v 1.1.1.1 1994/09/30 14:50:01 csgr Exp $"; #endif /* lint */ #include <unistd.h> @@ -73,7 +73,7 @@ in_tkt(pname,pinst) (void) close(fd); goto out; } - + (void) fsync(fd); (void) close(fd); } diff --git a/eBones/lib/libkrb/krb.3 b/eBones/lib/libkrb/krb.3 index 208f034..98a720b 100644 --- a/eBones/lib/libkrb/krb.3 +++ b/eBones/lib/libkrb/krb.3 @@ -1,6 +1,6 @@ -.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $ -.\" $Author: bostic $ -.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $ +.\" $Source: /home/ncvs/src/eBones/man/krb.3,v $ +.\" $Author: rgrimes $ +.\" $Header: /home/ncvs/src/eBones/man/krb.3,v 1.1.1.1 1994/05/27 05:12:09 rgrimes Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -133,7 +133,7 @@ to the calling procedure. It is up to the application to get the authenticator to the service where it will be read by .I krb_rd_req. -Unless an attacker possesses the session key contained in the ticket, it +Unless an attacker posesses the session key contained in the ticket, it will be unable to modify the authenticator. Thus, the checksum can be used to verify the authenticity of the other data that will pass through a connection. @@ -171,15 +171,15 @@ particular problem encountered. See for the list of error codes. .PP If the last argument is the null string (""), krb_rd_req will use the -file /etc/srvtab to find its keys. If the last argument is NULL, it -will assume that the key has been set by +file /etc/kerberosIV/srvtab to find its keys. If the last argument is +NULL, it will assume that the key has been set by .I krb_set_key and will not bother looking further. .PP .I krb_kntoln converts a Kerberos name to a local name. It takes a structure of type AUTH_DAT and uses the name and instance to look in the database -/etc/aname to find the corresponding local name. The local name is +/etc/kerberosIV/aname to find the corresponding local name. The local name is returned and can be used by an application to change uids, directories, or other parameters. It is not an integral part of Kerberos, but is instead provided to support the use of Kerberos in existing utilities. diff --git a/eBones/lib/libkrb/krb_get_in_tkt.c b/eBones/lib/libkrb/krb_get_in_tkt.c index a37bb60..af92bc6 100644 --- a/eBones/lib/libkrb/krb_get_in_tkt.c +++ b/eBones/lib/libkrb/krb_get_in_tkt.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: der: krb_get_in_tkt.c,v 4.19 89/07/18 16:31:31 jtkohl Exp $ - * $Id: krb_get_in_tkt.c,v 1.2 1994/07/19 19:25:47 g89r4222 Exp $ + * $Id: krb_get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: krb_get_in_tkt.c,v 1.2 1994/07/19 19:25:47 g89r4222 Exp $"; +"$Id: krb_get_in_tkt.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -48,16 +48,16 @@ static int decrypt_tkt(user, instance, realm, arg, key_proc, cipp) #ifndef NOENCRYPTION /* Attempt to decrypt it */ #endif - + /* generate a key */ - + { register int rc; rc = (*key_proc)(user,instance,realm,arg,key); if (rc) return(rc); } - + #ifndef NOENCRYPTION key_sched(key,key_s); pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat, @@ -259,7 +259,7 @@ krb_get_in_tkt(user, instance, realm, service, sinstance, life, kvno = (unsigned char) ptr[1]; tkt->length = (unsigned char) ptr[2]; ptr += 3; - + if ((tkt->length < 0) || ((tkt->length + (ptr - (char *) cip->dat)) > cip->length)) return(INTK_BADPW); diff --git a/eBones/lib/libkrb/krb_realmofhost.3 b/eBones/lib/libkrb/krb_realmofhost.3 index f284069..63aa1eb 100644 --- a/eBones/lib/libkrb/krb_realmofhost.3 +++ b/eBones/lib/libkrb/krb_realmofhost.3 @@ -1,5 +1,5 @@ .\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $ -.\" $Id: krb_realmofhost.3,v 1.2 1994/07/19 19:27:46 g89r4222 Exp $ +.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ krb_get_lrealm \- additional Kerberos utility routines .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .ft B @@ -48,7 +48,7 @@ int n; returns the Kerberos realm of the host .IR host , as determined by the translation table -.IR /etc/krb.realms . +.IR /etc/kerberosIV/krb.realms . .I host should be the fully-qualified domain-style primary host name of the host in question. In order to prevent certain security attacks, this routine @@ -96,7 +96,7 @@ with the hostname of the host running a Kerberos key distribution center (KDC) for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). The configuration file is described by .IR krb.conf (5). If the host is successfully filled in, the routine @@ -119,7 +119,7 @@ with the hostname of the host running a Kerberos KDC database administration server for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). If the file cannot be opened or is malformed, or there are fewer than .I n hosts running a Kerberos KDC database administration server, @@ -145,10 +145,10 @@ should be at least REALM_SZ (from kerberos(3), krb.conf(5), krb.realms(5) .SH FILES .TP 20n -/etc/krb.realms +/etc/kerberosIV/krb.realms translation file for host-to-realm mapping. .TP -/etc/krb.conf +/etc/kerberosIV/krb.conf local realm-name and realm/server configuration file. .SH BUGS The current convention for instance names is too limited; the full diff --git a/eBones/lib/libkrb/krb_sendauth.3 b/eBones/lib/libkrb/krb_sendauth.3 index f5e95b7..a749bb5 100644 --- a/eBones/lib/libkrb/krb_sendauth.3 +++ b/eBones/lib/libkrb/krb_sendauth.3 @@ -1,5 +1,5 @@ .\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.2 1994/07/19 19:27:47 g89r4222 Exp $ +.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1988 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ Kerberos routines for sending authentication via network stream sockets .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .fi @@ -295,7 +295,7 @@ function. If you set this argument to "", .I krb_rd_req looks for the service key in the file -.IR /etc/srvtab. +.IR /etc/kerberosIV/srvtab. If the client and server are performing mutual authenication, the @@ -345,4 +345,4 @@ John T. Kohl, MIT Project Athena .SH RESTRICTIONS Copyright 1988, Massachusetts Instititute of Technology. For copying and distribution information, -please see the file <mit-copyright.h>. +please see the file <Copyright.h>. diff --git a/eBones/lib/libkrb/krb_set_tkt_string.3 b/eBones/lib/libkrb/krb_set_tkt_string.3 index c9f3dcf..73b5e5d 100644 --- a/eBones/lib/libkrb/krb_set_tkt_string.3 +++ b/eBones/lib/libkrb/krb_set_tkt_string.3 @@ -1,5 +1,5 @@ .\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $ -.\" $Id: krb_set_tkt_string.3,v 1.2 1994/07/19 19:27:49 g89r4222 Exp $ +.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ krb_set_tkt_string \- set Kerberos ticket cache file name .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B void krb_set_tkt_string(filename) diff --git a/eBones/lib/libkrb/kuserok.3 b/eBones/lib/libkrb/kuserok.3 index 36968ba..c7581a6 100644 --- a/eBones/lib/libkrb/kuserok.3 +++ b/eBones/lib/libkrb/kuserok.3 @@ -1,5 +1,5 @@ .\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $ -.\" $Id: kuserok.3,v 1.2 1994/07/19 19:27:58 g89r4222 Exp $ +.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ kuserok \- Kerberos version of ruserok .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B kuserok(kdata, localuser) diff --git a/eBones/lib/libkrb/kuserok.c b/eBones/lib/libkrb/kuserok.c index cb1f708..404532d 100644 --- a/eBones/lib/libkrb/kuserok.c +++ b/eBones/lib/libkrb/kuserok.c @@ -7,12 +7,12 @@ * access to a local account * * from: kuserok.c,v 4.5 89/01/23 09:25:21 jtkohl Exp $ - * $Id: kuserok.c,v 1.2 1994/07/19 19:25:50 g89r4222 Exp $ + * $Id: kuserok.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kuserok.c,v 1.2 1994/07/19 19:25:50 g89r4222 Exp $"; +"$Id: kuserok.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif lint #include <krb.h> @@ -60,9 +60,9 @@ static char rcsid[] = * The parmtable defines the keywords we will recognize with their * default values, and keeps a pointer to the found value. The found * value should be filled in with strsave(), since FreeParameterSet() - * will release memory for all non-NULL found strings. + * will release memory for all non-NULL found strings. * -*** NOTE WELL! *** +*** NOTE WELL! *** * * The table below is very nice, but we cannot hard-code a default for the * realm: we have to get the realm via krb_get_lrealm(). Even though the @@ -70,7 +70,7 @@ static char rcsid[] = * kuserok to whatever krb_get_lrealm() tells us. That code assumes that * the realm will be the entry number in the table below, so if you * change the order of the entries below, you have to change the - * #definition of REALM_SCRIPT to reflect it. + * #definition of REALM_SCRIPT to reflect it. */ #define REALM_SUBSCRIPT 1 parmtable kparm[] = { @@ -113,7 +113,7 @@ kuserok(kdata, luser) * if he's trying to log in as himself, and there is no .klogin file, * let him. To find out, call * krb_kntoln to convert the triple in kdata to a name which we can - * string compare. + * string compare. */ if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) { return(OK); @@ -141,7 +141,7 @@ kuserok(kdata, luser) /* * change the default realm from the hard-coded value to the - * accepted realm that Kerberos specifies. + * accepted realm that Kerberos specifies. */ rc = krb_get_lrealm(local_realm, 1); if (rc == KSUCCESS) diff --git a/eBones/lib/libkrb/mk_priv.c b/eBones/lib/libkrb/mk_priv.c index 3bae4ed..3050cf4 100644 --- a/eBones/lib/libkrb/mk_priv.c +++ b/eBones/lib/libkrb/mk_priv.c @@ -16,12 +16,12 @@ * Steve Miller Project Athena MIT/DEC * * from: mk_priv.c,v 4.13 89/03/22 14:48:59 jtkohl Exp $ - * $Id: mk_priv.c,v 1.2 1994/07/19 19:25:56 g89r4222 Exp $ + * $Id: mk_priv.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: mk_priv.c,v 1.2 1994/07/19 19:25:56 g89r4222 Exp $"; +"$Id: mk_priv.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -80,7 +80,7 @@ static long msg_time_sec; #ifndef NOENCRYPT * we encrypt from here with pcbc_encrypt #endif - * + * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds @@ -154,15 +154,15 @@ long krb_mk_priv(in,out,length,schedule,key,sender,receiver) * direction bit is the sign bit of the timestamp. Ok * until 2038?? */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ + receiver->sin_addr.s_addr)==-1) + msg_time_sec = -msg_time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) + if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) + msg_time_sec = -msg_time_sec; /* stuff time sec */ bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec)); p += sizeof(msg_time_sec); diff --git a/eBones/lib/libkrb/mk_req.c b/eBones/lib/libkrb/mk_req.c index bb0f097..fd31717 100644 --- a/eBones/lib/libkrb/mk_req.c +++ b/eBones/lib/libkrb/mk_req.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: der: mk_req.c,v 4.17 89/07/07 15:20:35 jtkohl Exp $ - * $Id: mk_req.c,v 1.2 1994/07/19 19:25:57 g89r4222 Exp $ + * $Id: mk_req.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: mk_req.c,v 1.2 1994/07/19 19:25:57 g89r4222 Exp $"; +"$Id: mk_req.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -95,14 +95,14 @@ krb_mk_req(authent,service,instance,realm,checksum) /* Get the ticket and move it into the authenticator */ if (krb_ap_req_debug) printf("Realm: %s\n",realm); - /* + /* * Determine realm of these tickets. We will send this to the * KDC from which we are requesting tickets so it knows what to * with our session key. */ if ((retval = krb_get_tf_realm(TKT_FILE, myrealm)) != KSUCCESS) return(retval); - + retval = krb_get_cred(service,instance,realm,&cr); if (retval == RET_NOTKT) { @@ -177,10 +177,10 @@ krb_mk_req(authent,service,instance,realm,checksum) return(KSUCCESS); } -/* +/* * krb_set_lifetime sets the default lifetime for additional tickets * obtained via krb_mk_req(). - * + * * It returns the previous value of the default lifetime. */ diff --git a/eBones/lib/libkrb/mk_safe.c b/eBones/lib/libkrb/mk_safe.c index 567004b..46a80f7 100644 --- a/eBones/lib/libkrb/mk_safe.c +++ b/eBones/lib/libkrb/mk_safe.c @@ -15,12 +15,12 @@ * Steve Miller Project Athena MIT/DEC * * from: mk_safe.c,v 4.12 89/03/22 14:50:49 jtkohl Exp $ - * $Id: mk_safe.c,v 1.2 1994/07/19 19:25:59 g89r4222 Exp $ + * $Id: mk_safe.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: mk_safe.c,v 1.2 1994/07/19 19:25:59 g89r4222 Exp $"; +"$Id: mk_safe.c,v 1.1.1.1 1994/09/30 14:50:02 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -65,7 +65,7 @@ static long msg_time_sec; * HOST_BYTE_ORDER byte order in low bit * * ===================== begin checksum ================================ - * + * * 4 bytes length length of user data * length in user data * 1 byte msg_time_5ms timestamp milliseconds @@ -132,15 +132,15 @@ long krb_mk_safe(in,out,length,key,sender,receiver) * direction bit is the sign bit of the timestamp. Ok until * 2038?? */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ - receiver->sin_addr.s_addr)==-1) - msg_time_sec = -msg_time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) - if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) - msg_time_sec = -msg_time_sec; + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (lsb_net_ulong_less(sender->sin_addr.s_addr, /* src < recv */ + receiver->sin_addr.s_addr)==-1) + msg_time_sec = -msg_time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) + if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port) == -1) + msg_time_sec = -msg_time_sec; /* * all that for one tiny bit! Heaven help those that talk to * themselves. diff --git a/eBones/lib/libkrb/rd_priv.c b/eBones/lib/libkrb/rd_priv.c index 9adefec..0e3d906 100644 --- a/eBones/lib/libkrb/rd_priv.c +++ b/eBones/lib/libkrb/rd_priv.c @@ -15,12 +15,12 @@ * Steve Miller Project Athena MIT/DEC * * from: rd_priv.c,v 4.14 89/04/28 11:59:42 jtkohl Exp $ - * $Id: rd_priv.c,v 1.2 1994/07/19 19:26:11 g89r4222 Exp $ + * $Id: rd_priv.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[]= -"$Id: rd_priv.c,v 1.2 1994/07/19 19:26:11 g89r4222 Exp $"; +"$Id: rd_priv.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -154,17 +154,17 @@ long krb_rd_priv(in,in_length,schedule,key,sender,receiver,m_data) p += sizeof(m_data->time_sec); /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) + receiver->sin_addr.s_addr)==-1) + /* src < recv */ + m_data->time_sec = - m_data->time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) /* src < recv */ - m_data->time_sec = - m_data->time_sec; + m_data->time_sec = - m_data->time_sec; /* * all that for one tiny bit! * Heaven help those that talk to themselves. diff --git a/eBones/lib/libkrb/rd_safe.c b/eBones/lib/libkrb/rd_safe.c index e500b4d..3bfc490 100644 --- a/eBones/lib/libkrb/rd_safe.c +++ b/eBones/lib/libkrb/rd_safe.c @@ -13,12 +13,12 @@ * Steve Miller Project Athena MIT/DEC * * from: rd_safe.c,v 4.12 89/01/23 15:16:16 steiner Exp $ - * $Id: rd_safe.c,v 1.2 1994/07/19 19:26:15 g89r4222 Exp $ + * $Id: rd_safe.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: rd_safe.c,v 1.2 1994/07/19 19:26:15 g89r4222 Exp $"; +"$Id: rd_safe.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ /* system include files */ @@ -134,17 +134,17 @@ krb_rd_safe protocol err sizeof(u_long) != sizeof(struct in_addr)"); p += sizeof(m_data->time_sec); /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==-1) - /* src < recv */ - m_data->time_sec = - m_data->time_sec; - else if (lsb_net_ulong_less(sender->sin_addr.s_addr, - receiver->sin_addr.s_addr)==0) + receiver->sin_addr.s_addr)==-1) + /* src < recv */ + m_data->time_sec = - m_data->time_sec; + else if (lsb_net_ulong_less(sender->sin_addr.s_addr, + receiver->sin_addr.s_addr)==0) if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1) /* src < recv */ - m_data->time_sec = - m_data->time_sec; + m_data->time_sec = - m_data->time_sec; /* * All that for one tiny bit! Heaven help those that talk to diff --git a/eBones/lib/libkrb/read_service_key.c b/eBones/lib/libkrb/read_service_key.c index 4d66710..c68a8fc 100644 --- a/eBones/lib/libkrb/read_service_key.c +++ b/eBones/lib/libkrb/read_service_key.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: _service_key.c,v 4.10 90/03/10 19:06:56 jon Exp $ - * $Id: read_service_key.c,v 1.2 1994/07/19 19:26:16 g89r4222 Exp $ + * $Id: read_service_key.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char *rcsid = -"$Id: read_service_key.c,v 1.2 1994/07/19 19:26:16 g89r4222 Exp $"; +"$Id: read_service_key.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif /* lint */ #include <krb.h> @@ -26,7 +26,7 @@ static char *rcsid = * and "realm" and a key version number "kvno", and looks in the given * "file" for the corresponding entry, and if found, returns the entry's * key field in "key". - * + * * If "instance" contains the string "*", then it will match * any instance, and the chosen instance will be copied to that * string. For this reason it is important that the there is enough @@ -102,7 +102,7 @@ read_service_key(service,instance,realm,kvno,file,key) strcmp(realm,"ATHENA.MIT.EDU"))) continue; #else /* ! ATHENA_COMPAT */ - if (strcmp(rlm,realm)) + if (strcmp(rlm,realm)) continue; #endif /* ATHENA_COMPAT */ diff --git a/eBones/lib/libkrb/recvauth.c b/eBones/lib/libkrb/recvauth.c index fe26814..2ab364f 100644 --- a/eBones/lib/libkrb/recvauth.c +++ b/eBones/lib/libkrb/recvauth.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: recvauth.c,v 4.4 90/03/10 19:03:08 jon Exp $"; - * $Id: recvauth.c,v 1.2 1994/07/19 19:26:18 g89r4222 Exp $ + * $Id: recvauth.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: recvauth.c,v 1.2 1994/07/19 19:26:18 g89r4222 Exp $"; +"$Id: recvauth.c,v 1.1.1.1 1994/09/30 14:50:03 csgr Exp $"; #endif lint #include <krb.h> @@ -214,7 +214,7 @@ char *version; /* version string (filled in) */ if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != sizeof(tkt_len)) return(errno); - + /* sanity check */ ticket->length = ntohl((unsigned long)tkt_len); if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { diff --git a/eBones/lib/libkrb/send_to_kdc.c b/eBones/lib/libkrb/send_to_kdc.c index aeaf389..43f04a2 100644 --- a/eBones/lib/libkrb/send_to_kdc.c +++ b/eBones/lib/libkrb/send_to_kdc.c @@ -4,7 +4,7 @@ * <Copyright.MIT>. * * from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $ - * $Id: send_to_kdc.c,v 1.2 1994/07/19 19:26:21 g89r4222 Exp $ + * $Id: send_to_kdc.c,v 1.3 1995/01/25 06:37:33 gibbs Exp $ */ #ifndef lint @@ -213,17 +213,19 @@ send_to_kdc(pkt,rpkt,realm) rtn: (void) close(f); if (hostlist) { - register struct hostent *hp; - for (hp = hostlist; hp->h_name; hp++) + if(!no_host) { + register struct hostent *hp; + for (hp = hostlist; hp->h_name; hp++) #if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - if (hp->h_addr_list) { + if (hp->h_addr_list) { #endif /* ULTRIX022 || SunOS */ - if (hp->h_addr) - free(hp->h_addr); + if (hp->h_addr) + free(hp->h_addr); #if !(defined(ULTRIX022) || (defined(SunOS) && SunOS < 40)) - free((char *)hp->h_addr_list); - } + free((char *)hp->h_addr_list); + } #endif /* ULTRIX022 || SunOS */ + } free((char *)hostlist); } return(retval); @@ -255,7 +257,7 @@ static send_recv(pkt,rpkt,f,_to,addrs) printf("Sending message..."); (void) fflush(stdout); } - if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0, + if ((numsent = sendto(f,(char *)(pkt->dat), pkt->length, 0, (struct sockaddr *)_to, S_AD_SZ)) != pkt->length) { if (krb_debug) diff --git a/eBones/lib/libkrb/tf_shm.c b/eBones/lib/libkrb/tf_shm.c index 5548f0d..f2f97ab 100644 --- a/eBones/lib/libkrb/tf_shm.c +++ b/eBones/lib/libkrb/tf_shm.c @@ -7,12 +7,12 @@ * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu). * * from: tf_shm.c,v 4.2 89/10/25 23:26:46 qjb Exp $ - * $Id: tf_shm.c,v 1.2 1994/07/19 19:26:26 g89r4222 Exp $ + * $Id: tf_shm.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: tf_shm.c,v 1.2 1994/07/19 19:26:26 g89r4222 Exp $"; +"$Id: tf_shm.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif lint #include <stdio.h> @@ -51,15 +51,15 @@ char *file_name; don't slowly lose memory. */ shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT); - if (shmid == -1) { + if (shmid == -1) { if (krb_debug) perror("krb_shm_create shmget"); return(KFAILURE); /* XXX */ } me = getuid(); metoo = geteuid(); - /* - * now set up the buffer so that we can modify it + /* + * now set up the buffer so that we can modify it */ shm_buf.shm_perm.uid = me; shm_buf.shm_perm.gid = getgid(); @@ -89,13 +89,13 @@ char *file_name; perror("krb_shm_create file"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } if (fchmod(fileno(sfile),0600) < 0) { if (krb_debug) perror("krb_shm_create fchmod"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } if (me != metoo) { if (setreuid(me, metoo) < 0) { /* can't switch??? barf! */ @@ -126,11 +126,11 @@ char *file_name; int krb_is_diskless() { struct stat buf; - if (stat("/.diskless",&buf) < 0) + if (stat("/.diskless",&buf) < 0) return(0); else return(1); } - + /* * krb_shm_dest: destroy shared memory segment with session keys, and remove * file pointing to it. @@ -156,7 +156,7 @@ char *file; perror("krb_shm_dest: cannot delete shm segment"); (void) fclose(sfile); return(KFAILURE); /* XXX */ - } + } } else { if (krb_debug) fprintf(stderr, "bad format in shmid file\n"); @@ -170,5 +170,5 @@ char *file; return(RET_TKFIL); /* XXX */ } - + diff --git a/eBones/lib/libkrb/tf_util.3 b/eBones/lib/libkrb/tf_util.3 index 3a9bc94..ee6e436 100644 --- a/eBones/lib/libkrb/tf_util.3 +++ b/eBones/lib/libkrb/tf_util.3 @@ -1,5 +1,5 @@ .\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $ -.\" $Id: tf_util.3,v 1.2 1994/07/19 19:28:05 g89r4222 Exp $ +.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,7 +13,7 @@ tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B extern char *krb_err_txt[]; diff --git a/eBones/lib/libkrb/tf_util.c b/eBones/lib/libkrb/tf_util.c index a9e8551..cb4908e 100644 --- a/eBones/lib/libkrb/tf_util.c +++ b/eBones/lib/libkrb/tf_util.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: tf_util.c,v 4.9 90/03/10 19:19:45 jon Exp $ - * $Id: tf_util.c,v 1.2 1994/07/19 19:26:28 g89r4222 Exp $ + * $Id: tf_util.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: tf_util.c,v 1.2 1994/07/19 19:26:28 g89r4222 Exp $"; +"$Id: tf_util.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -51,7 +51,7 @@ char *shmat(); * are invalid (ie. when deciding whether tf_init has been * called.) * c. In tf_close, be sure it gets reinitialized to a negative - * number. + * number. */ static fd = -1; static curpos; /* Position in tfbfr */ @@ -109,13 +109,13 @@ static tf_gets(), tf_read(); /* * tf_init() should be called before the other ticket file routines. * It takes the name of the ticket file to use, "tf_name", and a - * read/write flag "rw" as arguments. + * read/write flag "rw" as arguments. * * It tries to open the ticket file, checks the mode, and if everything * is okay, locks the file. If it's opened for reading, the lock is - * shared. If it's opened for writing, the lock is exclusive. + * shared. If it's opened for writing, the lock is exclusive. * - * Returns KSUCCESS if all went well, otherwise one of the following: + * Returns KSUCCESS if all went well, otherwise one of the following: * * NO_TKT_FIL - file wasn't there * TKT_FIL_ACC - file was in wrong mode, etc. @@ -129,7 +129,7 @@ tf_init(tf_name, rw) uid_t me, getuid(); struct stat stat_buf; #ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; + char shmidname[MAXPATHLEN]; FILE *sfp; int shmid; #endif @@ -170,7 +170,7 @@ tf_init(tf_name, rw) * If "wflag" is set, open the ticket file in append-writeonly mode * and lock the ticket file in exclusive mode. If unable to lock * the file, sleep and try again. If we fail again, return with the - * proper error message. + * proper error message. */ curpos = sizeof(tfbfr); @@ -214,7 +214,7 @@ tf_init(tf_name, rw) } tmp_shm_addr = krb_shm_addr; #endif /* TKT_SHMEM */ - + if (wflag) { fd = open(tf_name, O_RDWR, 0600); if (fd < 0) { @@ -232,7 +232,7 @@ tf_init(tf_name, rw) } /* * Otherwise "wflag" is not set and the ticket file should be opened - * for read-only operations and locked for shared access. + * for read-only operations and locked for shared access. */ fd = open(tf_name, O_RDONLY, 0600); @@ -256,7 +256,7 @@ tf_init(tf_name, rw) * principal's name is filled into the "p" parameter. If all goes well, * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is * returned. If the name was null, or EOF was encountered, or the name - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. */ tf_get_pname(p) @@ -279,7 +279,7 @@ tf_get_pname(p) * goes well, KSUCCESS is returned. If tf_init() wasn't called, * TKT_FIL_INI is returned. If EOF was encountered, or the instance * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the - * instance may be null. + * instance may be null. */ tf_get_pinst(inst) @@ -299,7 +299,7 @@ tf_get_pinst(inst) * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills * in the given structure "c". It should only be called after tf_init(), * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, - * KSUCCESS is returned. Possible error codes are: + * KSUCCESS is returned. Possible error codes are: * * TKT_FIL_INI - tf_init wasn't called first * TKT_FIL_FMT - bad format @@ -394,7 +394,7 @@ tf_close() * tf_gets() is an internal routine. It takes a string "s" and a count * "n", and reads from the file until either it has read "n" characters, * or until it reads a null byte. When finished, what has been read exists - * in "s". If it encounters EOF or an error, it closes the ticket file. + * in "s". If it encounters EOF or an error, it closes the ticket file. * * Possible return values are: * @@ -408,7 +408,7 @@ tf_close() * file is seriously ill. */ -static +static tf_gets(s, n) register char *s; { @@ -455,7 +455,7 @@ tf_read(s, n) register n; { register count; - + for (count = n; count > 0; --count) { if (curpos >= sizeof(tfbfr)) { lastpos = read(fd, tfbfr, sizeof(tfbfr)); @@ -469,7 +469,7 @@ tf_read(s, n) } return n; } - + char *tkt_string(); /* diff --git a/eBones/lib/libtelnet/Makefile b/eBones/lib/libtelnet/Makefile index 90a0be8..5b700e6 100644 --- a/eBones/lib/libtelnet/Makefile +++ b/eBones/lib/libtelnet/Makefile @@ -1,12 +1,42 @@ # From: @(#)Makefile 8.2 (Berkeley) 12/15/93 -# $Id: Makefile,v 1.2 1994/08/05 02:02:36 wollman Exp $ +# $Id: Makefile,v 1.7 1995/07/24 21:57:58 ache Exp $ + +# This stuff need original libdes to run (new_rnd_key.c module), +# current eBones/des lib don't have it +# Kerberos4 stuff ifdefed by MAKE_KERBEROS (make.conf) because of it LIB= telnet -SRCS= auth.c encrypt.c genget.c getent.c misc.c -SRCS+= kerberos.c enc_des.c -#SRCS+= kerberos5.c +SRCS= auth.c encrypt.c genget.c getent.c misc.c +SRCS+= enc_des.c +SRCS+= spx.c rsaencpwd.c read_password.c CFLAGS+= -DHAS_CGETENT +#ifdef ENCRYPTION + +CFLAGS+= -DENCRYPTION -DAUTHENTICATION + +.ifdef MAKE_KERBEROS +.if exists(/usr/lib/libkrb.a) +CFLAGS+= -DKRB4 -I/usr/include/kerberosIV -DDES_ENCRYPTION +# KRB4_ENCPWD not yet defined +#CFLAGS+= -DKRB4_ENCPWD +SRCS+= kerberos.c +# KRB4_ENCPWD not yet defined +#SRCS+= krb4encpwd.c +LDADD+= -ldes -lkrb +.endif +.endif + +.if exists(/usr/lib/libkrb5.a) +CFLAGS+= -DKRB5 -DFORWARD -DDES_ENCRYPTION +SRCS+= kerberos5.c forward.c +LDADD+= -ldes -lkrb5 +.endif + +LDADD+= -ldescrypt + +#endif /* ENCRYPTION */ + # These are the sources that have encryption stuff in them. CRYPT_SRC= auth.c enc-proto.h enc_des.c encrypt.c CRYPT_SRC+= encrypt.h kerberos.c kerberos5.c krb4encpwd.c diff --git a/eBones/lib/libtelnet/auth-proto.h b/eBones/lib/libtelnet/auth-proto.h index 06bba2b..111033d 100644 --- a/eBones/lib/libtelnet/auth-proto.h +++ b/eBones/lib/libtelnet/auth-proto.h @@ -40,7 +40,7 @@ * to require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright diff --git a/eBones/lib/libtelnet/auth.c b/eBones/lib/libtelnet/auth.c index 1eb198a..64f5ce9 100644 --- a/eBones/lib/libtelnet/auth.c +++ b/eBones/lib/libtelnet/auth.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)auth.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -222,6 +222,9 @@ auth_init(name, server) Name, ap->type, ap->way); } + else if (auth_debug_mode) + printf(">>>%s: Init failed: auth type %d %d\r\n", + Name, ap->type, ap->way); ++ap; } } @@ -246,7 +249,7 @@ getauthmask(type, maskp) { register int x; - if (strcasecmp(type, AUTHTYPE_NAME(0))) { + if (!strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = -1; return(1); } @@ -262,14 +265,14 @@ getauthmask(type, maskp) int auth_enable(type) - int type; + char * type; { return(auth_onoff(type, 1)); } int auth_disable(type) - int type; + char * type; { return(auth_onoff(type, 0)); } @@ -279,15 +282,20 @@ auth_onoff(type, on) char *type; int on; { - int mask = -1; + int i, mask = -1; Authenticator *ap; if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { printf("auth %s 'type'\n", on ? "enable" : "disable"); printf("Where 'type' is one of:\n"); printf("\t%s\n", AUTHTYPE_NAME(0)); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("\t%s\n", AUTHTYPE_NAME(ap->type)); + } return(0); } @@ -295,7 +303,6 @@ auth_onoff(type, on) printf("%s: invalid authentication type\n", type); return(0); } - mask = getauthmask(type, &mask); if (on) i_wont_support &= ~mask; else @@ -319,16 +326,22 @@ auth_togdebug(on) auth_status() { Authenticator *ap; + int i, mask; if (i_wont_support == -1) printf("Authentication disabled\n"); else printf("Authentication enabled\n"); - for (ap = authenticators; ap->type; ap++) + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; printf("%s: %s\n", AUTHTYPE_NAME(ap->type), (i_wont_support & typemask(ap->type)) ? "disabled" : "enabled"); + } return(1); } @@ -406,7 +419,7 @@ auth_send(data, cnt) auth_send_cnt = cnt > sizeof(_auth_send_data) ? sizeof(_auth_send_data) : cnt; - bcopy((void *)data, (void *)_auth_send_data, auth_send_cnt); + memmove((void *)_auth_send_data, (void *)data, auth_send_cnt); auth_send_data = _auth_send_data; } else { /* @@ -457,7 +470,7 @@ auth_send(data, cnt) * We requested strong authentication, however no mechanisms worked. * Therefore, exit on client end. */ - printf("Unable to securely authenticate user ... exit\n"); + printf("Unable to securely authenticate user ... exit\n"); exit(0); #endif /* KANNAN */ } @@ -532,7 +545,7 @@ auth_name(data, cnt) Name, cnt, sizeof(savename)-1); return; } - bcopy((void *)data, (void *)savename, cnt); + memmove((void *)savename, (void *)data, cnt); savename[cnt] = '\0'; /* Null terminate */ if (auth_debug_mode) printf(">>>%s: Got NAME [%s]\r\n", Name, savename); diff --git a/eBones/lib/libtelnet/enc_des.c b/eBones/lib/libtelnet/enc_des.c index 15e8521..d6886fd 100644 --- a/eBones/lib/libtelnet/enc_des.c +++ b/eBones/lib/libtelnet/enc_des.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)enc_des.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #ifdef ENCRYPTION @@ -143,7 +143,7 @@ ofb64_init(server) fb64_init(fbp) register struct fb *fbp; { - bzero((void *)fbp, sizeof(*fbp)); + memset((void *)fbp, 0, sizeof(*fbp)); fbp->state[0] = fbp->state[1] = FAILED; fbp->fb_feed[0] = IAC; fbp->fb_feed[1] = SB; @@ -374,7 +374,7 @@ fb64_reply(data, cnt, fbp) break; case FB64_IV_BAD: - bzero(fbp->temp_feed, sizeof(Block)); + memset(fbp->temp_feed, 0, sizeof(Block)); fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); state = FAILED; break; @@ -422,7 +422,7 @@ fb64_session(key, server, fbp) key ? key->type : -1, SK_DES); return; } - bcopy((void *)key->data, (void *)fbp->krbdes_key, sizeof(Block)); + memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block)); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); @@ -549,8 +549,8 @@ fb64_stream_iv(seed, stp) register struct stinfo *stp; { - bcopy((void *)seed, (void *)stp->str_iv, sizeof(Block)); - bcopy((void *)seed, (void *)stp->str_output, sizeof(Block)); + memmove((void *)stp->str_iv, (void *)seed, sizeof(Block)); + memmove((void *)stp->str_output, (void *)seed, sizeof(Block)); des_key_sched(stp->str_ikey, stp->str_sched); @@ -562,10 +562,10 @@ fb64_stream_key(key, stp) Block key; register struct stinfo *stp; { - bcopy((void *)key, (void *)stp->str_ikey, sizeof(Block)); + memmove((void *)stp->str_ikey, (void *)key, sizeof(Block)); des_key_sched(key, stp->str_sched); - bcopy((void *)stp->str_iv, (void *)stp->str_output, sizeof(Block)); + memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block)); stp->str_index = sizeof(Block); } @@ -580,7 +580,7 @@ fb64_stream_key(key, stp) * INPUT --(--------->(+)+---> DATA * | | * +-------------+ - * + * * * Given: * iV: Initial vector, 64 bits (8 bytes) long. @@ -605,7 +605,7 @@ cfb64_encrypt(s, c) if (index == sizeof(Block)) { Block b; des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); index = 0; } @@ -639,9 +639,9 @@ cfb64_decrypt(data) if (index == sizeof(Block)) { Block b; des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + index = 0; /* But now use 0 */ } /* On decryption we store (data) which is cypher. */ @@ -681,7 +681,7 @@ ofb64_encrypt(s, c) if (index == sizeof(Block)) { Block b; des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); index = 0; } *s++ ^= stp->str_feed[index]; @@ -712,9 +712,9 @@ ofb64_decrypt(data) if (index == sizeof(Block)) { Block b; des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + index = 0; /* But now use 0 */ } return(data ^ stp->str_feed[index]); diff --git a/eBones/lib/libtelnet/encrypt.c b/eBones/lib/libtelnet/encrypt.c index 8662473..432df0c 100644 --- a/eBones/lib/libtelnet/encrypt.c +++ b/eBones/lib/libtelnet/encrypt.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)encrypt.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -106,7 +106,7 @@ static long remote_supports_decrypt = 0; static Encryptions encryptions[] = { #ifdef DES_ENCRYPTION { "DES_CFB64", ENCTYPE_DES_CFB64, - cfb64_encrypt, + cfb64_encrypt, cfb64_decrypt, cfb64_init, cfb64_start, @@ -116,7 +116,7 @@ static Encryptions encryptions[] = { cfb64_keyid, cfb64_printsub }, { "DES_OFB64", ENCTYPE_DES_OFB64, - ofb64_encrypt, + ofb64_encrypt, ofb64_decrypt, ofb64_init, ofb64_start, @@ -708,7 +708,7 @@ encrypt_request_end() * Called when ENCRYPT REQUEST-START is received. If we receive * this before a type is picked, then that indicates that the * other side wants us to start encrypting data as soon as we - * can. + * can. */ void encrypt_request_start(data, cnt) @@ -763,12 +763,13 @@ encrypt_keyid(kp, keyid, len) if (ep->keyid) (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) { + } else if ((len != kp->keylen) || + (memcmp(keyid, kp->keyid, len) != 0)) { /* * Length or contents are different */ kp->keylen = len; - bcopy(keyid, kp->keyid, len); + memmove(kp->keyid, keyid, len); if (ep->keyid) (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); } else { @@ -795,7 +796,7 @@ encrypt_send_keyid(dir, keyid, keylen, saveit) ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; if (saveit) { struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; - bcopy(keyid, kp->keyid, keylen); + memmove(kp->keyid, keyid, keylen); kp->keylen = keylen; } @@ -851,7 +852,7 @@ encrypt_start_output(type) i = (*ep->start)(DIR_ENCRYPT, Server); if (encrypt_debug_mode) { printf(">>>%s: Encrypt start: %s (%d) %s\r\n", - Name, + Name, (i < 0) ? "failed" : "initial negotiation in progress", i, ENCTYPE_NAME(type)); diff --git a/eBones/lib/libtelnet/genget.c b/eBones/lib/libtelnet/genget.c index a43579f..f87fcf0 100644 --- a/eBones/lib/libtelnet/genget.c +++ b/eBones/lib/libtelnet/genget.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)genget.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ diff --git a/eBones/lib/libtelnet/kerberos.c b/eBones/lib/libtelnet/kerberos.c index aa9b418..33599b9 100644 --- a/eBones/lib/libtelnet/kerberos.c +++ b/eBones/lib/libtelnet/kerberos.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)kerberos.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -177,7 +177,7 @@ kerberos4_send(ap) CREDENTIALS cred; int r; - printf("[ Trying KERBEROS4 ... ]\n"); + printf("[ Trying KERBEROS4 ... ]\n"); if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V4: no user name supplied\r\n"); @@ -185,7 +185,7 @@ kerberos4_send(ap) return(0); } - bzero(instance, sizeof(instance)); + memset(instance, 0, sizeof(instance)); if (realm = krb_get_phost(RemoteHostName)) strncpy(instance, realm, sizeof(instance)); @@ -227,9 +227,10 @@ kerberos4_send(ap) register int i; des_key_sched(cred.session, sched); - des_set_random_generator_seed(cred.session); - des_new_random_key(challenge); - des_ecb_encrypt(challenge, session_key, sched, 1); + des_init_random_number_generator(cred.session); + des_new_random_key(session_key); + des_ecb_encrypt(session_key, session_key, sched, 0); + des_ecb_encrypt(session_key, challenge, sched, 0); /* * Increment the challenge by 1, and encrypt it for * later comparison. @@ -244,7 +245,7 @@ kerberos4_send(ap) des_ecb_encrypt(challenge, challenge, sched, 1); } #endif /* ENCRYPTION */ - + if (auth_debug_mode) { printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); printd(auth.dat, auth.length); @@ -279,7 +280,7 @@ kerberos4_is(ap, data, cnt) printf("No local realm\r\n"); return; } - bcopy((void *)data, (void *)auth.dat, auth.length = cnt); + memmove((void *)auth.dat, (void *)data, auth.length = cnt); if (auth_debug_mode) { printf("Got %d bytes of authentication data\r\n", cnt); printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); @@ -296,7 +297,7 @@ kerberos4_is(ap, data, cnt) return; } #ifdef ENCRYPTION - bcopy((void *)adat.session, (void *)session_key, sizeof(Block)); + memmove((void *)session_key, (void *)adat.session, sizeof(Block)); #endif /* ENCRYPTION */ krb_kntoln(&adat, name); @@ -322,8 +323,13 @@ kerberos4_is(ap, data, cnt) break; } + /* + * Initialize the random number generator since it's + * used later on by the encryption routine. + */ + des_init_random_number_generator(session_key); des_key_sched(session_key, sched); - bcopy((void *)data, (void *)datablock, sizeof(Block)); + memmove((void *)datablock, (void *)data, sizeof(Block)); /* * Take the received encrypted challenge, and encrypt * it again to get a unique session_key for the @@ -339,7 +345,7 @@ kerberos4_is(ap, data, cnt) * increment by one, re-encrypt it and send it back. */ des_ecb_encrypt(datablock, challenge, sched, 0); - for (r = 7; r >= 0; r++) { + for (r = 7; r >= 0; r--) { register int t; t = (unsigned int)challenge[r] + 1; challenge[r] = t; /* ignore overflow */ diff --git a/eBones/lib/libtelnet/kerberos5.c b/eBones/lib/libtelnet/kerberos5.c index d2eb34f..69a381a 100644 --- a/eBones/lib/libtelnet/kerberos5.c +++ b/eBones/lib/libtelnet/kerberos5.c @@ -1,7 +1,7 @@ /* - * $Source: /home/ncvs/src/lib/libtelnet/kerberos5.c,v $ + * $Source: /home/ncvs/src/secure/lib/libtelnet/kerberos5.c,v $ * $Author: rgrimes $ - * $Id: kerberos5.c,v 1.1.1.1 1994/05/27 05:00:20 rgrimes Exp $ + * $Id: kerberos5.c,v 1.2 1995/05/30 06:11:54 rgrimes Exp $ */ #if !defined(lint) && !defined(SABER) @@ -9,7 +9,7 @@ static #ifdef __STDC__ const #endif -char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.1.1.1 1994/05/27 05:00:20 rgrimes Exp $"; +char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.2 1995/05/30 06:11:54 rgrimes Exp $"; #endif /* lint */ /*- @@ -46,7 +46,7 @@ char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.1.1.1 1994/05/27 05:00:20 rgrim */ #ifndef lint -static char sccsid[] = "@(#)kerberos5.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -84,7 +84,7 @@ static char sccsid[] = "@(#)kerberos5.c 8.2 (Berkeley) 12/15/93"; /* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h and string.h/strings.h */ - + #include "encrypt.h" #include "auth.h" #include "misc.h" @@ -203,8 +203,8 @@ kerberos5_send(ap) ksum.checksum_type = CKSUMTYPE_CRC32; ksum.contents = sum; ksum.length = sizeof(sum); - bzero((Voidptr )sum, sizeof(sum)); - + memset((Voidptr )sum, 0, sizeof(sum)); + if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V5: no user name supplied\r\n"); @@ -254,9 +254,9 @@ kerberos5_send(ap) krb5_free_host_realm(realms); return(0); } - - bzero((char *)&creds, sizeof(creds)); + + memset((char *)&creds, 0, sizeof(creds)); creds.server = server; if (r = krb5_cc_get_principal(ccache, &creds.client)) { @@ -284,7 +284,7 @@ kerberos5_send(ap) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; - + r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0, #ifdef ENCRYPTION &newkey, @@ -305,12 +305,12 @@ kerberos5_send(ap) if (newkey->keytype != KEYTYPE_DES) { if (creds.keyblock.keytype == KEYTYPE_DES) /* use the session key in credentials instead */ - memcpy((char *)session_key, + memmove((char *)session_key, (char *)creds.keyblock.contents, sizeof(Block)); else /* XXX ? */; } else { - memcpy((char *)session_key, (char *)newkey->contents, + memmove((char *)session_key, (char *)newkey->contents, sizeof(Block)); } krb5_free_keyblock(newkey); @@ -441,7 +441,7 @@ kerberos5_is(ap, data, cnt) goto errout; } Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); - } + } if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, &name)) name = 0; @@ -451,19 +451,21 @@ kerberos5_is(ap, data, cnt) name ? name : ""); } auth_finished(ap, AUTH_USER); - + free(name); if (authdat->authenticator->subkey && authdat->authenticator->subkey->keytype == KEYTYPE_DES) { - bcopy((Voidptr )authdat->authenticator->subkey->contents, - (Voidptr )session_key, sizeof(Block)); + memmove((Voidptr )session_key, + (Voidptr )authdat->authenticator->subkey->contents, + sizeof(Block)); } else if (authdat->ticket->enc_part2->session->keytype == KEYTYPE_DES) { - bcopy((Voidptr )authdat->ticket->enc_part2->session->contents, - (Voidptr )session_key, sizeof(Block)); + memmove((Voidptr )session_key, + (Voidptr )authdat->ticket->enc_part2->session->contents, + sizeof(Block)); } else break; - + #ifdef ENCRYPTION skey.type = SK_DES; skey.length = 8; @@ -475,17 +477,17 @@ kerberos5_is(ap, data, cnt) case KRB_FORWARD: inbuf.data = (char *)data; inbuf.length = cnt; - if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, + if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, UserNameRequested)) { char errbuf[128]; - + (void) strcpy(errbuf, "Read forwarded creds failed: "); (void) strcat(errbuf, error_message(r)); Data(ap, KRB_FORWARD_REJECT, errbuf, -1); if (auth_debug_mode) printf("Could not read forwarded credentials\r\n"); } - else + else Data(ap, KRB_FORWARD_ACCEPT, 0, 0); if (auth_debug_mode) printf("Forwarded credentials obtained\r\n"); @@ -690,16 +692,16 @@ kerberos5_forward(ap) krb5_ccache ccache; int i; - if (!(local_creds = (krb5_creds *) + if (!(local_creds = (krb5_creds *) calloc(1, sizeof(*local_creds)))) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: could not allocate memory for credentials\r\n"); return; } if (r = krb5_sname_to_principal(RemoteHostName, "host", 1, &local_creds->server)) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: could not build server name - %s\r\n", error_message(r)); krb5_free_creds(local_creds); @@ -707,7 +709,7 @@ kerberos5_forward(ap) } if (r = krb5_cc_default(&ccache)) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: could not get default ccache - %s\r\n", error_message(r)); krb5_free_creds(local_creds); @@ -715,7 +717,7 @@ kerberos5_forward(ap) } if (r = krb5_cc_get_principal(ccache, &local_creds->client)) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: could not get default principal - %s\r\n", error_message(r)); krb5_free_creds(local_creds); @@ -724,7 +726,7 @@ kerberos5_forward(ap) /* Get ticket from credentials cache */ if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: could not obtain credentials - %s\r\n", error_message(r)); krb5_free_creds(local_creds); @@ -738,13 +740,13 @@ kerberos5_forward(ap) &local_creds->keyblock, forward_flags & OPTS_FORWARDABLE_CREDS, &forw_creds)) { - if (auth_debug_mode) + if (auth_debug_mode) printf("Kerberos V5: error getting forwarded creds - %s\r\n", error_message(r)); krb5_free_creds(local_creds); return; } - + /* Send forwarded credentials */ if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) { if (auth_debug_mode) diff --git a/eBones/lib/libtelnet/krb4encpwd.c b/eBones/lib/libtelnet/krb4encpwd.c index 0f75d4d..00f32e8 100644 --- a/eBones/lib/libtelnet/krb4encpwd.c +++ b/eBones/lib/libtelnet/krb4encpwd.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)krb4encpwd.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ @@ -167,7 +167,7 @@ krb4encpwd_init(ap, server) str_data[3] = TELQUAL_IS; gethostname(hostname, sizeof(hostname)); realm = krb_realmofhost(hostname); - cp = index(hostname, '.'); + cp = strchr(hostname, '.'); if (*cp != NULL) *cp = NULL; if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0, KEYFILE, (char *)skey)) { @@ -214,10 +214,10 @@ krb4encpwd_is(ap, data, cnt) return; switch (*data++) { case KRB4_ENCPWD_AUTH: - bcopy((void *)data, (void *)auth.dat, auth.length = cnt); + memmove((void *)auth.dat, (void *)data, auth.length = cnt); gethostname(lhostname, sizeof(lhostname)); - if ((cp = index(lhostname, '.')) != 0) *cp = '\0'; + if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) { Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1); @@ -234,7 +234,7 @@ krb4encpwd_is(ap, data, cnt) return; } - bcopy((void *)adat.session, (void *)session_key, sizeof(Block)); + memmove((void *)session_key, (void *)adat.session, sizeof(Block)); Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0); auth_finished(ap, AUTH_USER); break; @@ -244,7 +244,7 @@ krb4encpwd_is(ap, data, cnt) * Take the received random challenge text and save * for future authentication. */ - bcopy((void *)data, (void *)challenge, sizeof(Block)); + memmove((void *)challenge, (void *)data, sizeof(Block)); break; @@ -255,7 +255,7 @@ krb4encpwd_is(ap, data, cnt) /* * If we are doing mutual authentication, get set up to send - * the challange, and verify it when the response comes back. + * the challenge, and verify it when the response comes back. */ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { @@ -266,7 +266,7 @@ krb4encpwd_is(ap, data, cnt) Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge)); } break; - + default: Data(ap, KRB4_ENCPWD_REJECT, 0, 0); break; @@ -310,13 +310,13 @@ krb4encpwd_reply(ap, data, cnt) gethostname(hostname, sizeof(hostname)); realm = krb_realmofhost(hostname); - bcopy((void *)data, (void *)challenge, cnt); - bzero(user_passwd, sizeof(user_passwd)); + memmove((void *)challenge, (void *)data, cnt); + memset(user_passwd, 0, sizeof(user_passwd)); local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; strcpy(instance, RemoteHostName); - if ((cp = index(instance, '.')) != 0) *cp = '\0'; + if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { krb_token.length = 0; diff --git a/eBones/lib/libtelnet/read_password.c b/eBones/lib/libtelnet/read_password.c index 5eaa895..4676ed3 100644 --- a/eBones/lib/libtelnet/read_password.c +++ b/eBones/lib/libtelnet/read_password.c @@ -32,12 +32,12 @@ */ #ifndef lint -static char sccsid[] = "@(#)read_password.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)read_password.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ /* - * $Source: /home/ncvs/src/lib/libtelnet/read_password.c,v $ - * $Author: rgrimes $ + * $Source: /mit/kerberos/src/lib/des/RCS/read_password.c,v $ + * $Author: jon $ * * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute * of Technology. @@ -76,7 +76,7 @@ local_des_read_pw_string(s,max,prompt,verify) { int ok = 0; char *ptr; - + jmp_buf old_env; struct sgttyb tty_state; char key_string[BUFSIZ]; @@ -86,12 +86,12 @@ local_des_read_pw_string(s,max,prompt,verify) } /* XXX assume jmp_buf is typedef'ed to an array */ - bcopy((char *)old_env, (char *)env, sizeof(env)); + memmove((char *)env, (char *)old_env, sizeof(env)); if (setjmp(env)) goto lose; /* save terminal state*/ - if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1) + if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1) return -1; /* push_signals(); @@ -105,7 +105,7 @@ local_des_read_pw_string(s,max,prompt,verify) (void) fflush(stdout); while (!fgets(s, max, stdin)); - if ((ptr = index(s, '\n'))) + if ((ptr = strchr(s, '\n'))) *ptr = '\0'; if (verify) { printf("\nVerifying, please re-enter %s",prompt); @@ -114,7 +114,7 @@ local_des_read_pw_string(s,max,prompt,verify) clearerr(stdin); continue; } - if ((ptr = index(key_string, '\n'))) + if ((ptr = strchr(key_string, '\n'))) *ptr = '\0'; if (strcmp(s,key_string)) { printf("\n\07\07Mismatch - try again\n"); @@ -127,7 +127,7 @@ local_des_read_pw_string(s,max,prompt,verify) lose: if (!ok) - bzero(s, max); + memset(s, 0, max); printf("\n"); /* turn echo back on */ tty_state.sg_flags |= ECHO; @@ -136,9 +136,9 @@ lose: /* pop_signals(); */ - bcopy((char *)env, (char *)old_env, sizeof(env)); + memmove((char *)old_env, (char *)env, sizeof(env)); if (verify) - bzero(key_string, sizeof (key_string)); + memset(key_string, 0, sizeof (key_string)); s[max-1] = 0; /* force termination */ return !ok; /* return nonzero if not okay */ } diff --git a/eBones/lib/libtelnet/rsaencpwd.c b/eBones/lib/libtelnet/rsaencpwd.c index eda70fe..3492132 100644 --- a/eBones/lib/libtelnet/rsaencpwd.c +++ b/eBones/lib/libtelnet/rsaencpwd.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)rsaencpwd.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ @@ -158,9 +158,9 @@ rsaencpwd_init(ap, server) if (server) { str_data[3] = TELQUAL_REPLY; - bzero(key_file, sizeof(key_file)); + memset(key_file, 0, sizeof(key_file)); gethostname(lhostname, sizeof(lhostname)); - if ((cp = index(lhostname, '.')) != 0) *cp = '\0'; + if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; strcpy(key_file, "/etc/."); strcat(key_file, lhostname); strcat(key_file, "_privkey"); @@ -210,7 +210,7 @@ rsaencpwd_is(ap, data, cnt) cnt--; switch (*data++) { case RSA_ENCPWD_AUTH: - bcopy((void *)data, (void *)auth.dat, auth.length = cnt); + memmove((void *)auth.dat, (void *)data, auth.length = cnt); if ((fp=fopen(key_file, "r"))==NULL) { Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); @@ -252,7 +252,7 @@ rsaencpwd_is(ap, data, cnt) /* * If we are doing mutual authentication, get set up to send - * the challange, and verify it when the response comes back. + * the challenge, and verify it when the response comes back. */ if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) { register int i; @@ -294,17 +294,17 @@ rsaencpwd_is(ap, data, cnt) ptr +=NumEncodeLengthOctets(chalkey_len); *ptr++ = 0x04; /* OCTET STRING */ *ptr++ = challenge_len; - bcopy(challenge, ptr, challenge_len); + memmove(ptr, challenge, challenge_len); ptr += challenge_len; *ptr++ = 0x04; /* OCTET STRING */ EncodeLength(ptr, i); ptr += NumEncodeLengthOctets(i); - bcopy(key, ptr, i); + memmove(ptr, key, i); chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len; Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len); } break; - + default: Data(ap, RSA_ENCPWD_REJECT, 0, 0); break; @@ -345,7 +345,7 @@ rsaencpwd_reply(ap, data, cnt) * Verify that the response to the challenge is correct. */ - bcopy((void *)data, (void *)chalkey, cnt); + memmove((void *)chalkey, (void *)data, cnt); ptr = (char *) &chalkey[0]; ptr += DecodeHeaderLength(chalkey); if (*ptr != 0x04) { @@ -354,7 +354,7 @@ rsaencpwd_reply(ap, data, cnt) *ptr++; challenge_len = DecodeValueLength(ptr); ptr += NumEncodeLengthOctets(challenge_len); - bcopy(ptr, challenge, challenge_len); + memmove(challenge, ptr, challenge_len); ptr += challenge_len; if (*ptr != 0x04) { return; @@ -362,8 +362,8 @@ rsaencpwd_reply(ap, data, cnt) *ptr++; pubkey_len = DecodeValueLength(ptr); ptr += NumEncodeLengthOctets(pubkey_len); - bcopy(ptr, pubkey, pubkey_len); - bzero(user_passwd, sizeof(user_passwd)); + memmove(pubkey, ptr, pubkey_len); + memset(user_passwd, 0, sizeof(user_passwd)); local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; diff --git a/eBones/lib/libtelnet/spx.c b/eBones/lib/libtelnet/spx.c index b4634d0..5b625c7 100644 --- a/eBones/lib/libtelnet/spx.c +++ b/eBones/lib/libtelnet/spx.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)spx.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)spx.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ #ifdef SPX diff --git a/eBones/libexec/registerd/registerd.c b/eBones/libexec/registerd/registerd.c index b62e379..65a8a49 100644 --- a/eBones/libexec/registerd/registerd.c +++ b/eBones/libexec/registerd/registerd.c @@ -152,7 +152,7 @@ main(argc, argv) "couldn't read command code on Kerberos update"); } - code = (u_char) retval; + code = (u_char) retval; if (code != KSUCCESS) { (void) sprintf(msgbuf, "%s", krb_err_txt[code]); send_packet(msgbuf, RCRYPT); diff --git a/eBones/libexec/telnetd/Makefile b/eBones/libexec/telnetd/Makefile index e2b5f1b..4fc6042 100644 --- a/eBones/libexec/telnetd/Makefile +++ b/eBones/libexec/telnetd/Makefile @@ -1,17 +1,38 @@ # @(#)Makefile 8.2 (Berkeley) 12/15/93 +# This stuff need original libdes to run (new_rnd_key.c module), +# current eBones/des lib don't have it +# Kerberos4 stuff ifdefed by MAKE_KERBEROS (make.conf) because of it + PROG= telnetd CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS CFLAGS+=-DOLD_ENVIRON -DENV_HACK CFLAGS+=-I${.CURDIR}/../../lib -#CFLAGS+=-DAUTHENTICATION -DENCRYPTION SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \ termstat.c utility.c -DPADD= ${LIBUTIL} ${LIBTERM} +DPADD= ${LIBUTIL} ${LIBTERMCAP} LDADD= -lutil -ltermcap -ltelnet -#LDADD+= -lkrb -ldes + MAN8= telnetd.8 +#ifdef ENCRYPTION + +CFLAGS+=-DAUTHENTICATION -DENCRYPTION + +.ifdef MAKE_KERBEROS +.if exists(/usr/lib/libkrb.a) +LDADD+= -ldes -lkrb +.endif +.endif + +.if exists(/usr/lib/libkrb5.a) +LDADD+= -ldes -lkrb5 +.endif + +LDADD+= -ldescrypt + +#endif /* ENCRYPTION */ + # These are the sources that have encryption stuff in them. CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c CRYPT_SRC+= utility.c Makefile diff --git a/eBones/libexec/telnetd/authenc.c b/eBones/libexec/telnetd/authenc.c index fcd17fc..ccb463c 100644 --- a/eBones/libexec/telnetd/authenc.c +++ b/eBones/libexec/telnetd/authenc.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)authenc.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)authenc.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ #if defined(AUTHENTICATION) || defined(ENCRYPTION) @@ -45,7 +45,7 @@ net_write(str, len) int len; { if (nfrontp + len < netobuf + BUFSIZ) { - bcopy((void *)str, (void *)nfrontp, len); + memmove((void *)nfrontp, (void *)str, len); nfrontp += len; return(len); } diff --git a/eBones/libexec/telnetd/pathnames.h b/eBones/libexec/telnetd/pathnames.h index c8b0806..4e14a88 100644 --- a/eBones/libexec/telnetd/pathnames.h +++ b/eBones/libexec/telnetd/pathnames.h @@ -42,7 +42,7 @@ # endif #else - + # define _PATH_TTY "/dev/tty" # ifndef _PATH_LOGIN # define _PATH_LOGIN "/bin/login" diff --git a/eBones/libexec/telnetd/slc.c b/eBones/libexec/telnetd/slc.c index 145746a..6cbb7ab 100644 --- a/eBones/libexec/telnetd/slc.c +++ b/eBones/libexec/telnetd/slc.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)slc.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)slc.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ #include "telnetd.h" @@ -109,10 +109,10 @@ get_slc_defaults() init_termbuf(); for (i = 1; i <= NSLC; i++) { - slctab[i].defset.flag = + slctab[i].defset.flag = spcset(i, &slctab[i].defset.val, &slctab[i].sptr); - slctab[i].current.flag = SLC_NOSUPPORT; - slctab[i].current.val = 0; + slctab[i].current.flag = SLC_NOSUPPORT; + slctab[i].current.val = 0; } } /* end of get_slc_defaults */ @@ -286,7 +286,7 @@ change_slc(func, flag, val) register cc_t val; { register int hislevel, mylevel; - + hislevel = flag & SLC_LEVELBITS; mylevel = slctab[func].defset.flag & SLC_LEVELBITS; /* @@ -345,7 +345,7 @@ change_slc(func, flag, val) * request as he asks. * * If our level is DEFAULT, then just ack whatever was - * sent. + * sent. * * If he can't change and we can't change, * then degenerate to NOSUPPORT. @@ -372,7 +372,6 @@ change_slc(func, flag, val) slctab[func].defset.val; val = slctab[func].current.val; } - } add_slc(func, flag, val); } @@ -423,7 +422,6 @@ check_slc() slctab[i].current.val); } } - } /* check_slc */ /* @@ -465,7 +463,7 @@ do_opt_slc(ptr, len) def_slcbuf = (unsigned char *)malloc((unsigned)len); if (def_slcbuf == (unsigned char *)0) return; /* too bad */ - bcopy(ptr, def_slcbuf, len); + memmove(def_slcbuf, ptr, len); } } diff --git a/eBones/libexec/telnetd/state.c b/eBones/libexec/telnetd/state.c index 2d327a5..4ee8bea 100644 --- a/eBones/libexec/telnetd/state.c +++ b/eBones/libexec/telnetd/state.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)state.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)state.c 8.5 (Berkeley) 5/30/95"; #endif /* not lint */ #include "telnetd.h" @@ -366,7 +366,7 @@ gotiac: switch (c) { char xbuf2[BUFSIZ]; register char *cp; int n = pfrontp - opfrontp, oc; - bcopy(opfrontp, xptyobuf, n); + memmove(xptyobuf, opfrontp, n); pfrontp = opfrontp; pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP, xbuf2, &oc, BUFSIZ); @@ -388,7 +388,7 @@ gotiac: switch (c) { * All state defaults are negative, and resp defaults to 0. * * When initiating a request to change state to new_state: - * + * * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) { * do nothing; * } else { @@ -716,7 +716,6 @@ wontoption(option) */ if (lmodetype != REAL_LINEMODE) break; - lmodetype = KLUDGE_LINEMODE; # endif /* KLUDGELINEMODE */ clientstat(TELOPT_LINEMODE, WONT, 0); break; @@ -1520,8 +1519,8 @@ doclientstat() clientstat(TELOPT_LINEMODE, WILL, 0); } -#define ADD(c) *ncp++ = c; -#define ADD_DATA(c) { *ncp++ = c; if (c == SE) *ncp++ = c; } +#define ADD(c) *ncp++ = c +#define ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; } void send_status() { @@ -1550,14 +1549,10 @@ send_status() if (my_want_state_is_will(i)) { ADD(WILL); ADD_DATA(i); - if (i == IAC) - ADD(IAC); } if (his_want_state_is_will(i)) { ADD(DO); ADD_DATA(i); - if (i == IAC) - ADD(IAC); } } @@ -1572,15 +1567,14 @@ send_status() ADD(SE); if (restartany >= 0) { - ADD(SB) + ADD(SB); ADD(TELOPT_LFLOW); if (restartany) { ADD(LFLOW_RESTART_ANY); } else { ADD(LFLOW_RESTART_XON); } - ADD(SE) - ADD(SB); + ADD(SE); } } @@ -1593,8 +1587,6 @@ send_status() ADD(TELOPT_LINEMODE); ADD(LM_MODE); ADD_DATA(editmode); - if (editmode == IAC) - ADD(IAC); ADD(SE); ADD(SB); diff --git a/eBones/libexec/telnetd/sys_term.c b/eBones/libexec/telnetd/sys_term.c index 1e50216..de577ed 100644 --- a/eBones/libexec/telnetd/sys_term.c +++ b/eBones/libexec/telnetd/sys_term.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)sys_term.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)sys_term.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ #include "telnetd.h" @@ -46,9 +46,9 @@ static char sccsid[] = "@(#)sys_term.c 8.2 (Berkeley) 12/15/93"; # define PARENT_DOES_UTMP #endif +int utmp_len = MAXHOSTNAMELEN; #ifdef NEWINIT #include <initreq.h> -int utmp_len = MAXHOSTNAMELEN; /* sizeof(init_request.host) */ #else /* NEWINIT*/ # ifdef UTMPX # include <utmpx.h> @@ -58,10 +58,17 @@ struct utmpx wtmp; struct utmp wtmp; # endif /* UTMPX */ -int utmp_len = sizeof(wtmp.ut_host); # ifndef PARENT_DOES_UTMP +#ifdef _PATH_WTMP +char wtmpf[] = _PATH_WTMP; +#else char wtmpf[] = "/usr/adm/wtmp"; +#endif +#ifdef _PATH_UTMP +char utmpf[] = _PATH_UTMP; +#else char utmpf[] = "/etc/utmp"; +#endif # else /* PARENT_DOES_UTMP */ char wtmpf[] = "/etc/wtmp"; # endif /* PARENT_DOES_UTMP */ @@ -69,21 +76,16 @@ char wtmpf[] = "/etc/wtmp"; # ifdef CRAY #include <tmpdir.h> #include <sys/wait.h> -# if defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY) - /* - * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can - * use it to tell us to turn off all the socket security code, - * since that is only used in UNICOS 7.0 and later. - */ -# undef _SC_CRAY_SECURE_SYS +# if (UNICOS_LVL == '7.0') || (UNICOS_LVL == '7.1') +# define UNICOS7x # endif -# if defined(_SC_CRAY_SECURE_SYS) +# ifdef UNICOS7x #include <sys/sysv.h> #include <sys/secstat.h> extern int secflag; extern struct sysv sysv; -# endif /* _SC_CRAY_SECURE_SYS */ +# endif /* UNICOS7x */ # endif /* CRAY */ #endif /* NEWINIT */ @@ -215,7 +217,7 @@ copy_termbuf(cp, len) { if (len > sizeof(termbuf)) len = sizeof(termbuf); - bcopy(cp, (char *)&termbuf, len); + memmove((char *)&termbuf, cp, len); termbuf2 = termbuf; } #endif /* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */ @@ -227,17 +229,19 @@ set_termbuf() * Only make the necessary changes. */ #ifndef USE_TERMIO - if (bcmp((char *)&termbuf.sg, (char *)&termbuf2.sg, sizeof(termbuf.sg))) + if (memcmp((char *)&termbuf.sg, (char *)&termbuf2.sg, + sizeof(termbuf.sg))) (void) ioctl(pty, TIOCSETN, (char *)&termbuf.sg); - if (bcmp((char *)&termbuf.tc, (char *)&termbuf2.tc, sizeof(termbuf.tc))) + if (memcmp((char *)&termbuf.tc, (char *)&termbuf2.tc, + sizeof(termbuf.tc))) (void) ioctl(pty, TIOCSETC, (char *)&termbuf.tc); - if (bcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc, + if (memcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc, sizeof(termbuf.ltc))) (void) ioctl(pty, TIOCSLTC, (char *)&termbuf.ltc); if (termbuf.lflags != termbuf2.lflags) (void) ioctl(pty, TIOCLSET, (char *)&termbuf.lflags); #else /* USE_TERMIO */ - if (bcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf))) + if (memcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf))) # ifdef STREAMSPTY (void) tcsetattr(ttyfd, TCSANOW, &termbuf); # else @@ -507,7 +511,7 @@ int *ptynum; p2 = &line[14]; #endif - for (cp = "pqrstuvwxyzPQRST"; *cp; cp++) { + for (cp = "pqrsPQRS"; *cp; cp++) { struct stat stb; *p1 = *cp; @@ -519,8 +523,8 @@ int *ptynum; */ if (stat(line, &stb) < 0) break; - for (i = 0; i < 16; i++) { - *p2 = "0123456789abcdef"[i]; + for (i = 0; i < 32; i++) { + *p2 = "0123456789abcdefghijklmnopqrstuv"[i]; p = open(line, 2); if (p > 0) { #ifndef __hpux @@ -943,6 +947,15 @@ tty_iscrnl() } /* + * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD). + */ +#if B4800 != 4800 +#define DECODE_BAUD +#endif + +#ifdef DECODE_BAUD + +/* * A table of available terminal speeds */ struct termspeeds { @@ -953,30 +966,68 @@ struct termspeeds { { 110, B110 }, { 134, B134 }, { 150, B150 }, { 200, B200 }, { 300, B300 }, { 600, B600 }, { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 }, - { 4800, B4800 }, { 9600, B9600 }, { 19200, B9600 }, - { 38400, B9600 }, { -1, B9600 } + { 4800, B4800 }, +#ifdef B7200 + { 7200, B7200 }, +#endif + { 9600, B9600 }, +#ifdef B14400 + { 14400, B14400 }, +#endif +#ifdef B19200 + { 19200, B19200 }, +#endif +#ifdef B28800 + { 28800, B28800 }, +#endif +#ifdef B38400 + { 38400, B38400 }, +#endif +#ifdef B57600 + { 57600, B57600 }, +#endif +#ifdef B115200 + { 115200, B115200 }, +#endif +#ifdef B230400 + { 230400, B230400 }, +#endif + { -1, 0 } }; +#endif /* DECODE_BUAD */ void tty_tspeed(val) int val; { +#ifdef DECODE_BAUD register struct termspeeds *tp; for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++) ; + if (tp->speed == -1) /* back up to last valid value */ + --tp; cfsetospeed(&termbuf, tp->value); +#else /* DECODE_BUAD */ + cfsetospeed(&termbuf, val); +#endif /* DECODE_BUAD */ } void tty_rspeed(val) int val; { +#ifdef DECODE_BAUD register struct termspeeds *tp; for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++) ; + if (tp->speed == -1) /* back up to last valid value */ + --tp; cfsetispeed(&termbuf, tp->value); +#else /* DECODE_BAUD */ + cfsetispeed(&termbuf, val); +#endif /* DECODE_BAUD */ } #if defined(CRAY2) && defined(UNICOS5) @@ -1076,7 +1127,7 @@ getptyslave() #ifdef USE_TERMIO ttyfd = t; #endif - if (ioctl(t, I_PUSH, "ptem") < 0) + if (ioctl(t, I_PUSH, "ptem") < 0) fatal(net, "I_PUSH ptem"); if (ioctl(t, I_PUSH, "ldterm") < 0) fatal(net, "I_PUSH ldterm"); @@ -1092,7 +1143,7 @@ getptyslave() init_termbuf(); # ifdef TIOCGWINSZ if (def_row || def_col) { - bzero((char *)&ws, sizeof(ws)); + memset((char *)&ws, 0, sizeof(ws)); ws.ws_col = def_col; ws.ws_row = def_row; (void)ioctl(t, TIOCSWINSZ, (char *)&ws); @@ -1172,9 +1223,9 @@ cleanopen(line) char *line; { register int t; -#if defined(_SC_CRAY_SECURE_SYS) +#ifdef UNICOS7x struct secstat secbuf; -#endif /* _SC_CRAY_SECURE_SYS */ +#endif /* UNICOS7x */ #ifndef STREAMSPTY /* @@ -1188,7 +1239,7 @@ cleanopen(line) # if !defined(CRAY) && (BSD > 43) (void) revoke(line); # endif -#if defined(_SC_CRAY_SECURE_SYS) +#ifdef UNICOS7x if (secflag) { if (secstat(line, &secbuf) < 0) return(-1); @@ -1197,18 +1248,18 @@ cleanopen(line) if (setucmp(secbuf.st_compart) < 0) return(-1); } -#endif /* _SC_CRAY_SECURE_SYS */ +#endif /* UNICOS7x */ t = open(line, O_RDWR|O_NOCTTY); -#if defined(_SC_CRAY_SECURE_SYS) +#ifdef UNICOS7x if (secflag) { if (setulvl(sysv.sy_minlvl) < 0) return(-1); if (setucmp(0) < 0) return(-1); } -#endif /* _SC_CRAY_SECURE_SYS */ +#endif /* UNICOS7x */ if (t < 0) return(-1); @@ -1231,9 +1282,8 @@ cleanopen(line) (void) signal(SIGHUP, SIG_IGN); (void) ioctl(t, TCVHUP, (char *)0); (void) signal(SIGHUP, SIG_DFL); - setpgrp(); -#if defined(_SC_CRAY_SECURE_SYS) +#ifdef UNICOS7x if (secflag) { if (secstat(line, &secbuf) < 0) return(-1); @@ -1242,18 +1292,18 @@ cleanopen(line) if (setucmp(secbuf.st_compart) < 0) return(-1); } -#endif /* _SC_CRAY_SECURE_SYS */ +#endif /* UNICOS7x */ i = open(line, O_RDWR); -#if defined(_SC_CRAY_SECURE_SYS) +#ifdef UNICOS7x if (secflag) { if (setulvl(sysv.sy_minlvl) < 0) return(-1); if (setucmp(0) < 0) return(-1); } -#endif /* _SC_CRAY_SECURE_SYS */ +#endif /* UNICOS7x */ if (i < 0) return(-1); @@ -1302,7 +1352,11 @@ login_tty(t) * setsid() call above may have set our pgrp, so clear * it out before opening the tty... */ +# ifndef SOLARIS (void) setpgrp(0, 0); +# else + (void) setpgrp(); +# endif close(open(line, O_RDWR)); # endif if (t != 0) @@ -1497,7 +1551,7 @@ start_login(host, autologin, name) { register char *cp; register char **argv; - char **addarg(); + char **addarg(), *user; extern char *getenv(); #ifdef UTMPX register int pid = getpid(); @@ -1513,7 +1567,7 @@ start_login(host, autologin, name) * Create utmp entry for child */ - bzero(&utmpx, sizeof(utmpx)); + memset(&utmpx, 0, sizeof(utmpx)); SCPYN(utmpx.ut_user, ".telnet"); SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1); utmpx.ut_pid = pid; @@ -1523,8 +1577,8 @@ start_login(host, autologin, name) utmpx.ut_id[3] = SC_WILDC; utmpx.ut_type = LOGIN_PROCESS; (void) time(&utmpx.ut_tv.tv_sec); - if (makeutx(&utmpx) == NULL) - fatal(net, "makeutx failed"); + if (pututxline(&utmpx) == NULL) + fatal(net, "pututxline failed"); #endif /* @@ -1568,6 +1622,19 @@ start_login(host, autologin, name) #if !defined(NO_LOGIN_P) argv = addarg(argv, "-p"); #endif +#ifdef LINEMODE + /* + * Set the environment variable "LINEMODE" to either + * "real" or "kludge" if we are operating in either + * real or kludge linemode. + */ + if (lmodetype == REAL_LINEMODE) + setenv("LINEMODE", "real", 1); +# ifdef KLUDGELINEMODE + else if (lmodetype == KLUDGE_LINEMODE || lmodetype == KLUDGE_OK) + setenv("LINEMODE", "kludge", 1); +# endif +#endif #ifdef BFTPDAEMON /* * Are we working as the bftp daemon? If so, then ask login @@ -1576,7 +1643,7 @@ start_login(host, autologin, name) if (bftpd) { argv = addarg(argv, "-e"); argv = addarg(argv, BFTPPATH); - } else + } else #endif #if defined (SecurID) /* @@ -1667,7 +1734,12 @@ start_login(host, autologin, name) # endif } else #endif - if (getenv("USER")) { + if (user = getenv("USER")) { + if (strchr(user, '-')) { + syslog(LOG_ERR, "tried to pass user \"%s\" to login", + user); + fatal(net, "invalid user"); + } argv = addarg(argv, getenv("USER")); #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) { @@ -1688,11 +1760,27 @@ start_login(host, autologin, name) */ unsetenv("USER"); } +#ifdef SOLARIS + else { + char **p; + + argv = addarg(argv, ""); /* no login name */ + for (p = environ; *p; p++) { + argv = addarg(argv, *p); + } + } +#endif /* SOLARIS */ #if defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R) if (pty > 2) close(pty); #endif closelog(); + /* + * This sleep(1) is in here so that telnetd can + * finish up with the tty. There's a race condition + * the login banner message gets lost... + */ + sleep(1); execv(_PATH_LOGIN, argv); syslog(LOG_ERR, "%s: %m\n", _PATH_LOGIN); @@ -1722,7 +1810,7 @@ addarg(argv, val) if (cpp == &argv[(int)argv[-1]]) { --argv; *argv = (char *)((int)(*argv) + 10); - argv = (char **)realloc(argv, (int)(*argv) + 2); + argv = (char **)realloc(argv, sizeof(*argv)*((int)(*argv) + 2)); if (argv == NULL) return(NULL); argv++; @@ -1775,6 +1863,8 @@ cleanup(sig) # ifdef CRAY static int incleanup = 0; register int t; + int child_status; /* status of child process as returned by waitpid */ + int flags = WNOHANG|WUNTRACED; /* * 1: Pick up the zombie, if we are being called @@ -1785,9 +1875,17 @@ cleanup(sig) * 5: Close down the network and pty connections. * 6: Finish up the TMPDIR cleanup, if needed. */ - if (sig == SIGCHLD) - while (waitpid(-1, 0, WNOHANG) > 0) + if (sig == SIGCHLD) { + while (waitpid(-1, &child_status, flags) > 0) ; /* VOID */ + /* Check if the child process was stopped + * rather than exited. We want cleanup only if + * the child has died. + */ + if (WIFSTOPPED(child_status)) { + return; + } + } t = sigblock(sigmask(SIGCHLD)); if (incleanup) { sigsetmask(t); @@ -1795,6 +1893,7 @@ cleanup(sig) } incleanup = 1; sigsetmask(t); +#ifdef UNICOS7x if (secflag) { /* * We need to set ourselves back to a null @@ -1804,6 +1903,7 @@ cleanup(sig) setulvl(sysv.sy_minlvl); setucmp((long)0); } +#endif /* UNICOS7x */ t = cleantmp(&wtmp); setutent(); /* just to make sure */ @@ -1904,6 +2004,28 @@ sigjob(sig) } /* + * jid_getutid: + * called by jobend() before calling cleantmp() + * to find the correct $TMPDIR to cleanup. + */ + + struct utmp * +jid_getutid(jid) + int jid; +{ + struct utmp *cur = NULL; + + setutent(); /* just to make sure */ + while (cur = getutent()) { + if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) { + return(cur); + } + } + + return(0); +} + +/* * Clean up the TMPDIR that login created. * The first time this is called we pick up the info * from the utmp. If the job has already gone away, @@ -1959,9 +2081,27 @@ jobend(jid, path, user) register char *user; { static int saved_jid = 0; + static int pty_saved_jid = 0; static char saved_path[sizeof(wtmp.ut_tpath)+1]; static char saved_user[sizeof(wtmp.ut_user)+1]; + /* + * this little piece of code comes into play + * only when ptyreconnect is used to reconnect + * to an previous session. + * + * this is the only time when the + * "saved_jid != jid" code is executed. + */ + + if ( saved_jid && saved_jid != jid ) { + if (!path) { /* called from signal handler */ + pty_saved_jid = jid; + } else { + pty_saved_jid = saved_jid; + } + } + if (path) { strncpy(saved_path, path, sizeof(wtmp.ut_tpath)); strncpy(saved_user, user, sizeof(wtmp.ut_user)); @@ -1972,6 +2112,24 @@ jobend(jid, path, user) saved_jid = jid; return(0); } + + /* if the jid has changed, get the correct entry from the utmp file */ + + if ( saved_jid != jid ) { + struct utmp *utp = NULL; + struct utmp *jid_getutid(); + + utp = jid_getutid(pty_saved_jid); + + if (utp == 0) { + syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR"); + return(-1); + } + + cleantmpdir(jid, utp->ut_tpath, utp->ut_user); + return(1); + } + cleantmpdir(jid, saved_path, saved_user); return(1); } @@ -2061,7 +2219,7 @@ rmut() if (statbf.st_size && utmp) { nutmp = read(f, (char *)utmp, (int)statbf.st_size); nutmp /= sizeof(struct utmp); - + for (u = utmp ; u < &utmp[nutmp] ; u++) { if (SCMPN(u->ut_line, line+5) || u->ut_name[0]==0) diff --git a/eBones/libexec/telnetd/telnetd.8 b/eBones/libexec/telnetd/telnetd.8 index fee5526..f618385 100644 --- a/eBones/libexec/telnetd/telnetd.8 +++ b/eBones/libexec/telnetd/telnetd.8 @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)telnetd.8 8.3 (Berkeley) 3/1/94 +.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 .\" -.Dd March 1, 1994 +.Dd June 1, 1994 .Dt TELNETD 8 .Os BSD 4.2 .Sh NAME @@ -308,6 +308,7 @@ indicates that only dotted decimal addresses should be put into the .Pa utmp file. +.ne 1i .It Fl U This option causes .Nm telnetd @@ -424,6 +425,7 @@ Whenever a command is received, it is always responded to with a .Dv WILL TIMING-MARK +.ne 1i .It "WILL LOGOUT" When a .Dv DO LOGOUT diff --git a/eBones/libexec/telnetd/telnetd.c b/eBones/libexec/telnetd/telnetd.c index 6860534..bfed2c2 100644 --- a/eBones/libexec/telnetd/telnetd.c +++ b/eBones/libexec/telnetd/telnetd.c @@ -38,7 +38,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)telnetd.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)telnetd.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ #include "telnetd.h" @@ -451,7 +451,7 @@ main(argc, argv) int szi = sizeof(int); #endif /* SO_SEC_MULTI */ - bzero((char *)&dv, sizeof(dv)); + memset((char *)&dv, 0, sizeof(dv)); if (getsysv(&sysv, sizeof(struct sysv)) != 0) { perror("getsysv"); @@ -637,34 +637,40 @@ getterminaltype(name) static unsigned char sb[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; - bcopy(sb, nfrontp, sizeof sb); + memmove(nfrontp, sb, sizeof sb); nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_XDISPLOC)) { static unsigned char sb[] = { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; - bcopy(sb, nfrontp, sizeof sb); + memmove(nfrontp, sb, sizeof sb); nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_NEW_ENVIRON)) { static unsigned char sb[] = { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; - bcopy(sb, nfrontp, sizeof sb); + memmove(nfrontp, sb, sizeof sb); nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { static unsigned char sb[] = { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; - bcopy(sb, nfrontp, sizeof sb); + memmove(nfrontp, sb, sizeof sb); nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); } if (his_state_is_will(TELOPT_TTYPE)) { - bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf); + memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); nfrontp += sizeof ttytype_sbbuf; + DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, + sizeof ttytype_sbbuf - 2);); } if (his_state_is_will(TELOPT_TSPEED)) { while (sequenceIs(tspeedsubopt, baseline)) @@ -737,8 +743,10 @@ _gettermname() if (his_state_is_wont(TELOPT_TTYPE)) return; settimer(baseline); - bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf); + memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); nfrontp += sizeof ttytype_sbbuf; + DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, + sizeof ttytype_sbbuf - 2);); while (sequenceIs(ttypesubopt, baseline)) ttloop(); } @@ -816,7 +824,7 @@ doit(who) #if defined(_SC_CRAY_SECURE_SYS) /* - * set ttyp line security label + * set ttyp line security label */ if (secflag) { char slave_dev[16]; @@ -838,7 +846,8 @@ doit(who) fatal(net, "Couldn't resolve your address into a host name.\r\n\ Please contact your net administrator"); } else if (hp && - (strlen(hp->h_name) <= ((utmp_len < 0) ? -utmp_len : utmp_len))) { + (strlen(hp->h_name) <= (unsigned int)((utmp_len < 0) ? -utmp_len + : utmp_len))) { host = hp->h_name; } else { host = inet_ntoa(who->sin_addr); @@ -927,6 +936,7 @@ telnet(f, p, host) char *HN; char *IM; void netflush(); + int nfd; /* * Initialize the slc mapping table. @@ -1156,6 +1166,7 @@ telnet(f, p, host) startslave(host); #endif + nfd = ((f > p) ? f : p) + 1; for (;;) { fd_set ibits, obits, xbits; register int c; @@ -1187,7 +1198,7 @@ telnet(f, p, host) if (!SYNCHing) { FD_SET(f, &xbits); } - if ((c = select(16, &ibits, &obits, &xbits, + if ((c = select(nfd, &ibits, &obits, &xbits, (struct timeval *)0)) < 1) { if (c == -1) { if (errno == EINTR) { @@ -1326,6 +1337,9 @@ telnet(f, p, host) *nfrontp++ = IAC; *nfrontp++ = DM; neturg = nfrontp-1; /* off by one XXX */ + DIAG(TD_OPTIONS, + printoption("td: send IAC", DM)); + #endif } if (his_state_is_will(TELOPT_LFLOW) && @@ -1342,6 +1356,9 @@ telnet(f, p, host) : LFLOW_OFF, IAC, SE); nfrontp += 6; + DIAG(TD_OPTIONS, printsub('>', + (unsigned char *)nfrontp-4, + 4);); } } pcc--; @@ -1400,7 +1417,7 @@ telnet(f, p, host) } cleanup(0); } /* end of telnet */ - + #ifndef TCSIG # ifdef TIOCSIG # define TCSIG TIOCSIG @@ -1476,7 +1493,7 @@ int readstream(p, ibuf, bufsize) tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); vstop = tp->c_cc[VSTOP]; vstart = tp->c_cc[VSTART]; - ixon = tp->c_iflag & IXON; + ixon = tp->c_iflag & IXON; break; default: errno = EAGAIN; @@ -1507,6 +1524,14 @@ interrupt() { ptyflush(); /* half-hearted */ +#if defined(STREAMSPTY) && defined(TIOCSIGNAL) + /* Streams PTY style ioctl to post a signal */ + { + int sig = SIGINT; + (void) ioctl(pty, TIOCSIGNAL, &sig); + (void) ioctl(pty, I_FLUSH, FLUSHR); + } +#else #ifdef TCSIG (void) ioctl(pty, TCSIG, (char *)SIGINT); #else /* TCSIG */ @@ -1514,6 +1539,7 @@ interrupt() *pfrontp++ = slctab[SLC_IP].sptr ? (unsigned char)*slctab[SLC_IP].sptr : '\177'; #endif /* TCSIG */ +#endif } /* diff --git a/eBones/libexec/telnetd/termstat.c b/eBones/libexec/telnetd/termstat.c index a3f6931..f499137 100644 --- a/eBones/libexec/telnetd/termstat.c +++ b/eBones/libexec/telnetd/termstat.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)termstat.c 8.1 (Berkeley) 6/4/93"; +static char sccsid[] = "@(#)termstat.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ #include "telnetd.h" @@ -144,25 +144,6 @@ localstat() #endif /* defined(CRAY2) && defined(UNICOS5) */ /* - * Check for state of BINARY options. - */ - if (tty_isbinaryin()) { - if (his_want_state_is_wont(TELOPT_BINARY)) - send_do(TELOPT_BINARY, 1); - } else { - if (his_want_state_is_will(TELOPT_BINARY)) - send_dont(TELOPT_BINARY, 1); - } - - if (tty_isbinaryout()) { - if (my_want_state_is_wont(TELOPT_BINARY)) - send_will(TELOPT_BINARY, 1); - } else { - if (my_want_state_is_will(TELOPT_BINARY)) - send_wont(TELOPT_BINARY, 1); - } - - /* * Check for changes to flow control if client supports it. */ flowstat(); @@ -181,6 +162,34 @@ localstat() tty_setlinemode(uselinemode); } + if (uselinemode) { + /* + * Check for state of BINARY options. + * + * We only need to do the binary dance if we are actually going + * to use linemode. As this confuses some telnet clients + * that don't support linemode, and doesn't gain us + * anything, we don't do it unless we're doing linemode. + * -Crh (henrich@msu.edu) + */ + + if (tty_isbinaryin()) { + if (his_want_state_is_wont(TELOPT_BINARY)) + send_do(TELOPT_BINARY, 1); + } else { + if (his_want_state_is_will(TELOPT_BINARY)) + send_dont(TELOPT_BINARY, 1); + } + + if (tty_isbinaryout()) { + if (my_want_state_is_wont(TELOPT_BINARY)) + send_will(TELOPT_BINARY, 1); + } else { + if (my_want_state_is_will(TELOPT_BINARY)) + send_wont(TELOPT_BINARY, 1); + } + } + #ifdef ENCRYPTION /* * If the terminal is not echoing, but editing is enabled, @@ -320,7 +329,7 @@ localstat() nfrontp += 7; editmode = useeditmode; } - + /* * Check for changes to special characters in use. @@ -422,7 +431,7 @@ clientstat(code, parm1, parm2) uselinemode = 1; } } - + /* * Quit now if we can't do it. */ @@ -463,7 +472,7 @@ clientstat(code, parm1, parm2) send_will(TELOPT_ECHO, 1); } break; - + case LM_MODE: { register int ack, changed; @@ -512,7 +521,7 @@ clientstat(code, parm1, parm2) IAC, SE); nfrontp += 7; } - + editmode = useeditmode; } @@ -546,9 +555,9 @@ clientstat(code, parm1, parm2) (void) ioctl(pty, TIOCSWINSZ, (char *)&ws); } #endif /* TIOCSWINSZ */ - + break; - + case TELOPT_TSPEED: { def_tspeed = parm1; @@ -613,7 +622,7 @@ _termstat() * * Some things should not be done until after the login process has started * and all the pty modes are set to what they are supposed to be. This - * function is called when the pty state has been processed for the first time. + * function is called when the pty state has been processed for the first time. * It calls other functions that do things that were deferred in each module. */ void @@ -632,7 +641,7 @@ defer_terminit() if (def_col || def_row) { struct winsize ws; - bzero((char *)&ws, sizeof(ws)); + memset((char *)&ws, 0, sizeof(ws)); ws.ws_col = def_col; ws.ws_row = def_row; (void) ioctl(pty, TIOCSWINSZ, (char *)&ws); diff --git a/eBones/libexec/telnetd/utility.c b/eBones/libexec/telnetd/utility.c index 8c08bdc..049fcd1 100644 --- a/eBones/libexec/telnetd/utility.c +++ b/eBones/libexec/telnetd/utility.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)utility.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)utility.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ #define PRINTOPTIONS @@ -220,7 +220,7 @@ netclear() next = nextitem(next); } while (wewant(next) && (nfrontp > next)); length = next-thisitem; - bcopy(thisitem, good, length); + memmove(good, thisitem, length); good += length; thisitem = next; } else { @@ -327,7 +327,7 @@ writenet(ptr, len) netflush(); } - bcopy(ptr, nfrontp, len); + memmove(nfrontp, ptr, len); nfrontp += len; } /* end of writenet */ @@ -368,7 +368,7 @@ fatalperror(f, msg) { char buf[BUFSIZ], *strerror(); - (void) sprintf(buf, "%s: %s\r\n", msg, strerror(errno)); + (void) sprintf(buf, "%s: %s", msg, strerror(errno)); fatal(f, buf); } @@ -449,9 +449,9 @@ putf(cp, where) time_t t; char db[100]; #ifdef STREAMSPTY - extern char *index(); + extern char *strchr(); #else - extern char *rindex(); + extern char *strrchr(); #endif putlocation = where; @@ -466,9 +466,9 @@ putf(cp, where) case 't': #ifdef STREAMSPTY /* names are like /dev/pts/2 -- we want pts/2 */ - slash = index(line+1, '/'); + slash = strchr(line+1, '/'); #else - slash = rindex(line, '/'); + slash = strrchr(line, '/'); #endif if (slash == (char *) 0) putstr(line); @@ -713,7 +713,7 @@ printsub(direction, pointer, length) break; } break; - + case LM_SLC: sprintf(nfrontp, "SLC"); nfrontp += strlen(nfrontp); @@ -863,7 +863,7 @@ printsub(direction, pointer, length) nfrontp += strlen(nfrontp); break; - + default: sprintf(nfrontp, " %d", pointer[i]); nfrontp += strlen(nfrontp); @@ -966,7 +966,7 @@ printsub(direction, pointer, length) case TELOPT_AUTHENTICATION: sprintf(nfrontp, "AUTHENTICATION"); nfrontp += strlen(nfrontp); - + if (length < 2) { sprintf(nfrontp, " (empty suboption??\?)"); nfrontp += strlen(nfrontp); @@ -1171,13 +1171,13 @@ printdata(tag, ptr, cnt) nfrontp += strlen(nfrontp); for (i = 0; i < 20 && cnt; i++) { sprintf(nfrontp, "%02x", *ptr); - nfrontp += strlen(nfrontp); + nfrontp += strlen(nfrontp); if (isprint(*ptr)) { xbuf[i] = *ptr; } else { xbuf[i] = '.'; } - if (i % 2) { + if (i % 2) { *nfrontp = ' '; nfrontp++; } @@ -1187,6 +1187,6 @@ printdata(tag, ptr, cnt) xbuf[i] = '\0'; sprintf(nfrontp, " %s\r\n", xbuf ); nfrontp += strlen(nfrontp); - } + } } #endif /* DIAGNOSTICS */ diff --git a/eBones/libkadm/EXPORTABLE b/eBones/libkadm/EXPORTABLE new file mode 100644 index 0000000..e478483 --- /dev/null +++ b/eBones/libkadm/EXPORTABLE @@ -0,0 +1,4 @@ +The files in this directory are believed to be exportable. + +-GAWollman + diff --git a/eBones/libkadm/Makefile b/eBones/libkadm/Makefile new file mode 100644 index 0000000..f587d5c --- /dev/null +++ b/eBones/libkadm/Makefile @@ -0,0 +1,23 @@ +# $Id$ + +LIB= kadm + +SRCS= kadm_err.c kadm_stream.c kadm_supp.c kadm_cli_wrap.c +CFLAGS+= -I. -I${.CURDIR} -I${.CURDIR}/../include -I${KRBOBJDIR} -DPOSIX +CLEANFILES+= kadm_err.c kadm_err.h + +kadm_err.c kadm_err.h: kadm_err.et + test -e kadm_err.et || ln -s ${.CURDIR}/kadm_err.et . + compile_et kadm_err.et + +beforeinstall: + -cd ${.CURDIR}; cmp -s kadm.h \ + ${DESTDIR}/usr/include/kerberosIV/kadm.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm.h \ + ${DESTDIR}/usr/include/kerberosIV + -cd ${.OBJDIR}; cmp -s kadm_err.h \ + ${DESTDIR}/usr/include/kerberosIV/kadm_err.h || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 kadm_err.h \ + ${DESTDIR}/usr/include/kerberosIV + +.include <bsd.lib.mk> diff --git a/eBones/libkadm/kadm.h b/eBones/libkadm/kadm.h new file mode 100644 index 0000000..965b530 --- /dev/null +++ b/eBones/libkadm/kadm.h @@ -0,0 +1,140 @@ +/* + * $Source: /home/ncvs/src/eBones/libkadm/kadm.h,v $ + * $Author: wollman $ + * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/include/RCS/kadm.h,v 4.2 89/09/26 09:15:20 jtkohl Exp + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +/* for those broken Unixes without this defined... should be in sys/param.h */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif + +#include <sys/types.h> +#include <netinet/in.h> +#include <krb.h> +#include <des.h> + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_char fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + unsigned long key_low; + unsigned long key_high; + unsigned long exp_date; + unsigned short attributes; + unsigned char max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 + +extern long kdb_get_master_key(); /* XXX should be in krb_db.h */ +extern long kdb_verify_master_key(); /* XXX ditto */ + +extern long krb_mk_priv(), krb_rd_priv(); /* XXX should be in krb.h */ +extern void krb_set_tkt_string(); /* XXX ditto */ + +extern unsigned long quad_cksum(); /* XXX should be in des.h */ + +/* XXX This doesn't belong here!!! */ +char *malloc(), *realloc(); +#ifdef POSIX +typedef void sigtype; +#else +typedef int sigtype; +#endif + +#endif KADM_DEFS diff --git a/eBones/libkadm/kadm_cli_wrap.c b/eBones/libkadm/kadm_cli_wrap.c new file mode 100644 index 0000000..7e1cfa9 --- /dev/null +++ b/eBones/libkadm/kadm_cli_wrap.c @@ -0,0 +1,499 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server client-side routines + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_cli_wrap_c[] = +"from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp"; +#endif +static const char rcsid[] = + "$Id: kadm_cli_wrap.c,v 1.1 1995/01/20 02:02:51 wollman Exp $"; +#endif lint + +/* + * kadm_cli_wrap.c the client side wrapping of the calls to the admin server + */ + +#include <sys/types.h> +#include <errno.h> +#include <signal.h> +#include <netdb.h> +#include <sys/socket.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_err.h> + +#ifndef NULL +#define NULL 0 +#endif + +static Kadm_Client client_parm; + +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} + +/* Keys for use in the transactions */ +static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ +static Key_schedule sess_sched; + +static +clear_secrets() +{ + bzero((char *)sess_key, sizeof(sess_key)); + bzero((char *)sess_sched, sizeof(sess_sched)); + return; +} + +/* + * kadm_init_link + * receives : name, inst, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ +kadm_init_link(n, i, r) +char n[]; +char i[]; +char r[]; +{ + struct servent *sep; /* service we will talk to */ + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MAXHOSTNAMELEN]; + + (void) init_kadm_err_tbl(); + (void) init_krb_err_tbl(); + (void) strcpy(client_parm.sname, n); + (void) strcpy(client_parm.sinst, i); + (void) strcpy(client_parm.krbrlm, r); + client_parm.admin_fd = -1; + + /* set up the admin_addr - fetch name of admin host */ + if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + if ((hop = gethostbyname(adm_hostname)) == NULL) + return KADM_UNK_HOST; /* couldnt find the admin servers + * address */ + if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) + return KADM_NO_SERV; /* couldnt find the admin service */ + bzero((char *) &client_parm.admin_addr, + sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_family = hop->h_addrtype; + bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr, + hop->h_length); + client_parm.admin_addr.sin_port = sep->s_port; + + return KADM_SUCCESS; +} /* procedure kadm_init_link */ + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ +kadm_change_pw(newkey) +des_cblock newkey; /* The DES form of the users key */ +{ + int stsize, retc; /* stream size and return code */ + u_char *send_st; /* send stream */ + u_char *ret_st; + int ret_sz; + u_long keytmp; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + /* possible problem with vts_long on a non-multiple of four boundary */ + + stsize = 0; /* start of our output packet */ + send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st[stsize++] = (u_char) CHANGE_PW; + + /* change key to stream */ + + bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4); + keytmp = htonl(keytmp); + stsize += vts_long(keytmp, &send_st, stsize); + + bcopy((char *) newkey, (char *) &keytmp, 4); + keytmp = htonl(keytmp); + stsize += vts_long(keytmp, &send_st, stsize); + + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); + free((char *)send_st); + if (retc == KADM_SUCCESS) { + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_add + * receives : vals + * returns : vals + * + * Adds and entry containing values to the database returns the values of the + * entry, so if you leave certain fields blank you will be able to determine + * the default values they are set to + */ +kadm_add(vals) +Kadm_vals *vals; +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) ADD_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_mod + * receives : KTEXT, {values, values} + * returns : CKSUM, RETCODE, {values} + * acl : su, sms (as register or dealloc) + * + * Modifies all entries corresponding to the first values so they match the + * second values. returns the values for the changed entries in vals2 + */ +kadm_mod(vals1, vals2) +Kadm_vals *vals1; +Kadm_vals *vals2; +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len, nlen; /* st2 the final stream with opcode */ + u_char *ret_st; + int ret_sz; + + /* nlen is the length of second vals */ + int retc; /* return code from call */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + + st_len = vals_to_stream(vals1, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) MOD_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len++); /* append st on */ + free((char *)st); + nlen = vals_to_stream(vals2, &st); + st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */ + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals2, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_get + * receives : KTEXT, {values, flags} + * returns : CKSUM, RETCODE, {count, values, values, values} + * acl : su + * + * gets the fields requested by flags from all entries matching values returns + * this data for each matching recipient, after a count of how many such + * matches there were + */ +kadm_get(vals, fl) +Kadm_vals *vals; +u_char fl[4]; + +{ + int loop; /* for copying the fields data */ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + *st2 = (u_char) GET_ENT; /* here's the opcode */ + bcopy((char *) st, (char *) st2 + 1, st_len); /* append st on */ + for (loop = FLDSZ - 1; loop >= 0; loop--) + *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); + free((char *)st); + free((char *)st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free((char *)ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz) +u_char *st_dat; /* the actual data */ +int st_siz; /* length of said data */ +u_char **ret_dat; /* to give return info */ +int *ret_siz; /* length of returned info */ +{ + int act_len, retdat; /* current offset into packet, return + * data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + int priv_len; /* length of private packet */ + u_long cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + + act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ + (void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(sess_key, sess_sched)) != KADM_SUCCESS) { + free((char *)act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + /* 200 bytes for extra info case */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, + sess_sched, sess_key, &client_parm.my_addr, + &client_parm.admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose + * here */ + /* here is the length of priv data. receiver calcs + size of authenticator by subtracting vno size, priv size, and + sizeof(u_long) (for the size indication) from total size */ + + act_len += vts_long((u_long) priv_len, &act_st, act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = quad_cksum(priv_pak, (u_long *)0, (long)priv_len, 0, + sess_key); +#endif + if (retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, (long)cksum)) { + /* authenticator? */ + RET_N_FREE(retdat + krb_err_base); + } + + act_st = (u_char *) realloc((char *) act_st, + (unsigned) (act_len + authent.length + + priv_len)); + if (!act_st) { + clear_secrets(); + free((char *)priv_pak); + return(KADM_NOMEM); + } + bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length); + bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length, + priv_len); + free((char *)priv_pak); + if ((retdat = kadm_cli_out(act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free((char *)act_st); +#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);} + + /* first see if it's a YOULOUSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { + u_long errcode; + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + sizeof(u_long)) + RET_N_FREE2(KADM_BAD_VER); + bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode, + sizeof(u_long)); + retdat = (int) ntohl(errcode); + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if (retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, + sess_key, &client_parm.admin_addr, + &client_parm.my_addr, &mdat)) + RET_N_FREE2(retdat+krb_err_base); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + bcopy((char *)mdat.app_data+KADM_VERSIZE, + (char *)&retdat, sizeof(u_long)); + retdat = ntohl((u_long)retdat); + if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length - + KADM_VERSIZE - sizeof(u_long))))) + RET_N_FREE2(KADM_NOMEM); + bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_long), + (char *)return_dat, + (int)mdat.app_length - KADM_VERSIZE - sizeof(u_long)); + free((char *)*ret_dat); + clear_secrets(); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_long); + return retdat; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +kadm_cli_keyd(s_k, s_s) +des_cblock s_k; /* session key */ +des_key_schedule s_s; /* session key schedule */ +{ + CREDENTIALS cred; /* to get key data */ + int stat; + + /* want .sname and .sinst here.... */ + if (stat = krb_get_cred(client_parm.sname, client_parm.sinst, + client_parm.krbrlm, &cred)) + return stat + krb_err_base; + bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock)); + bzero((char *) cred.session, sizeof(des_cblock)); +#ifdef NOENCRYPTION + bzero(s_s, sizeof(des_key_schedule)); +#else + if (stat = key_sched(s_k,s_s)) + return(stat+krb_err_base); +#endif + return KADM_SUCCESS; +} /* This code "works" */ + +static sigtype (*opipe)(); + +kadm_cli_conn() +{ /* this connects and sets my_addr */ + int on = 1; + + if ((client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (connect(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.admin_addr))) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = signal(SIGPIPE, SIG_IGN); + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if (getsockname(client_parm.admin_fd, + (struct sockaddr *) & client_parm.my_addr, + &client_parm.my_addr_len) < 0) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) signal(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on, + sizeof(on)) < 0) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + (void) signal(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } + return KADM_SUCCESS; +} + +kadm_cli_disconn() +{ + (void) close(client_parm.admin_fd); + (void) signal(SIGPIPE, opipe); + return; +} + +kadm_cli_out(dat, dat_len, ret_dat, ret_siz) +u_char *dat; +int dat_len; +u_char **ret_dat; +int *ret_siz; +{ + extern int errno; + u_short dlen; + int retval; + + dlen = (u_short) dat_len; + + if (dat_len != (int)dlen) + return (KADM_NO_ROOM); + + dlen = htons(dlen); + if (krb_net_write(client_parm.admin_fd, (char *) &dlen, + sizeof(u_short)) < 0) + return (errno); /* XXX */ + + if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + return (errno); /* XXX */ + + if (retval = krb_net_read(client_parm.admin_fd, (char *) &dlen, + sizeof(u_short)) != sizeof(u_short)) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + + dlen = ntohs(dlen); + *ret_dat = (u_char *)malloc((unsigned)dlen); + if (!*ret_dat) + return(KADM_NOMEM); + + if (retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat, + (int) dlen) != dlen) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + *ret_siz = (int) dlen; + return KADM_SUCCESS; +} diff --git a/eBones/libkadm/kadm_err.et b/eBones/libkadm/kadm_err.et new file mode 100644 index 0000000..9a04851 --- /dev/null +++ b/eBones/libkadm/kadm_err.et @@ -0,0 +1,53 @@ +# $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v $ +# $Author: jtkohl $ +# $Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v 4.0 89/01/24 15:16:10 jtkohl Exp $ +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_err.et,v 4.0 89/01/24 15:16:10 jtkohl Exp $" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database is locked or in use--try again later" +end diff --git a/eBones/libkadm/kadm_stream.c b/eBones/libkadm/kadm_stream.c new file mode 100644 index 0000000..6ceb02e --- /dev/null +++ b/eBones/libkadm/kadm_stream.c @@ -0,0 +1,273 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Stream conversion functions for Kerberos administration server + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_stream_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_stream.c,v 4.2 89/09/26 09:20:48 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_stream.c,v 1.1 1995/01/20 02:02:53 wollman Exp $"; +#endif lint + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include "kadm.h" + +#define min(a,b) (((a) < (b)) ? (a) : (b)) + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +vals_to_stream(dt_in, dt_out) +Kadm_vals *dt_in; +u_char **dt_out; +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize+=vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize+=vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + break; + case KADM_ATTR: + stsize+=vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize+=vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize+=vts_long(dt_in->key_high, dt_out, stsize); + stsize+=vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } +} + return(stsize); +} + +build_field_header(cont, st) +u_char *cont; /* container for fields data */ +u_char **st; /* stream */ +{ + *st = (u_char *) malloc (4); + bcopy((char *) cont, (char *) *st, 4); + return 4; /* return pointer to current stream location */ +} + +vts_string(dat, st, loc) +char *dat; /* a string to put on the stream */ +u_char **st; /* base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1)); + bcopy(dat, (char *)(*st + loc), strlen(dat)+1); + return strlen(dat)+1; +} + +vts_short(dat, st, loc) +u_short dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + u_short temp; /* to hold the net order short */ + + temp = htons(dat); /* convert to network order */ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_short))); + bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_short)); + return sizeof(u_short); +} + +vts_long(dat, st, loc) +u_long dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + u_long temp; /* to hold the net order short */ + + temp = htonl(dat); /* convert to network order */ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_long))); + bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_long)); + return sizeof(u_long); +} + + +vts_char(dat, st, loc) +u_char dat; /* the attributes field */ +u_char **st; /* a base pointer to the stream */ +int loc; /* offset into the stream for current data */ +{ + *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char))); + (*st)[loc] = (u_char) dat; + return 1; +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +stream_to_vals(dt_in, dt_out, maxlen) +u_char *dt_in; +Kadm_vals *dt_out; +int maxlen; /* max length to use */ +{ + register int vsloop, stsize; /* loop counter, stream size */ + register int status; + + bzero((char *) dt_out, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return(-1); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + if ((status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_INST: + if ((status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_EXPDATE: + if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_ATTR: + if ((status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MAXLIFE: + if ((status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_DESKEY: + if ((status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + if ((status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + default: + break; + } + return stsize; +} + +check_field_header(st, cont, maxlen) +u_char *st; /* stream */ +u_char *cont; /* container for fields data */ +int maxlen; +{ + if (4 > maxlen) + return(-1); + bcopy((char *) st, (char *) cont, 4); + return 4; /* return pointer to current stream location */ +} + +stv_string(st, dat, loc, stlen, maxlen) +register u_char *st; /* base pointer to the stream */ +char *dat; /* a string to read from the stream */ +register int loc; /* offset into the stream for current data */ +int stlen; /* max length of string to copy in */ +int maxlen; /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + maxcount = min(maxlen - loc, stlen); + + (void) strncpy(dat, (char *)st + loc, maxcount); + + if (dat[maxcount-1]) /* not null-term --> not enuf room */ + return(-1); + return strlen(dat)+1; +} + +stv_short(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_short *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; +{ + u_short temp; /* to hold the net order short */ + + if (loc + sizeof(u_short) > maxlen) + return(-1); + bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short)); + *dat = ntohs(temp); /* convert to network order */ + return sizeof(u_short); +} + +stv_long(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_long *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; /* maximum length of st */ +{ + u_long temp; /* to hold the net order short */ + + if (loc + sizeof(u_long) > maxlen) + return(-1); + bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long)); + *dat = ntohl(temp); /* convert to network order */ + return sizeof(u_long); +} + +stv_char(st, dat, loc, maxlen) +u_char *st; /* a base pointer to the stream */ +u_char *dat; /* the attributes field */ +int loc; /* offset into the stream for current data */ +int maxlen; +{ + if (loc + 1 > maxlen) + return(-1); + *dat = *(st + loc); + return 1; +} + diff --git a/eBones/libkadm/kadm_supp.c b/eBones/libkadm/kadm_supp.c new file mode 100644 index 0000000..8b18621 --- /dev/null +++ b/eBones/libkadm/kadm_supp.c @@ -0,0 +1,114 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Support functions for Kerberos administration server & clients + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_supp_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/lib/kadm/RCS/kadm_supp.c,v 4.1 89/09/26 09:21:07 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_supp.c,v 1.1 1995/01/20 02:02:54 wollman Exp $"; +#endif lint + +/* + kadm_supp.c + this holds the support routines for the kerberos administration server + + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits + prin_vals: prints out data associated with a Principal in the vals + structure +*/ + +#include "kadm.h" +#include "krb_db.h" + +/* +prin_vals: + recieves : a vals structure +*/ +prin_vals(vals) +Kadm_vals *vals; +{ + printf("Info in Database for %s.%s:\n", vals->name, vals->instance); + printf(" Max Life: %d Exp Date: %s\n",vals->max_life, + asctime(localtime((long *)&vals->exp_date))); + printf(" Attribs: %.2x key: %u %u\n",vals->attributes, + vals->key_low, vals->key_high); +} + +#ifdef notdef +nierror(s) +int s; +{ + extern char *error_message(); + printf("Kerberos admin server loses..... %s\n",error_message(s)); + return(s); +} +#endif + +/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, + it copies the fields in Principal specified by fields into Kadm_vals, + i.e from old to new */ + +kadm_prin_to_vals(fields, new, old) +u_char fields[FLDSZ]; +Kadm_vals *new; +Principal *old; +{ + bzero((char *)new, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) { + (void) strncpy(new->name, old->name, ANAME_SZ); + SET_FIELD(KADM_NAME, new->fields); + } + if (IS_FIELD(KADM_INST,fields)) { + (void) strncpy(new->instance, old->instance, INST_SZ); + SET_FIELD(KADM_INST, new->fields); + } + if (IS_FIELD(KADM_EXPDATE,fields)) { + new->exp_date = old->exp_date; + SET_FIELD(KADM_EXPDATE, new->fields); + } + if (IS_FIELD(KADM_ATTR,fields)) { + new->attributes = old->attributes; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_MAXLIFE,fields)) { + new->max_life = old->max_life; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + SET_FIELD(KADM_DESKEY, new->fields); + } +} + +kadm_vals_to_prin(fields, new, old) +u_char fields[FLDSZ]; +Principal *new; +Kadm_vals *old; +{ + + bzero((char *)new, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) + (void) strncpy(new->name, old->name, ANAME_SZ); + if (IS_FIELD(KADM_INST,fields)) + (void) strncpy(new->instance, old->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,fields)) + new->exp_date = old->exp_date; + if (IS_FIELD(KADM_ATTR,fields)) + new->attributes = old->attributes; + if (IS_FIELD(KADM_MAXLIFE,fields)) + new->max_life = old->max_life; + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + } +} diff --git a/eBones/man/Makefile b/eBones/man/Makefile index 8de00f0..849a430 100644 --- a/eBones/man/Makefile +++ b/eBones/man/Makefile @@ -1,13 +1,12 @@ # from: @(#)Makefile 5.4 (Berkeley) 7/25/90 -# $Id: Makefile,v 1.2 1994/07/19 19:27:15 g89r4222 Exp $ +# $Id: Makefile,v 1.3 1995/01/20 01:26:53 wollman Exp $ -MAN1= kdestroy.1 kerberos.1 kinit.1 klist.1 ksrvtgt.1 \ - kpasswd.1 ksu.1 rcp.1 rlogin.1 rsh.1 tftp.1 +MAN1= kdestroy.1 kerberos.1 kinit.1 klist.1 ksrvtgt.1 MAN3= acl_check.3 des_crypt.3 krb.3 krb_realmofhost.3 krb_sendauth.3 \ - krb_set_tkt_string.3 kuserok.3 tf_util.3 kerberos.3 + krb_set_tkt_string.3 kuserok.3 tf_util.3 MAN5= krb.conf.5 krb.realms.5 MAN8= ext_srvtab.8 kdb_destroy.8 kdb_edit.8 kdb_init.8 kdb_util.8 kstash.8 \ - kadmin.8 kadmind.8 klogind.8 kshd.8 ksrvutil.8 tcom.8 tftpd.8 + kadmin.8 kadmind.8 MLINKS+=krb_realmofhost.3 realm.3 MLINKS+=des_crypt.3 des.3 MLINKS+=krb.3 kerberos.3 krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 diff --git a/eBones/man/acl_check.3 b/eBones/man/acl_check.3 index c142506..2e5129c 100644 --- a/eBones/man/acl_check.3 +++ b/eBones/man/acl_check.3 @@ -1,5 +1,5 @@ .\" from: acl_check.3,v 4.1 89/01/23 11:06:54 jtkohl Exp $ -.\" $Id: acl_check.3,v 1.2 1994/07/19 19:27:17 g89r4222 Exp $ +.\" $Id: acl_check.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -16,7 +16,7 @@ acl_delete, acl_initialize \- Access control list routines cc <files> \-lacl \-lkrb .PP .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B acl_canonicalize_principal(principal, buf) @@ -98,7 +98,7 @@ must contain enough space to store a principal, given the limits on the sizes of name, instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, respectively, in -.IR /usr/include/krb.h . +.IR /usr/include/kerberosIV/krb.h . .PP .I acl_check returns nonzero if diff --git a/eBones/man/des_crypt.3 b/eBones/man/des_crypt.3 index 0be8342..2d91b6d 100644 --- a/eBones/man/des_crypt.3 +++ b/eBones/man/des_crypt.3 @@ -1,5 +1,5 @@ .\" from: des_crypt.3,v 4.3 89/01/23 17:08:59 steiner Exp $ -.\" $Id: des_crypt.3,v 1.2 1994/07/19 19:27:19 g89r4222 Exp $ +.\" $Id: des_crypt.3,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -14,7 +14,7 @@ des_quad_cksum, \- (new) DES encryption .nf .nj .ft B -#include <des.h> +#include <kerberosIV/des.h> .PP .ft B .B int des_read_password(key,prompt,verify) @@ -361,7 +361,7 @@ the computed checksum are written into the output. .PP .PP .SH FILES -/usr/include/des.h +/usr/include/kerberosIV/des.h .br /usr/lib/libdes.a .SH "SEE ALSO" diff --git a/eBones/man/ext_srvtab.8 b/eBones/man/ext_srvtab.8 index af980a9..565c3a3 100644 --- a/eBones/man/ext_srvtab.8 +++ b/eBones/man/ext_srvtab.8 @@ -1,5 +1,5 @@ .\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id: ext_srvtab.8,v 1.2 1994/07/19 19:27:20 g89r4222 Exp $ +.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -50,14 +50,13 @@ match the given realm rather than the local realm. The master key string entered was incorrect. .SH FILES .TP 20n -.IR hostname -new-srvtab -Service key file generated for -.I hostname +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH SEE ALSO read_service_key(3), krb_get_phost(3) diff --git a/eBones/man/kadmind.8 b/eBones/man/kadmind.8 index 59075ee..1eb10d7 100644 --- a/eBones/man/kadmind.8 +++ b/eBones/man/kadmind.8 @@ -1,5 +1,5 @@ .\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $ +.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -95,19 +95,19 @@ in the database. A principal is always granted authorization to change its own password. .SH FILES .TP 20n -/kerberos/admin_server.syslog +/var/log/kadmind.syslog Default log file. .TP -/kerberos -Default access control list directory. +/etc/kerberosIV/admin_acl.{add,get,mod} +Access control list files .TP -admin_acl.{add,get,mod} -Access control list files (within the directory) +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -Default DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) diff --git a/eBones/man/kdb_destroy.8 b/eBones/man/kdb_destroy.8 index 93db466..2e57876 100644 --- a/eBones/man/kdb_destroy.8 +++ b/eBones/man/kdb_destroy.8 @@ -1,5 +1,5 @@ .\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id: kdb_destroy.8,v 1.2 1994/07/19 19:27:26 g89r4222 Exp $ +.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -27,7 +27,10 @@ access permission error). The user aborted the deletion. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database +.TP +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .SH SEE ALSO kdb_init(8) diff --git a/eBones/man/kdb_edit.8 b/eBones/man/kdb_edit.8 index 1cfd6ed..b2630c5 100644 --- a/eBones/man/kdb_edit.8 +++ b/eBones/man/kdb_edit.8 @@ -1,5 +1,5 @@ .\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id: kdb_edit.8,v 1.2 1994/07/19 19:27:27 g89r4222 Exp $ +.\" $Id: kdb_edit.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -48,8 +48,11 @@ printed. The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/man/kdb_init.8 b/eBones/man/kdb_init.8 index 54537ad..d884d00 100644 --- a/eBones/man/kdb_init.8 +++ b/eBones/man/kdb_init.8 @@ -1,5 +1,5 @@ .\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id: kdb_init.8,v 1.2 1994/07/19 19:27:29 g89r4222 Exp $ +.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -21,21 +21,25 @@ If the optional .I realm argument is not present, .I kdb_init -prompts for a realm name (defaulting to the definition in /usr/include/krb.h). +prompts for a realm name (defaulting to the definition in +/usr/include/kerberosIV/krb.h). After determining the realm to be created, it prompts for a master key password. The master key password is used to encrypt every encryption key stored in the database. .SH DIAGNOSTICS .TP 20n -"/kerberos/principal: File exists" +"/etc/kerberosIV/principal: File exists" An attempt was made to create a database on a machine which already had an existing database. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/usr/include/krb.h +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/usr/include/kerberosIV/krb.h Include file defining default realm .SH SEE ALSO kdb_destroy(8) diff --git a/eBones/man/kdb_util.8 b/eBones/man/kdb_util.8 index 30a3b9f..4183ef3 100644 --- a/eBones/man/kdb_util.8 +++ b/eBones/man/kdb_util.8 @@ -1,5 +1,5 @@ .\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.2 1994/07/19 19:27:30 g89r4222 Exp $ +.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -56,9 +56,9 @@ is encrypted using the new format (encrypted directly with master key). The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -.IR filename .ok +.IR filename .dump_ok semaphore file created by .IR slave_dump. diff --git a/eBones/man/klist.1 b/eBones/man/klist.1 index a66e668..af7e31a 100644 --- a/eBones/man/klist.1 +++ b/eBones/man/klist.1 @@ -1,5 +1,5 @@ .\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.2 1994/07/19 19:27:38 g89r4222 Exp $ +.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -65,16 +65,16 @@ keys contained therein are printed. If no file is specified with a .B \-file option, the default is -.IR /etc/srvtab . +.IR /etc/kerberosIV/srvtab . .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm .TP /tmp/tkt[uid] as the default ticket file ([uid] is the decimal UID of the user). .TP -/etc/srvtab +/etc/kerberosIV/srvtab as the default service key file .SH SEE ALSO .PP diff --git a/eBones/man/krb.3 b/eBones/man/krb.3 index 208f034..98a720b 100644 --- a/eBones/man/krb.3 +++ b/eBones/man/krb.3 @@ -1,6 +1,6 @@ -.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $ -.\" $Author: bostic $ -.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $ +.\" $Source: /home/ncvs/src/eBones/man/krb.3,v $ +.\" $Author: rgrimes $ +.\" $Header: /home/ncvs/src/eBones/man/krb.3,v 1.1.1.1 1994/05/27 05:12:09 rgrimes Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -133,7 +133,7 @@ to the calling procedure. It is up to the application to get the authenticator to the service where it will be read by .I krb_rd_req. -Unless an attacker possesses the session key contained in the ticket, it +Unless an attacker posesses the session key contained in the ticket, it will be unable to modify the authenticator. Thus, the checksum can be used to verify the authenticity of the other data that will pass through a connection. @@ -171,15 +171,15 @@ particular problem encountered. See for the list of error codes. .PP If the last argument is the null string (""), krb_rd_req will use the -file /etc/srvtab to find its keys. If the last argument is NULL, it -will assume that the key has been set by +file /etc/kerberosIV/srvtab to find its keys. If the last argument is +NULL, it will assume that the key has been set by .I krb_set_key and will not bother looking further. .PP .I krb_kntoln converts a Kerberos name to a local name. It takes a structure of type AUTH_DAT and uses the name and instance to look in the database -/etc/aname to find the corresponding local name. The local name is +/etc/kerberosIV/aname to find the corresponding local name. The local name is returned and can be used by an application to change uids, directories, or other parameters. It is not an integral part of Kerberos, but is instead provided to support the use of Kerberos in existing utilities. diff --git a/eBones/man/krb.conf.5 b/eBones/man/krb.conf.5 index ac977bb..4a87007 100644 --- a/eBones/man/krb.conf.5 +++ b/eBones/man/krb.conf.5 @@ -1,5 +1,5 @@ .\" from: krb.conf.5,v 4.1 89/01/23 11:10:34 jtkohl Exp $ -.\" $Id: krb.conf.5,v 1.2 1994/07/19 19:27:43 g89r4222 Exp $ +.\" $Id: krb.conf.5,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -7,7 +7,7 @@ .\" .TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME -/etc/krb.conf \- Kerberos configuration file +/etc/kerberosIV/krb.conf \- Kerberos configuration file .SH DESCRIPTION .I krb.conf contains configuration information describing the Kerberos realm and the diff --git a/eBones/man/krb.realms.5 b/eBones/man/krb.realms.5 index 90226a9..877477f 100644 --- a/eBones/man/krb.realms.5 +++ b/eBones/man/krb.realms.5 @@ -1,5 +1,5 @@ .\" from: krb.realms.5,v 4.1 89/01/23 11:10:41 jtkohl Exp $ -.\" $Id: krb.realms.5,v 1.2 1994/07/19 19:27:45 g89r4222 Exp $ +.\" $Id: krb.realms.5,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -7,7 +7,7 @@ .\" .TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME -/etc/krb.realms \- host to Kerberos realm translation file +/etc/kerberosIV/krb.realms \- host to Kerberos realm translation file .SH DESCRIPTION .I krb.realms provides a translation from a hostname to the Kerberos realm name for diff --git a/eBones/man/krb_realmofhost.3 b/eBones/man/krb_realmofhost.3 index f284069..63aa1eb 100644 --- a/eBones/man/krb_realmofhost.3 +++ b/eBones/man/krb_realmofhost.3 @@ -1,5 +1,5 @@ .\" from: krb_realmofhost.3,v 4.1 89/01/23 11:10:47 jtkohl Exp $ -.\" $Id: krb_realmofhost.3,v 1.2 1994/07/19 19:27:46 g89r4222 Exp $ +.\" $Id: krb_realmofhost.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ krb_get_lrealm \- additional Kerberos utility routines .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .ft B @@ -48,7 +48,7 @@ int n; returns the Kerberos realm of the host .IR host , as determined by the translation table -.IR /etc/krb.realms . +.IR /etc/kerberosIV/krb.realms . .I host should be the fully-qualified domain-style primary host name of the host in question. In order to prevent certain security attacks, this routine @@ -96,7 +96,7 @@ with the hostname of the host running a Kerberos key distribution center (KDC) for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). The configuration file is described by .IR krb.conf (5). If the host is successfully filled in, the routine @@ -119,7 +119,7 @@ with the hostname of the host running a Kerberos KDC database administration server for realm .IR realm , -as specified in the configuration file (\fI/etc/krb.conf\fR). +as specified in the configuration file (\fI/etc/kerberosIV/krb.conf\fR). If the file cannot be opened or is malformed, or there are fewer than .I n hosts running a Kerberos KDC database administration server, @@ -145,10 +145,10 @@ should be at least REALM_SZ (from kerberos(3), krb.conf(5), krb.realms(5) .SH FILES .TP 20n -/etc/krb.realms +/etc/kerberosIV/krb.realms translation file for host-to-realm mapping. .TP -/etc/krb.conf +/etc/kerberosIV/krb.conf local realm-name and realm/server configuration file. .SH BUGS The current convention for instance names is too limited; the full diff --git a/eBones/man/krb_sendauth.3 b/eBones/man/krb_sendauth.3 index f5e95b7..a749bb5 100644 --- a/eBones/man/krb_sendauth.3 +++ b/eBones/man/krb_sendauth.3 @@ -1,5 +1,5 @@ .\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.2 1994/07/19 19:27:47 g89r4222 Exp $ +.\" $Id: krb_sendauth.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1988 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,8 +13,8 @@ Kerberos routines for sending authentication via network stream sockets .nf .nj .ft B -#include <krb.h> -#include <des.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> #include <netinet/in.h> .PP .fi @@ -295,7 +295,7 @@ function. If you set this argument to "", .I krb_rd_req looks for the service key in the file -.IR /etc/srvtab. +.IR /etc/kerberosIV/srvtab. If the client and server are performing mutual authenication, the @@ -345,4 +345,4 @@ John T. Kohl, MIT Project Athena .SH RESTRICTIONS Copyright 1988, Massachusetts Instititute of Technology. For copying and distribution information, -please see the file <mit-copyright.h>. +please see the file <Copyright.h>. diff --git a/eBones/man/krb_set_tkt_string.3 b/eBones/man/krb_set_tkt_string.3 index c9f3dcf..73b5e5d 100644 --- a/eBones/man/krb_set_tkt_string.3 +++ b/eBones/man/krb_set_tkt_string.3 @@ -1,5 +1,5 @@ .\" from: krb_set_tkt_string.3,v 4.1 89/01/23 11:11:09 jtkohl Exp $ -.\" $Id: krb_set_tkt_string.3,v 1.2 1994/07/19 19:27:49 g89r4222 Exp $ +.\" $Id: krb_set_tkt_string.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ krb_set_tkt_string \- set Kerberos ticket cache file name .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B void krb_set_tkt_string(filename) diff --git a/eBones/man/ksrvtgt.1 b/eBones/man/ksrvtgt.1 index 25fd939..129c745 100644 --- a/eBones/man/ksrvtgt.1 +++ b/eBones/man/ksrvtgt.1 @@ -1,5 +1,5 @@ .\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.2 1994/07/19 19:27:52 g89r4222 Exp $ +.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -25,7 +25,7 @@ is not supplied on the command line), decrypts the response using the service key found in .I srvtab (or in -.B /etc/srvtab +.B /etc/kerberosIV/srvtab if .I srvtab is not specified on the command line), and stores the ticket in the @@ -39,13 +39,13 @@ problems, the most common of which is the inability to read the service key file. .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm. .TP /tmp/tkt[uid] The default ticket file. .TP -/etc/srvtab +/etc/kerberosIV/srvtab The default service key file. .SH SEE ALSO kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/man/kstash.8 b/eBones/man/kstash.8 index d83379a..ac8c57b 100644 --- a/eBones/man/kstash.8 +++ b/eBones/man/kstash.8 @@ -1,5 +1,5 @@ .\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id: kstash.8,v 1.2 1994/07/19 19:27:55 g89r4222 Exp $ +.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -34,8 +34,11 @@ system call returned an error while was attempting to write the key to the file. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/man/kuserok.3 b/eBones/man/kuserok.3 index 36968ba..c7581a6 100644 --- a/eBones/man/kuserok.3 +++ b/eBones/man/kuserok.3 @@ -1,5 +1,5 @@ .\" from: kuserok.3,v 4.1 89/01/23 11:11:49 jtkohl Exp $ -.\" $Id: kuserok.3,v 1.2 1994/07/19 19:27:58 g89r4222 Exp $ +.\" $Id: kuserok.3,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -12,7 +12,7 @@ kuserok \- Kerberos version of ruserok .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B kuserok(kdata, localuser) diff --git a/eBones/man/tf_util.3 b/eBones/man/tf_util.3 index 3a9bc94..ee6e436 100644 --- a/eBones/man/tf_util.3 +++ b/eBones/man/tf_util.3 @@ -1,5 +1,5 @@ .\" from: tf_util.3,v 4.2 89/04/25 17:17:11 jtkohl Exp $ -.\" $Id: tf_util.3,v 1.2 1994/07/19 19:28:05 g89r4222 Exp $ +.\" $Id: tf_util.3,v 1.1.1.1 1994/09/30 14:50:08 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -13,7 +13,7 @@ tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ .nf .nj .ft B -#include <krb.h> +#include <kerberosIV/krb.h> .PP .ft B extern char *krb_err_txt[]; diff --git a/eBones/passwd/HOW-TO b/eBones/passwd/HOW-TO new file mode 100644 index 0000000..aad3b9c --- /dev/null +++ b/eBones/passwd/HOW-TO @@ -0,0 +1,247 @@ +Here's how to regenerate this from the original eBones: + +1) Copy kpasswd.c from the admin directory. +2) perl -spi.bak -e 's/\$(Header[^\$]*)\$/$1/g' *.[ch] +3) Apply the following patch: + +*** /home/wollman/kpasswd.orig/kpasswd.c Fri Jan 20 16:01:36 1995 +--- kpasswd.c Fri Jan 20 16:29:57 1995 +*************** +*** 1,10 **** + /* +- * $Source: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v $ +- * $Author: jtkohl $ +- * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * <mit-copyright.h>. + * + * change your password with kerberos +--- 1,7 ---- + /* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file +! * Copyright.MIT. + * + * change your password with kerberos +*************** +*** 12,20 **** + + #ifndef lint + static char rcsid_kpasswd_c[] = + "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; + #endif lint + +- #include <mit-copyright.h> + /* + * kpasswd +--- 9,20 ---- + + #ifndef lint ++ #if 0 + static char rcsid_kpasswd_c[] = + "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; ++ #endif ++ static const char rcsid[] = ++ "$Id$"; + #endif lint + + /* + * kpasswd +*************** +*** 28,36 **** + #include "kadm.h" + + extern void krb_set_tkt_string(); + +! main(argc,argv) +! int argc; +! char *argv[]; + { + char name[ANAME_SZ]; /* name of user */ +--- 28,38 ---- + #include "kadm.h" + ++ #include "extern.h" ++ + extern void krb_set_tkt_string(); ++ static void go_home(char *, int); + +! +! int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) + { + char name[ANAME_SZ]; /* name of user */ +*************** +*** 66,74 **** + default_realm) != KSUCCESS) { + pw = getpwuid((int) getuid()); +! if (pw) +! (void) strcpy(default_name, pw->pw_name); +! else + /* seems like a null name is kinda silly */ +! (void) strcpy(default_name, ""); + strcpy(default_inst, ""); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) +--- 68,77 ---- + default_realm) != KSUCCESS) { + pw = getpwuid((int) getuid()); +! if (pw) { +! strcpy(default_name, pw->pw_name); +! } else { + /* seems like a null name is kinda silly */ +! strcpy(default_name, ""); +! } + strcpy(default_inst, ""); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) +*************** +*** 76,85 **** + } + +! while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) { +! switch (c) { +! case 'u': +! if (status = kname_parse(name, inst, realm, optarg)) { +! fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); +! exit(2); + } + if (realm[0]) +--- 79,85 ---- + } + +! if(uflag) { +! if (status = kname_parse(name, inst, realm, uflag)) { +! errx(2, "Kerberos error: %s", krb_err_txt[status]); + } + if (realm[0]) +*************** +*** 88,130 **** + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); +! break; +! case 'n': +! if (k_isname(optarg)) +! (void) strncpy(name, optarg, sizeof(name) - 1); +! else { +! fprintf(stderr, "Bad name: %s\n", optarg); +! usage(1); +! } +! break; +! case 'i': +! if (k_isinst(optarg)) +! (void) strncpy(inst, optarg, sizeof(inst) - 1); +! else { +! fprintf(stderr, "Bad instance: %s\n", optarg); +! usage(1); + } +! (void) strcpy(inst, optarg); +! break; +! case 'r': +! if (k_isrealm(optarg)) { +! (void) strncpy(realm, optarg, sizeof(realm) - 1); +! realm_given++; + } +! else { +! fprintf(stderr, "Bad realm: %s\n", optarg); +! usage(1); + } +- break; +- case 'h': +- usage(0); +- break; +- default: +- usage(1); +- break; +- } +- use_default = 0; + } +! if (optind < argc) +! usage(1); + + if (use_default) { +--- 88,119 ---- + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); +! } +! +! if(uname) { +! if (k_isname(uname)) { +! strncpy(name, uname, sizeof(name) - 1); +! } else { +! errx(1, "bad name: %s", uname); + } +! } +! +! if(iflag) { +! if (k_isinst(iflag)) { +! strncpy(inst, iflag, sizeof(inst) - 1); +! } else { +! errx(1, "bad instance: %s", iflag); + } +! } +! +! if(rflag) { +! if (k_isrealm(rflag)) { +! strncpy(realm, rflag, sizeof(realm) - 1); +! realm_given++; +! } else { +! errx(1, "bad realm: %s", rflag); + } + } +! +! if(uname || iflag || rflag || uflag) use_default = 0; + + if (use_default) { +*************** +*** 132,137 **** + strcpy(inst, default_inst); + strcpy(realm, default_realm); +! } +! else { + if (!name[0]) + strcpy(name, default_name); +--- 121,125 ---- + strcpy(inst, default_inst); + strcpy(realm, default_realm); +! } else { + if (!name[0]) + strcpy(name, default_name); +*************** +*** 147,153 **** + if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) + != KADM_SUCCESS) +! com_err(argv[0], status, "while initializing"); + else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) +! com_err(argv[0], status, " attempting to change password."); + + if (status != KADM_SUCCESS) +--- 135,141 ---- + if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) + != KADM_SUCCESS) +! com_err("kpasswd", status, "while initializing"); + else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) +! com_err("kpasswd", status, " attempting to change password."); + + if (status != KADM_SUCCESS) +*************** +*** 225,237 **** + } + +! usage(value) +! int value; +! { +! fprintf(stderr, "Usage: "); +! fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] "); +! fprintf(stderr, "[-u fullname]\n"); +! exit(value); +! } +! + go_home(str,x) + char *str; +--- 213,217 ---- + } + +! static void + go_home(str,x) + char *str; diff --git a/eBones/passwd/Makefile b/eBones/passwd/Makefile new file mode 100644 index 0000000..5dba6a3 --- /dev/null +++ b/eBones/passwd/Makefile @@ -0,0 +1,23 @@ +# $Id$ + +PROG= passwd +BINDIR= /usr/bin + +SRCS= local_passwd.c passwd.c pw_copy.c pw_util.c kpasswd.c +.PATH: ${.CURDIR}/../../usr.bin/chpass ${.CURDIR}/../../usr.sbin/vipw \ + ${.CURDIR}/../../usr.bin/rlogin ${.CURDIR}/../../usr.bin/passwd +CFLAGS+= -DKERBEROS -DPOSIX \ + -I${.CURDIR} -I${.CURDIR}/../../usr.sbin/vipw \ + -I${.CURDIR}/../../usr.bin/chpass \ + -I${.CURDIR}/../../usr.bin/passwd \ + -I${.CURDIR}/../include \ + -I${.CURDIR}/../libkadm +LDADD= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes \ + -lcrypt -lcom_err + +BINOWN= root +BINMODE=4555 +INSTALLFLAGS= -fschg +NOMAN= #man page installed by regular passwd + +.include <bsd.prog.mk> diff --git a/eBones/passwd/kpasswd.c b/eBones/passwd/kpasswd.c new file mode 100644 index 0000000..2425bed --- /dev/null +++ b/eBones/passwd/kpasswd.c @@ -0,0 +1,223 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * change your password with kerberos + */ + +#ifndef lint +#if 0 +static char rcsid_kpasswd_c[] = + "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kpasswd.c,v 1.1 1995/01/20 22:14:14 wollman Exp $"; +#endif lint + +/* + * kpasswd + * change your password with kerberos + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> +#include "kadm.h" + +#include "extern.h" + +extern void krb_set_tkt_string(); +static void go_home(char *, int); + + +int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) +{ + char name[ANAME_SZ]; /* name of user */ + char inst[INST_SZ]; /* instance of user */ + char realm[REALM_SZ]; /* realm of user */ + char default_name[ANAME_SZ]; + char default_inst[INST_SZ]; + char default_realm[REALM_SZ]; + int realm_given = 0; /* True if realm was give on cmdline */ + int use_default = 1; /* True if we should use default name */ + struct passwd *pw; + int status; /* return code */ + des_cblock new_key; + int c; + extern char *optarg; + extern int optind; + char tktstring[MAXPATHLEN]; + + void get_pw_new_key(); + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + int read_long_pw_string(); + + bzero(name, sizeof(name)); + bzero(inst, sizeof(inst)); + bzero(realm, sizeof(realm)); + + if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst, + default_realm) != KSUCCESS) { + pw = getpwuid((int) getuid()); + if (pw) { + strcpy(default_name, pw->pw_name); + } else { + /* seems like a null name is kinda silly */ + strcpy(default_name, ""); + } + strcpy(default_inst, ""); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) + strcpy(default_realm, KRB_REALM); + } + + if(uflag) { + if (status = kname_parse(name, inst, realm, uflag)) { + errx(2, "Kerberos error: %s", krb_err_txt[status]); + } + if (realm[0]) + realm_given++; + else + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + } + + if(uname) { + if (k_isname(uname)) { + strncpy(name, uname, sizeof(name) - 1); + } else { + errx(1, "bad name: %s", uname); + } + } + + if(iflag) { + if (k_isinst(iflag)) { + strncpy(inst, iflag, sizeof(inst) - 1); + } else { + errx(1, "bad instance: %s", iflag); + } + } + + if(rflag) { + if (k_isrealm(rflag)) { + strncpy(realm, rflag, sizeof(realm) - 1); + realm_given++; + } else { + errx(1, "bad realm: %s", rflag); + } + } + + if(uname || iflag || rflag || uflag) use_default = 0; + + if (use_default) { + strcpy(name, default_name); + strcpy(inst, default_inst); + strcpy(realm, default_realm); + } else { + if (!name[0]) + strcpy(name, default_name); + if (!realm[0]) + strcpy(realm, default_realm); + } + + (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid()); + krb_set_tkt_string(tktstring); + + get_pw_new_key(new_key, name, inst, realm, realm_given); + + if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) + != KADM_SUCCESS) + com_err("kpasswd", status, "while initializing"); + else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) + com_err("kpasswd", status, " attempting to change password."); + + if (status != KADM_SUCCESS) + fprintf(stderr,"Password NOT changed.\n"); + else + printf("Password changed.\n"); + + (void) dest_tkt(); + if (status) + exit(2); + else + exit(0); +} + +void get_pw_new_key(new_key, name, inst, realm, print_realm) + des_cblock new_key; + char *name; + char *inst; + char *realm; + int print_realm; /* True if realm was give on cmdline */ +{ + char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + char pword[MAX_KPW_LEN]; /* storage for the password */ + char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + + char local_realm[REALM_SZ]; + int status; + + /* + * We don't care about failure; this is to determine whether or + * not to print the realm in the prompt for a new password. + */ + (void) krb_get_lrealm(local_realm, 1); + + if (strcmp(local_realm, realm)) + print_realm++; + + (void) sprintf(ppromp,"Old password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) { + fprintf(stderr, "Error reading old password.\n"); + exit(1); + } + + if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME, + KADM_SINST, 1, pword)) != KSUCCESS) { + if (status == INTK_BADPW) { + printf("Incorrect old password.\n"); + exit(0); + } + else { + fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); + exit(1); + } + } + bzero(pword, sizeof(pword)); + do { + (void) sprintf(npromp,"New Password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1)) + go_home("Error reading new password, password unchanged.\n",0); + if (strlen(pword) == 0) + printf("Null passwords are not allowed; try again.\n"); + } while (strlen(pword) == 0); + +#ifdef NOENCRYPTION + bzero((char *) new_key, sizeof(des_cblock)); + new_key[0] = (unsigned char) 1; +#else + (void) des_string_to_key(pword, new_key); +#endif + bzero(pword, sizeof(pword)); +} + +static void +go_home(str,x) + char *str; + int x; +{ + fprintf(stderr, str, x); + (void) dest_tkt(); + exit(1); +} diff --git a/eBones/registerd/registerd.c b/eBones/registerd/registerd.c index b62e379..65a8a49 100644 --- a/eBones/registerd/registerd.c +++ b/eBones/registerd/registerd.c @@ -152,7 +152,7 @@ main(argc, argv) "couldn't read command code on Kerberos update"); } - code = (u_char) retval; + code = (u_char) retval; if (code != KSUCCESS) { (void) sprintf(msgbuf, "%s", krb_err_txt[code]); send_packet(msgbuf, RCRYPT); diff --git a/eBones/usr.bin/kadmin/Makefile b/eBones/usr.bin/kadmin/Makefile new file mode 100644 index 0000000..a22c9e2 --- /dev/null +++ b/eBones/usr.bin/kadmin/Makefile @@ -0,0 +1,19 @@ +# $Id: Makefile,v 1.1 1995/01/20 02:47:48 wollman Exp $ + +BINDIR= /usr/bin +PROG= kadmin +SRCS= kadmin.c kadmin_cmds.c +CLEANFILES+= kadmin_cmds.c +CFLAGS+= -DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} +CFLAGS+= -I${.CURDIR}/../libkadm +LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +LDADD+= -lss -lcom_err +NOMAN= # man page is in ../man + +kadmin_cmds.c: kadmin_cmds.ct + test -e kadmin_cmds.ct || ln -s ${.CURDIR}/kadmin_cmds.ct . + mk_cmds kadmin_cmds.ct + +.include <bsd.prog.mk> + + diff --git a/eBones/usr.bin/kadmin/kadmin.c b/eBones/usr.bin/kadmin/kadmin.c new file mode 100644 index 0000000..cbf4d6f --- /dev/null +++ b/eBones/usr.bin/kadmin/kadmin.c @@ -0,0 +1,626 @@ +/* + * $Source: /home/ncvs/src/eBones/kadmin/kadmin.c,v $ + * $Author: wollman $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos database administrator's tool. + * + * The default behavior of kadmin is if the -m option is given + * on the commandline, multiple requests are allowed to be given + * with one entry of the admin password (until the tickets expire). + * If you do not want this to be an available option, compile with + * NO_MULTIPLE defined. + */ + +#ifndef lint +static char rcsid_kadmin_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadmin.c,v 4.5 89/09/26 14:17:54 qjb Exp "; +#endif lint + +#include <stdio.h> +#include <sys/param.h> +#include <pwd.h> +#include <ss/ss.h> +#include "krb_err.h" +#include "kadm.h" + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +/* for get_password, whether it should do the swapping...necessary for + using vals structure, unnecessary for change_pw requests */ +#define DONTSWAP 0 +#define SWAP 1 + +extern int kadm_init_link(); +extern char *error_message(); +extern void krb_set_tkt_string(); + +static void do_init(); +void clean_up(); + +extern ss_request_table admin_cmds; + +static char myname[ANAME_SZ]; +static char default_realm[REALM_SZ]; /* default kerberos realm */ +static char krbrlm[REALM_SZ]; /* current realm being administered */ +#ifndef NO_MULTIPLE +static int multiple = 0; /* Allow multiple requests per ticket */ +#endif + +main(argc, argv) + int argc; + char *argv[]; +{ + int sci_idx; + int code; + char tktstring[MAXPATHLEN]; + + void quit(); + + sci_idx = ss_create_invocation("admin", "2.0", (char *) NULL, + &admin_cmds, &code); + if (code) { + ss_perror(sci_idx, code, "creating invocation"); + exit(1); + } + (void) sprintf(tktstring, "/tmp/tkt_adm_%d",getpid()); + krb_set_tkt_string(tktstring); + + do_init(argc, argv); + + printf("Welcome to the Kerberos Administration Program, version 2\n"); + printf("Type \"help\" if you need it.\n"); + ss_listen(sci_idx, &code); + printf("\n"); + quit(); + exit(0); +} + +int +setvals(vals, string) + Kadm_vals *vals; + char *string; +{ + char realm[REALM_SZ]; + int status = KADM_SUCCESS; + + bzero(vals, sizeof(*vals)); + bzero(realm, sizeof(realm)); + + SET_FIELD(KADM_NAME,vals->fields); + SET_FIELD(KADM_INST,vals->fields); + if (status = kname_parse(vals->name, vals->instance, realm, string)) { + printf("kerberos error: %s\n", krb_err_txt[status]); + return status; + } + if (!realm[0]) + strcpy(realm, default_realm); + if (strcmp(realm, krbrlm)) { + strcpy(krbrlm, realm); + if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) + != KADM_SUCCESS) + printf("kadm error for realm %s: %s\n", + krbrlm, error_message(status)); + } + if (status) + return 1; + else + return KADM_SUCCESS; +} + +void +change_password(argc, argv) + int argc; + char *argv[]; +{ + Kadm_vals old, new; + int status; + char pw_prompt[BUFSIZ]; + + if (argc != 2) { + printf("Usage: change_password loginname\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + (void) sprintf(pw_prompt, "New password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Password changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing password for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading password; password unchanged\n"); + bzero((char *)&new, sizeof(new)); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal does not exist.\n"); + return; +} + +/*ARGSUSED*/ +void +change_admin_password(argc, argv) + int argc; + char *argv[]; +{ + des_cblock newkey; + unsigned long low, high; + int status; + char prompt_pw[BUFSIZ]; + + if (argc != 1) { + printf("Usage: change_admin_password\n"); + return; + } + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + (void) sprintf(prompt_pw, "New password for %s.admin:",myname); + if (get_password(&low, &high, prompt_pw, DONTSWAP) == GOOD_PW) { + bcopy((char *)&low,(char *) newkey,4); + bcopy((char *)&high, (char *)(((long *) newkey) + 1),4); + low = high = 0L; + if ((status = kadm_change_pw(newkey)) == KADM_SUCCESS) + printf("Admin password changed\n"); + else + printf("kadm error: %s\n",error_message(status)); + bzero((char *)newkey, sizeof(newkey)); + } else + printf("Error reading password; password unchanged\n"); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + return; +} + +void +add_new_key(argc, argv) + int argc; + char *argv[]; +{ + Kadm_vals new; + char pw_prompt[BUFSIZ]; + int status; + + if (argc != 2) { + printf("Usage: add_new_key user_name.\n"); + return; + } + if (setvals(&new, argv[1]) != KADM_SUCCESS) + return; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + (void) sprintf(pw_prompt, "Password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_add(&new); + if (status == KADM_SUCCESS) { + printf("%s added to database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + } else + printf("Error reading password; %s not added\n",argv[1]); + bzero((char *)&new, sizeof(new)); +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal already exists.\n"); + return; +} + +void +get_entry(argc, argv) + int argc; + char *argv[]; +{ + int status; + u_char fields[4]; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: get_entry username\n"); + return; + } + + bzero(fields, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) + prin_vals(&vals); + else + printf("kadm error: %s\n",error_message(status)); + +#ifndef NO_MULTIPLE + if (!multiple) + clean_up(); +#endif + } + else + printf("kadmin: Principal does not exist.\n"); + return; +} + + +void +help(argc, argv) + int argc; + char *argv[]; +{ + if (argc == 1) { + printf("Welcome to the Kerberos administration program."); + printf("Type \"?\" to get\n"); + printf("a list of requests that are available. You can"); + printf(" get help on each of\n"); + printf("the commands by typing \"help command_name\"."); + printf(" Some functions of this\n"); + printf("program will require an \"admin\" password"); + printf(" from you. This is a password\n"); + printf("private to you, that is used to authenticate"); + printf(" requests from this\n"); + printf("program. You can change this password with"); + printf(" the \"change_admin_password\"\n"); + printf("(or short form \"cap\") command. Good Luck! \n"); + } else if (!strcmp(argv[1], "change_password") || + !strcmp(argv[1], "cpw")) { + printf("Usage: change_password user_name.\n"); + printf("\n"); + printf("user_name is the name of the user whose password"); + printf(" you wish to change. \n"); + printf("His/her password is changed in the kerberos database\n"); + printf("When this command is issued, first the \"Admin\""); + printf(" password will be prompted\n"); + printf("for and if correct the user's new password will"); + printf(" be prompted for (twice with\n"); + printf("appropriate comparison). Note: No minimum password"); + printf(" length restrictions apply, but\n"); + printf("longer passwords are more secure.\n"); + } else if (!strcmp(argv[1], "change_admin_password") || + !strcmp(argv[1], "cap")) { + printf("Usage: change_admin_password.\n"); + printf("\n"); + printf("This command takes no arguments and is used"); + printf(" to change your private\n"); + printf("\"Admin\" password. It will first prompt for"); + printf(" the (current) \"Admin\"\n"); + printf("password and then ask for the new password"); + printf(" by prompting:\n"); + printf("\n"); + printf("New password for <Your User Name>.admin:\n"); + printf("\n"); + printf("Enter the new admin password that you desire"); + printf(" (it will be asked for\n"); + printf("twice to avoid errors).\n"); + } else if (!strcmp(argv[1], "add_new_key") || + !strcmp(argv[1], "ank")) { + printf("Usage: add_new_key user_name.\n"); + printf("\n"); + printf("user_name is the name of a new user to put"); + printf(" in the kerberos database. Your\n"); + printf("\"Admin\" password and the user's password"); + printf(" are prompted for. The user's\n"); + printf("password will be asked for"); + printf(" twice to avoid errors.\n"); + } else if (!strcmp(argv[1], "get_entry") || + !strcmp(argv[1], "get")) { + printf("Usage: get_entry user_name.\n"); + printf("\n"); + printf("user_name is the name of a user whose"); + printf(" entry you wish to review. Your\n"); + printf("\"Admin\" password is prompted for. "); + printf(" The key field is not filled in, for\n"); + printf("security reasons.\n"); + } else if (!strcmp(argv[1], "destroy_tickets") || + !strcmp(argv[1], "dest")) { + printf("Usage: destroy_tickets\n"); + printf("\n"); + printf("Destroy your admin tickets. This will"); + printf(" cause you to be prompted for your\n"); + printf("admin password on your next request.\n"); + } else if (!strcmp(argv[1], "list_requests") || + !strcmp(argv[1], "lr") || + !strcmp(argv[1], "?")) { + printf("Usage: list_requests\n"); + printf("\n"); + printf("This command lists what other commands are"); + printf(" currently available.\n"); + } else if (!strcmp(argv[1], "exit") || + !strcmp(argv[1], "quit") || + !strcmp(argv[1], "q")) { + printf("Usage: quit\n"); + printf("\n"); + printf("This command exits this program.\n"); + } else { + printf("Sorry there is no such command as %s."); + printf(" Type \"help\" for more information. \n", argv[1]); + } + return; +} + +go_home(str,x) +char *str; +int x; +{ + fprintf(stderr, "%s: %s\n", str, error_message(x)); + clean_up(); + exit(1); +} + +static int inited = 0; + +void usage() +{ + fprintf(stderr, "Usage: kadmin [-u admin_name] [-r default_realm]"); +#ifndef NO_MULTIPLE + fprintf(stderr, " [-m]"); +#endif + fprintf(stderr, "\n"); +#ifndef NO_MULTIPLE + fprintf(stderr, " -m allows multiple admin requests to be "); + fprintf(stderr, "serviced with one entry of admin\n"); + fprintf(stderr, " password.\n"); +#endif + exit(1); +} + +static void +do_init(argc, argv) + int argc; + char *argv[]; +{ + struct passwd *pw; + extern char *optarg; + extern int optind; + int c; +#ifndef NO_MULTIPLE +#define OPTION_STRING "u:r:m" +#else +#define OPTION_STRING "u:r:" +#endif + + bzero(myname, sizeof(myname)); + + if (!inited) { + /* + * This is only as a default/initial realm; we don't care + * about failure. + */ + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) + strcpy(default_realm, KRB_REALM); + + /* + * If we can reach the local realm, initialize to it. Otherwise, + * don't initialize. + */ + if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) + bzero(krbrlm, sizeof(krbrlm)); + else + strcpy(krbrlm, default_realm); + + while ((c = getopt(argc, argv, OPTION_STRING)) != EOF) + switch (c) { + case 'u': + strncpy(myname, optarg, sizeof(myname) - 1); + break; + case 'r': + bzero(default_realm, sizeof(default_realm)); + strncpy(default_realm, optarg, sizeof(default_realm) - 1); + break; +#ifndef NO_MULTIPLE + case 'm': + multiple++; + break; +#endif + default: + usage(); + break; + } + if (optind < argc) + usage(); + if (!myname[0]) { + pw = getpwuid((int) getuid()); + if (!pw) { + fprintf(stderr, + "You aren't in the password file. Who are you?\n"); + exit(1); + } + (void) strcpy(myname, pw->pw_name); + } + inited = 1; + } +} + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif +extern int read_long_pw_string(); + +int +get_admin_password() +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ +#ifndef NO_MULTIPLE + CREDENTIALS c; + + if (multiple) { + /* If admin tickets exist and are valid, just exit. */ + bzero(&c, sizeof(c)); + if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) + /* + * If time is less than lifetime - FUDGE_VALUE after issue date, + * tickets will probably last long enough for the next + * transaction. + */ + if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) + return(KADM_SUCCESS); + ticket_life = DEFAULT_TKT_LIFE; + } +#endif + + if (princ_exists(myname, "admin", krbrlm) != PE_NO) { + if (read_long_pw_string(admin_passwd, sizeof(admin_passwd)-1, + "Admin password:", 0)) { + fprintf(stderr, "Error reading admin password.\n"); + goto bad; + } + status = krb_get_pw_in_tkt(myname, "admin", krbrlm, PWSERV_NAME, + KADM_SINST, ticket_life, admin_passwd); + bzero(admin_passwd, sizeof(admin_passwd)); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s.admin@%s does not exist.\n", myname, krbrlm); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + + bad: + bzero(admin_passwd, sizeof(admin_passwd)); + (void) dest_tkt(); + return(BAD_PW); +} + +void +clean_up() +{ + (void) dest_tkt(); + return; +} + +void +quit() +{ + printf("Cleaning up and exiting.\n"); + clean_up(); + exit(0); +} + +int +princ_exists(name, instance, realm) + char *name; + char *instance; + char *realm; +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, "krbtgt", realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +int +get_password(low, high, prompt, byteswap) +unsigned long *low, *high; +char *prompt; +int byteswap; +{ + char new_passwd[MAX_KPW_LEN]; /* new password */ + des_cblock newkey; + + do { + if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) + return(BAD_PW); + if (strlen(new_passwd) == 0) + printf("Null passwords are not allowed; try again.\n"); + } while (strlen(new_passwd) == 0); + +#ifdef NOENCRYPTION + bzero((char *) newkey, sizeof(newkey)); +#else + des_string_to_key(new_passwd, newkey); +#endif + bzero(new_passwd, sizeof(new_passwd)); + + bcopy((char *) newkey,(char *)low,4); + bcopy((char *)(((long *) newkey) + 1), (char *)high,4); + + bzero((char *) newkey, sizeof(newkey)); + +#ifdef NOENCRYPTION + *low = 1; +#endif + + if (byteswap != DONTSWAP) { + *low = htonl(*low); + *high = htonl(*high); + } + return(GOOD_PW); +} diff --git a/eBones/usr.bin/kadmin/kadmin_cmds.ct b/eBones/usr.bin/kadmin/kadmin_cmds.ct new file mode 100644 index 0000000..92d31fd --- /dev/null +++ b/eBones/usr.bin/kadmin/kadmin_cmds.ct @@ -0,0 +1,41 @@ +# $Source: /mit/kerberos/src/kadmin/RCS/kadmin_cmds.ct,v $ +# $Author: jtkohl $ +# $Header: /mit/kerberos/src/kadmin/RCS/kadmin_cmds.ct,v 4.1 89/07/25 17:02:28 jtkohl Exp $ +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Command table for Kerberos administration tool +# + command_table admin_cmds; + + request change_password, + "Change a user's password", + change_password, cpw; + + request change_admin_password, "Change your admin password", + change_admin_password, cap; + + request add_new_key, "Add new user to kerberos database", + add_new_key, ank; + + request get_entry, "Get entry from kerberos database", + get_entry, get; + + request clean_up, "Destroy admin tickets", + destroy_tickets, dest; + + request help,"Request help with this program", + help; + +# list_requests is generic -- unrelated to Kerberos + + request ss_list_requests, "List available requests.", + list_requests, lr, "?"; + + request quit, "Exit program.", + quit, exit, q; + + end; diff --git a/eBones/usr.bin/kdestroy/kdestroy.c b/eBones/usr.bin/kdestroy/kdestroy.c index f010fcd..8a7cbb7 100644 --- a/eBones/usr.bin/kdestroy/kdestroy.c +++ b/eBones/usr.bin/kdestroy/kdestroy.c @@ -1,21 +1,21 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * This program causes Kerberos tickets to be destroyed. - * Options are: + * Options are: * * -q[uiet] - no bell even if tickets not destroyed - * -f[orce] - no message printed at all + * -f[orce] - no message printed at all * * from: kdestroy.c,v 4.5 88/03/18 15:16:02 steiner Exp $ - * $Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $ + * $Id: kdestroy.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdestroy.c,v 1.2 1994/07/19 19:24:16 g89r4222 Exp $"; +"$Id: kdestroy.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> diff --git a/eBones/usr.bin/kinit/kinit.c b/eBones/usr.bin/kinit/kinit.c index 94ce0fe..9f531d1 100644 --- a/eBones/usr.bin/kinit/kinit.c +++ b/eBones/usr.bin/kinit/kinit.c @@ -1,13 +1,13 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Routine to initialize user to Kerberos. Prompts optionally for * user, instance and realm. Authenticates user and gets a ticket - * for the Kerberos ticket-granting service for future use. + * for the Kerberos ticket-granting service for future use. * - * Options are: + * Options are: * * -i[instance] * -r[realm] @@ -15,12 +15,12 @@ * -l[ifetime] * * from: kinit.c,v 4.12 90/03/20 16:11:15 jon Exp $ - * $Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $ + * $Id: kinit.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kinit.c,v 1.2 1994/07/19 19:24:33 g89r4222 Exp $"; +"$Id: kinit.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $"; #endif lint #include <stdio.h> @@ -151,7 +151,7 @@ main(argc, argv) strncpy(aname, pwd->pw_name, sizeof(aname)); } } - + if (!*aname) exit(0); if (!k_isname(aname)) { diff --git a/eBones/usr.bin/klist/klist.1 b/eBones/usr.bin/klist/klist.1 index a66e668..af7e31a 100644 --- a/eBones/usr.bin/klist/klist.1 +++ b/eBones/usr.bin/klist/klist.1 @@ -1,5 +1,5 @@ .\" from: klist.1,v 4.8 89/01/24 14:35:09 jtkohl Exp $ -.\" $Id: klist.1,v 1.2 1994/07/19 19:27:38 g89r4222 Exp $ +.\" $Id: klist.1,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -65,16 +65,16 @@ keys contained therein are printed. If no file is specified with a .B \-file option, the default is -.IR /etc/srvtab . +.IR /etc/kerberosIV/srvtab . .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm .TP /tmp/tkt[uid] as the default ticket file ([uid] is the decimal UID of the user). .TP -/etc/srvtab +/etc/kerberosIV/srvtab as the default service key file .SH SEE ALSO .PP diff --git a/eBones/usr.bin/klist/klist.c b/eBones/usr.bin/klist/klist.c index 4a95bc0..bfc3aa0 100644 --- a/eBones/usr.bin/klist/klist.c +++ b/eBones/usr.bin/klist/klist.c @@ -1,18 +1,18 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Lists your current Kerberos tickets. * Written by Bill Sommerfeld, MIT Project Athena. * * from: klist.c,v 4.15 89/08/30 11:19:16 jtkohl Exp $ - * $Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $ + * $Id: klist.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: klist.c,v 1.2 1994/07/19 19:24:38 g89r4222 Exp $"; +"$Id: klist.c,v 1.1.1.1 1994/09/30 14:49:58 csgr Exp $"; #endif lint #include <stdio.h> @@ -97,11 +97,11 @@ int tgt_test, long_form; if (long_form) printf("Ticket file: %s\n", file); - /* - * Since krb_get_tf_realm will return a ticket_file error, + /* + * Since krb_get_tf_realm will return a ticket_file error, * we will call tf_init and tf_close first to filter out - * things like no ticket file. Otherwise, the error that - * the user would see would be + * things like no ticket file. Otherwise, the error that + * the user would see would be * klist: can't find realm of ticket file: No ticket file (tf_util) * instead of * klist: No ticket file (tf_util) @@ -116,7 +116,7 @@ int tgt_test, long_form; /* Close ticket file */ (void) tf_close(); - /* + /* * We must find the realm of the ticket file here before calling * tf_init because since the realm of the ticket file is not * really stored in the principal section of the file, the @@ -143,13 +143,13 @@ int tgt_test, long_form; exit(1); } - /* + /* * You may think that this is the obvious place to get the * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why + * routine to do this must open the ticket file. This is why * it was done before tf_init. */ - + if (!tgt_test && long_form) printf("Principal:\t%s%s%s%s%s\n\n", pname, (pinst[0] ? "." : ""), pinst, @@ -218,7 +218,7 @@ char *file; int count; printf("Server key file: %s\n", file); - + if ((stab = open(file, O_RDONLY, 0400)) < 0) { perror(file); exit(1); diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.1 b/eBones/usr.bin/ksrvtgt/ksrvtgt.1 index 25fd939..129c745 100644 --- a/eBones/usr.bin/ksrvtgt/ksrvtgt.1 +++ b/eBones/usr.bin/ksrvtgt/ksrvtgt.1 @@ -1,5 +1,5 @@ .\" from: ksrvtgt.1,v 4.1 89/01/24 14:36:28 jtkohl Exp $ -.\" $Id: ksrvtgt.1,v 1.2 1994/07/19 19:27:52 g89r4222 Exp $ +.\" $Id: ksrvtgt.1,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -25,7 +25,7 @@ is not supplied on the command line), decrypts the response using the service key found in .I srvtab (or in -.B /etc/srvtab +.B /etc/kerberosIV/srvtab if .I srvtab is not specified on the command line), and stores the ticket in the @@ -39,13 +39,13 @@ problems, the most common of which is the inability to read the service key file. .SH FILES .TP 2i -/etc/krb.conf +/etc/kerberosIV/krb.conf to get the name of the local realm. .TP /tmp/tkt[uid] The default ticket file. .TP -/etc/srvtab +/etc/kerberosIV/srvtab The default service key file. .SH SEE ALSO kerberos(1), kinit(1), kdestroy(1) diff --git a/eBones/usr.bin/ksrvtgt/ksrvtgt.c b/eBones/usr.bin/ksrvtgt/ksrvtgt.c index 46bbd56..79acf3e 100644 --- a/eBones/usr.bin/ksrvtgt/ksrvtgt.c +++ b/eBones/usr.bin/ksrvtgt/ksrvtgt.c @@ -1,18 +1,18 @@ /* - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * Get a ticket-granting-ticket given a service key file (srvtab) * The lifetime is the shortest allowed [1 five-minute interval] * * from: ksrvtgt.c,v 4.3 89/07/28 10:17:28 jtkohl Exp $ - * $Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $ + * $Id: ksrvtgt.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ */ #ifndef lint const char rcsid[] = -"$Id: ksrvtgt.c,v 1.2 1994/07/19 19:26:56 g89r4222 Exp $"; +"$Id: ksrvtgt.c,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $"; #endif /* lint */ #include <stdio.h> @@ -36,10 +36,10 @@ main(argc,argv) argv[0]); exit(1); } - + if (argc == 4) (void) strncpy(srvtab, argv[3], sizeof(srvtab) -1); - + if (argc == 5) { (void) strncpy(realm, argv[3], sizeof(realm) - 1); (void) strncpy(srvtab, argv[4], sizeof(srvtab) -1); diff --git a/eBones/usr.bin/passwd/kpasswd.c b/eBones/usr.bin/passwd/kpasswd.c new file mode 100644 index 0000000..2425bed --- /dev/null +++ b/eBones/usr.bin/passwd/kpasswd.c @@ -0,0 +1,223 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * change your password with kerberos + */ + +#ifndef lint +#if 0 +static char rcsid_kpasswd_c[] = + "BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kpasswd.c,v 4.3 89/09/26 09:33:02 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: kpasswd.c,v 1.1 1995/01/20 22:14:14 wollman Exp $"; +#endif lint + +/* + * kpasswd + * change your password with kerberos + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> +#include "kadm.h" + +#include "extern.h" + +extern void krb_set_tkt_string(); +static void go_home(char *, int); + + +int krb_passwd(char *uname, char *iflag, char *rflag, char *uflag) +{ + char name[ANAME_SZ]; /* name of user */ + char inst[INST_SZ]; /* instance of user */ + char realm[REALM_SZ]; /* realm of user */ + char default_name[ANAME_SZ]; + char default_inst[INST_SZ]; + char default_realm[REALM_SZ]; + int realm_given = 0; /* True if realm was give on cmdline */ + int use_default = 1; /* True if we should use default name */ + struct passwd *pw; + int status; /* return code */ + des_cblock new_key; + int c; + extern char *optarg; + extern int optind; + char tktstring[MAXPATHLEN]; + + void get_pw_new_key(); + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + int read_long_pw_string(); + + bzero(name, sizeof(name)); + bzero(inst, sizeof(inst)); + bzero(realm, sizeof(realm)); + + if (krb_get_tf_fullname(TKT_FILE, default_name, default_inst, + default_realm) != KSUCCESS) { + pw = getpwuid((int) getuid()); + if (pw) { + strcpy(default_name, pw->pw_name); + } else { + /* seems like a null name is kinda silly */ + strcpy(default_name, ""); + } + strcpy(default_inst, ""); + if (krb_get_lrealm(default_realm, 1) != KSUCCESS) + strcpy(default_realm, KRB_REALM); + } + + if(uflag) { + if (status = kname_parse(name, inst, realm, uflag)) { + errx(2, "Kerberos error: %s", krb_err_txt[status]); + } + if (realm[0]) + realm_given++; + else + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + } + + if(uname) { + if (k_isname(uname)) { + strncpy(name, uname, sizeof(name) - 1); + } else { + errx(1, "bad name: %s", uname); + } + } + + if(iflag) { + if (k_isinst(iflag)) { + strncpy(inst, iflag, sizeof(inst) - 1); + } else { + errx(1, "bad instance: %s", iflag); + } + } + + if(rflag) { + if (k_isrealm(rflag)) { + strncpy(realm, rflag, sizeof(realm) - 1); + realm_given++; + } else { + errx(1, "bad realm: %s", rflag); + } + } + + if(uname || iflag || rflag || uflag) use_default = 0; + + if (use_default) { + strcpy(name, default_name); + strcpy(inst, default_inst); + strcpy(realm, default_realm); + } else { + if (!name[0]) + strcpy(name, default_name); + if (!realm[0]) + strcpy(realm, default_realm); + } + + (void) sprintf(tktstring, "/tmp/tkt_cpw_%d",getpid()); + krb_set_tkt_string(tktstring); + + get_pw_new_key(new_key, name, inst, realm, realm_given); + + if ((status = kadm_init_link("changepw", KRB_MASTER, realm)) + != KADM_SUCCESS) + com_err("kpasswd", status, "while initializing"); + else if ((status = kadm_change_pw(new_key)) != KADM_SUCCESS) + com_err("kpasswd", status, " attempting to change password."); + + if (status != KADM_SUCCESS) + fprintf(stderr,"Password NOT changed.\n"); + else + printf("Password changed.\n"); + + (void) dest_tkt(); + if (status) + exit(2); + else + exit(0); +} + +void get_pw_new_key(new_key, name, inst, realm, print_realm) + des_cblock new_key; + char *name; + char *inst; + char *realm; + int print_realm; /* True if realm was give on cmdline */ +{ + char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + char pword[MAX_KPW_LEN]; /* storage for the password */ + char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + + char local_realm[REALM_SZ]; + int status; + + /* + * We don't care about failure; this is to determine whether or + * not to print the realm in the prompt for a new password. + */ + (void) krb_get_lrealm(local_realm, 1); + + if (strcmp(local_realm, realm)) + print_realm++; + + (void) sprintf(ppromp,"Old password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, ppromp, 0)) { + fprintf(stderr, "Error reading old password.\n"); + exit(1); + } + + if ((status = krb_get_pw_in_tkt(name, inst, realm, PWSERV_NAME, + KADM_SINST, 1, pword)) != KSUCCESS) { + if (status == INTK_BADPW) { + printf("Incorrect old password.\n"); + exit(0); + } + else { + fprintf(stderr, "Kerberos error: %s\n", krb_err_txt[status]); + exit(1); + } + } + bzero(pword, sizeof(pword)); + do { + (void) sprintf(npromp,"New Password for %s%s%s%s%s:", + name, *inst ? "." : "", inst, + print_realm ? "@" : "", print_realm ? realm : ""); + if (read_long_pw_string(pword, sizeof(pword)-1, npromp, 1)) + go_home("Error reading new password, password unchanged.\n",0); + if (strlen(pword) == 0) + printf("Null passwords are not allowed; try again.\n"); + } while (strlen(pword) == 0); + +#ifdef NOENCRYPTION + bzero((char *) new_key, sizeof(des_cblock)); + new_key[0] = (unsigned char) 1; +#else + (void) des_string_to_key(pword, new_key); +#endif + bzero(pword, sizeof(pword)); +} + +static void +go_home(str,x) + char *str; + int x; +{ + fprintf(stderr, str, x); + (void) dest_tkt(); + exit(1); +} diff --git a/eBones/usr.bin/telnet/Makefile b/eBones/usr.bin/telnet/Makefile index 1c8bd26..b03c006 100644 --- a/eBones/usr.bin/telnet/Makefile +++ b/eBones/usr.bin/telnet/Makefile @@ -33,16 +33,37 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 # +# This stuff need original libdes to run (new_rnd_key.c module), +# current eBones/des lib don't have it +# Kerberos4 stuff ifdefed by MAKE_KERBEROS (make.conf) because of it + PROG= telnet -CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO #-DAUTHENTICATION -DENCRYPTION +CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO CFLAGS+=-DENV_HACK CFLAGS+=-I${.CURDIR}/../../lib +LDADD+= -ltermcap -ltelnet + +#ifdef ENCRYPTION + +CFLAGS+=-DAUTHENTICATION -DENCRYPTION -#CFLAGS+= -DKRB4 +.ifdef MAKE_KERBEROS +.if exists(/usr/lib/libkrb.a) +CFLAGS+= -DKRB4 +LDADD+= -ldes -lkrb +.endif +.endif + +.if exists(/usr/lib/libkrb5.a) +CFLAGS+= -DKRB5 -DFORWARD +LDADD+= -ldes -lkrb5 +.endif + +LDADD+= -ldescrypt + +#endif /* ENCRYPTION */ -LDADD= -ltermcap -ltelnet -#LDADD+= -lkrb -ldes DPADD= ${LIBTERMCAP} SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ diff --git a/eBones/usr.bin/telnet/commands.c b/eBones/usr.bin/telnet/commands.c index a7224d1..a6967b5 100644 --- a/eBones/usr.bin/telnet/commands.c +++ b/eBones/usr.bin/telnet/commands.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)commands.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ #if defined(unix) @@ -234,7 +234,7 @@ control(c) * the "send" command. * */ - + struct sendlist { char *name; /* How user refers to it (case independent) */ char *help; /* Help information (0 ==> no help) */ @@ -1363,7 +1363,7 @@ suspend() (void) kill(0, SIGTSTP); /* * If we didn't get the window size before the SUSPEND, but we - * can get them now (???), then send the NAWS to make sure that + * can get them now (?), then send the NAWS to make sure that * we are set up for the right window size. */ if (TerminalWindowSize(&newrows, &newcols) && connected && @@ -1403,12 +1403,12 @@ shell(argc, argv) * Fire up the shell in the child. */ register char *shellp, *shellname; - extern char *rindex(); + extern char *strrchr(); shellp = getenv("SHELL"); if (shellp == NULL) shellp = "/bin/sh"; - if ((shellname = rindex(shellp, '/')) == 0) + if ((shellname = strrchr(shellp, '/')) == 0) shellname = shellp; else shellname++; @@ -1690,10 +1690,10 @@ env_init() extern char **environ; register char **epp, *cp; register struct env_lst *ep; - extern char *index(); + extern char *strchr(); for (epp = environ; *epp; epp++) { - if (cp = index(*epp, '=')) { + if (cp = strchr(*epp, '=')) { *cp = '\0'; ep = env_define((unsigned char *)*epp, (unsigned char *)cp+1); @@ -1710,7 +1710,7 @@ env_init() && ((*ep->value == ':') || (strncmp((char *)ep->value, "unix:", 5) == 0))) { char hbuf[256+1]; - char *cp2 = index((char *)ep->value, ':'); + char *cp2 = strchr((char *)ep->value, ':'); gethostname(hbuf, 256); hbuf[256] = '\0'; @@ -1915,8 +1915,8 @@ struct authlist { }; extern int - auth_enable P((int)), - auth_disable P((int)), + auth_enable P((char *)), + auth_disable P((char *)), auth_status P((void)); static int auth_help P((void)); @@ -1955,6 +1955,12 @@ auth_cmd(argc, argv) { struct authlist *c; + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'auth' command. 'auth ?' for help.\n"); + return 0; + } + c = (struct authlist *) genget(argv[1], (char **) AuthList, sizeof(struct authlist)); if (c == 0) { @@ -2011,7 +2017,7 @@ struct encryptlist EncryptList[] = { EncryptEnable, 1, 1, 2 }, { "disable", "Disable encryption. ('encrypt enable ?' for more)", EncryptDisable, 0, 1, 2 }, - { "type", "Set encryptiong type. ('encrypt type ?' for more)", + { "type", "Set encryption type. ('encrypt type ?' for more)", EncryptType, 0, 1, 1 }, { "start", "Start encryption. ('encrypt start ?' for more)", EncryptStart, 1, 0, 1 }, @@ -2055,6 +2061,12 @@ encrypt_cmd(argc, argv) { struct encryptlist *c; + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'encrypt' command. 'encrypt ?' for help.\n"); + return 0; + } + c = (struct encryptlist *) genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist)); if (c == 0) { @@ -2228,7 +2240,7 @@ tn(argc, argv) char *cmd, *hostp = 0, *portp = 0, *user = 0; /* clear the socket address prior to use */ - bzero((char *)&sin, sizeof(sin)); + memset((char *)&sin, 0, sizeof(sin)); if (connected) { printf("?Already connected to %s\n", hostname); @@ -2246,7 +2258,7 @@ tn(argc, argv) cmd = *argv; --argc; ++argv; while (argc) { - if (isprefix(*argv, "help") || isprefix(*argv, "?")) + if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?")) goto usage; if (strcmp(*argv, "-l") == 0) { --argc; ++argv; @@ -2311,10 +2323,10 @@ tn(argc, argv) if (host) { sin.sin_family = host->h_addrtype; #if defined(h_addr) /* In 4.3, this is a #define */ - memcpy((caddr_t)&sin.sin_addr, + memmove((caddr_t)&sin.sin_addr, host->h_addr_list[0], host->h_length); #else /* defined(h_addr) */ - memcpy((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); + memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); #endif /* defined(h_addr) */ strncpy(_hostname, host->h_name, sizeof(_hostname)); _hostname[sizeof(_hostname)-1] = '\0'; @@ -2405,7 +2417,7 @@ tn(argc, argv) errno = oerrno; perror((char *)0); host->h_addr_list++; - memcpy((caddr_t)&sin.sin_addr, + memmove((caddr_t)&sin.sin_addr, host->h_addr_list[0], host->h_length); (void) NetClose(net); continue; @@ -2792,10 +2804,10 @@ cmdrc(m1, m2) * *cpp: If *cpp was equal to NULL, it will be filled * in with a pointer to our static area that has * the option filled in. This will be 32bit aligned. - * + * * *lenp: This will be filled in with how long the option * pointed to by *cpp is. - * + * */ unsigned long sourceroute(arg, cpp, lenp) @@ -2889,16 +2901,16 @@ sourceroute(arg, cpp, lenp) sin_addr.s_addr = tmp; } else if (host = gethostbyname(cp)) { #if defined(h_addr) - memcpy((caddr_t)&sin_addr, + memmove((caddr_t)&sin_addr, host->h_addr_list[0], host->h_length); #else - memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length); + memmove((caddr_t)&sin_addr, host->h_addr, host->h_length); #endif } else { *cpp = cp; return(0); } - memcpy(lsrp, (char *)&sin_addr, 4); + memmove(lsrp, (char *)&sin_addr, 4); lsrp += 4; if (cp2) cp = cp2; diff --git a/eBones/usr.bin/telnet/externs.h b/eBones/usr.bin/telnet/externs.h index b721992..7c52be9 100644 --- a/eBones/usr.bin/telnet/externs.h +++ b/eBones/usr.bin/telnet/externs.h @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)externs.h 8.2 (Berkeley) 12/15/93 + * @(#)externs.h 8.3 (Berkeley) 5/30/95 */ #ifndef BSD @@ -83,8 +83,9 @@ typedef unsigned char cc_t; #ifndef NO_STRING_H #include <string.h> -#endif +#else #include <strings.h> +#endif #ifndef _POSIX_VDISABLE # ifdef sun diff --git a/eBones/usr.bin/telnet/main.c b/eBones/usr.bin/telnet/main.c index ce22840..09ac26c 100644 --- a/eBones/usr.bin/telnet/main.c +++ b/eBones/usr.bin/telnet/main.c @@ -38,7 +38,7 @@ static char copyright[] = #endif /* not lint */ #ifndef lint -static char sccsid[] = "@(#)main.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)main.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #include <sys/types.h> @@ -65,7 +65,7 @@ tninit() init_terminal(); init_network(); - + init_telnet(); init_sys(); @@ -192,7 +192,7 @@ main(argc, argv) case 'f': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) if (forward_flags & OPTS_FORWARD_CREDS) { - fprintf(stderr, + fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); usage(); @@ -200,14 +200,14 @@ main(argc, argv) forward_flags |= OPTS_FORWARD_CREDS; #else fprintf(stderr, - "%s: Warning: -f ignored, no Kerberos V5 support.\n", + "%s: Warning: -f ignored, no Kerberos V5 support.\n", prompt); #endif break; case 'F': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) if (forward_flags & OPTS_FORWARD_CREDS) { - fprintf(stderr, + fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); usage(); @@ -216,7 +216,7 @@ main(argc, argv) forward_flags |= OPTS_FORWARDABLE_CREDS; #else fprintf(stderr, - "%s: Warning: -F ignored, no Kerberos V5 support.\n", + "%s: Warning: -F ignored, no Kerberos V5 support.\n", prompt); #endif break; diff --git a/eBones/usr.bin/telnet/ring.c b/eBones/usr.bin/telnet/ring.c index 1080d12..37dfda8 100644 --- a/eBones/usr.bin/telnet/ring.c +++ b/eBones/usr.bin/telnet/ring.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)ring.c 8.1 (Berkeley) 6/6/93"; +static char sccsid[] = "@(#)ring.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -295,7 +295,7 @@ ring_supply_data(ring, buffer, count) while (count) { i = MIN(count, ring_empty_consecutive(ring)); - memcpy(ring->supply, buffer, i); + memmove(ring->supply, buffer, i); ring_supplied(ring, i); count -= i; buffer += i; @@ -317,7 +317,7 @@ ring_consume_data(ring, buffer, count) while (count) { i = MIN(count, ring_full_consecutive(ring)); - memcpy(buffer, ring->consume, i); + memmove(buffer, ring->consume, i); ring_consumed(ring, i); count -= i; buffer += i; diff --git a/eBones/usr.bin/telnet/sys_bsd.c b/eBones/usr.bin/telnet/sys_bsd.c index 85414e2..3ede7c4 100644 --- a/eBones/usr.bin/telnet/sys_bsd.c +++ b/eBones/usr.bin/telnet/sys_bsd.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)sys_bsd.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)sys_bsd.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ /* @@ -223,7 +223,7 @@ TerminalSpecialChars(c) /* * Flush output to the terminal */ - + void TerminalFlushOutput() { @@ -328,7 +328,7 @@ TerminalDefaultChars() nttyb.sg_kill = ottyb.sg_kill; nttyb.sg_erase = ottyb.sg_erase; #else /* USE_TERMIO */ - memcpy(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc)); + memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc)); # ifndef VDISCARD termFlushChar = CONTROL('O'); # endif @@ -669,7 +669,11 @@ TerminalNewMode(f) #endif #ifdef SIGTSTP (void) signal(SIGTSTP, SIG_DFL); +# ifndef SOLARIS (void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1))); +# else SOLARIS + (void) sigrelse(SIGTSTP); +# endif SOLARIS #endif /* SIGTSTP */ #ifndef USE_TERMIO ltc = oltc; @@ -704,14 +708,51 @@ TerminalNewMode(f) } +/* + * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD). + */ +#if B4800 != 4800 +#define DECODE_BAUD +#endif + +#ifdef DECODE_BAUD +#ifndef B7200 +#define B7200 B4800 +#endif + +#ifndef B14400 +#define B14400 B9600 +#endif + #ifndef B19200 -# define B19200 B9600 +# define B19200 B14400 +#endif + +#ifndef B28800 +#define B28800 B19200 #endif #ifndef B38400 -# define B38400 B19200 +# define B38400 B28800 #endif +#ifndef B57600 +#define B57600 B38400 +#endif + +#ifndef B76800 +#define B76800 B57600 +#endif + +#ifndef B115200 +#define B115200 B76800 +#endif + +#ifndef B230400 +#define B230400 B115200 +#endif + + /* * This code assumes that the values B0, B50, B75... * are in ascending order. They do not have to be @@ -725,16 +766,21 @@ struct termspeeds { { 110, B110 }, { 134, B134 }, { 150, B150 }, { 200, B200 }, { 300, B300 }, { 600, B600 }, { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 }, - { 4800, B4800 }, { 9600, B9600 }, { 19200, B19200 }, - { 38400, B38400 }, { -1, B38400 } + { 4800, B4800 }, { 7200, B7200 }, { 9600, B9600 }, + { 14400, B14400 }, { 19200, B19200 }, { 28800, B28800 }, + { 38400, B38400 }, { 57600, B57600 }, { 115200, B115200 }, + { 230400, B230400 }, { -1, B230400 } }; +#endif /* DECODE_BAUD */ void TerminalSpeeds(ispeed, ospeed) long *ispeed; long *ospeed; { +#ifdef DECODE_BAUD register struct termspeeds *tp; +#endif /* DECODE_BAUD */ register long in, out; out = cfgetospeed(&old_tc); @@ -742,6 +788,7 @@ TerminalSpeeds(ispeed, ospeed) if (in == 0) in = out; +#ifdef DECODE_BAUD tp = termspeeds; while ((tp->speed != -1) && (tp->value < in)) tp++; @@ -751,6 +798,10 @@ TerminalSpeeds(ispeed, ospeed) while ((tp->speed != -1) && (tp->value < out)) tp++; *ospeed = tp->speed; +#else /* DECODE_BAUD */ + *ispeed = in; + *ospeed = out; +#endif /* DECODE_BAUD */ } int @@ -946,7 +997,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll) if (netout) { FD_SET(net, &obits); - } + } if (ttyout) { FD_SET(tout, &obits); } @@ -1085,7 +1136,7 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll) int i; i = recv(net, netiring.supply + c, canread - c, MSG_OOB); if (i == c && - bcmp(netiring.supply, netiring.supply + c, i) == 0) { + memcmp(netiring.supply, netiring.supply + c, i) == 0) { bogus_oob = 1; first = 0; } else if (i < 0) { @@ -1134,6 +1185,8 @@ process_rings(netin, netout, netex, ttyin, ttyout, poll) if (FD_ISSET(tin, &ibits)) { FD_CLR(tin, &ibits); c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring)); + if (c < 0 && errno == EIO) + c = 0; if (c < 0 && errno == EWOULDBLOCK) { c = 0; } else { diff --git a/eBones/usr.bin/telnet/telnet.1 b/eBones/usr.bin/telnet/telnet.1 index 27079d9..b996fea 100644 --- a/eBones/usr.bin/telnet/telnet.1 +++ b/eBones/usr.bin/telnet/telnet.1 @@ -29,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" @(#)telnet.1 8.5 (Berkeley) 3/1/94 +.\" @(#)telnet.1 8.6 (Berkeley) 6/1/94 .\" -.Dd March 1, 1994 +.Dd June 1, 1994 .Dt TELNET 1 .Os BSD 4.2 .Sh NAME @@ -139,6 +139,7 @@ there will be no escape character. If Kerberos V5 authentication is being used, the .Fl f option allows the local credentials to be forwarded to the remote system. +.ne 1i .It Fl k Ar realm If Kerberos authentication is being used, the .Fl k @@ -508,6 +509,7 @@ option. This requires that the .Dv LINEMODE option be enabled. +.ne 1i .It Ic litecho Pq Ic \-litecho Attempt to enable (disable) the .Dv LIT_ECHO @@ -641,6 +643,7 @@ command, .Ic getstatus will send the subnegotiation to request that the server send its current option status. +.ne 1i .It Ic ip Sends the .Dv TELNET IP @@ -966,6 +969,7 @@ The initial value for the suspend character is taken to be the terminal's .Ic suspend character. +.ne 1i .It Ic tracefile This is the file to which the output, caused by .Ic netdata @@ -1108,6 +1112,7 @@ stream does not start automatically. The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible. +.sp .Pp Note: Because of export controls, the .Dv TELNET ENCRYPT @@ -1263,6 +1268,7 @@ protocol processing (having to do with options). The initial value for this toggle is .Dv FALSE . +.ne 1i .It Ic prettydump When the .Ic netdata diff --git a/eBones/usr.bin/telnet/telnet.c b/eBones/usr.bin/telnet/telnet.c index 97f63e6..4402fdd 100644 --- a/eBones/usr.bin/telnet/telnet.c +++ b/eBones/usr.bin/telnet/telnet.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)telnet.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95"; #endif /* not lint */ #include <sys/types.h> @@ -57,7 +57,7 @@ static char sccsid[] = "@(#)telnet.c 8.2 (Berkeley) 12/15/93"; #include "general.h" -#define strip(x) ((x)&0x7f) +#define strip(x) ((my_want_state_is_wont(TELOPT_BINARY)) ? ((x)&0x7f) : (x)) static unsigned char subbuffer[SUBBUFSIZE], *subpointer, *subend; /* buffer for sub-options */ @@ -177,7 +177,7 @@ init_telnet() ClearArray(options); connected = In3270 = ISend = localflow = donebinarytoggle = 0; -#if defined(AUTHENTICATION) || defined(ENCRYPTION) +#if defined(AUTHENTICATION) || defined(ENCRYPTION) auth_encrypt_connect(connected); #endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ restartany = -1; @@ -623,7 +623,7 @@ mklist(buf, name) register char c, *cp, **argvp, *cp2, **argv, **avt; if (name) { - if (strlen(name) > 40) { + if ((int)strlen(name) > 40) { name = 0; unknown[0] = name_unknown; } else { @@ -689,7 +689,7 @@ mklist(buf, name) else if (islower(c)) *cp = toupper(c); } - + /* * Check for an old V6 2 character name. If the second * name points to the beginning of the buffer, and is @@ -782,7 +782,7 @@ gettermname() (setupterm(tname, 1, &err) == 0)) { tnamep = mklist(termbuf, tname); } else { - if (tname && (strlen(tname) <= 40)) { + if (tname && ((int)strlen(tname) <= 40)) { unknown[0] = tname; upcase(tname); } else @@ -1834,7 +1834,7 @@ telrcv() case TS_IAC: process_iac: switch (c) { - + case WILL: telrcv_state = TS_WILL; continue; @@ -2249,7 +2249,7 @@ telnet(user) { sys_telnet_init(); -#if defined(AUTHENTICATION) || defined(ENCRYPTION) +#if defined(AUTHENTICATION) || defined(ENCRYPTION) { static char local_host[256] = { 0 }; @@ -2431,7 +2431,7 @@ netclear() next = nextitem(next); } while (wewant(next) && (nfrontp > next)); length = next-thisitem; - memcpy(good, thisitem, length); + memmove(good, thisitem, length); good += length; thisitem = next; } else { diff --git a/eBones/usr.bin/telnet/terminal.c b/eBones/usr.bin/telnet/terminal.c index b6d3b86..b5ceeda 100644 --- a/eBones/usr.bin/telnet/terminal.c +++ b/eBones/usr.bin/telnet/terminal.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)terminal.c 8.1 (Berkeley) 6/6/93"; +static char sccsid[] = "@(#)terminal.c 8.2 (Berkeley) 2/16/95"; #endif /* not lint */ #include <arpa/telnet.h> @@ -140,7 +140,8 @@ ttyflush(drop) n1 = n0 - n; if (!drop) n1 = TerminalWrite(ttyoring.bottom, n1); - n += n1; + if (n1 > 0) + n += n1; } ring_consumed(&ttyoring, n); } diff --git a/eBones/usr.bin/telnet/tn3270.c b/eBones/usr.bin/telnet/tn3270.c index 1f285cf..a75cd1e 100644 --- a/eBones/usr.bin/telnet/tn3270.c +++ b/eBones/usr.bin/telnet/tn3270.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)tn3270.c 8.1 (Berkeley) 6/6/93"; +static char sccsid[] = "@(#)tn3270.c 8.2 (Berkeley) 5/30/95"; #endif /* not lint */ #include <sys/types.h> @@ -242,7 +242,7 @@ Push3270() if (save) { if (Ifrontp+save > Ibuf+sizeof Ibuf) { if (Ibackp != Ibuf) { - memcpy(Ibuf, Ibackp, Ifrontp-Ibackp); + memmove(Ibuf, Ibackp, Ifrontp-Ibackp); Ifrontp -= (Ibackp-Ibuf); Ibackp = Ibuf; } diff --git a/eBones/usr.bin/telnet/utilities.c b/eBones/usr.bin/telnet/utilities.c index 70cf567..06d08a4 100644 --- a/eBones/usr.bin/telnet/utilities.c +++ b/eBones/usr.bin/telnet/utilities.c @@ -32,7 +32,7 @@ */ #ifndef lint -static char sccsid[] = "@(#)utilities.c 8.2 (Berkeley) 12/15/93"; +static char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95"; #endif /* not lint */ #define TELOPTS @@ -593,7 +593,7 @@ printsub(direction, pointer, length) break; } break; - + case LM_SLC: fprintf(NetTrace, "SLC"); for (i = 2; i < length - 2; i += 3) { @@ -725,7 +725,7 @@ printsub(direction, pointer, length) fprintf(NetTrace, "\n"); break; - + default: fprintf(NetTrace, " %d", pointer[i]); break; diff --git a/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 b/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 index af980a9..565c3a3 100644 --- a/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 +++ b/eBones/usr.sbin/ext_srvtab/ext_srvtab.8 @@ -1,5 +1,5 @@ .\" from: ext_srvtab.8,v 4.2 89/07/18 16:53:18 jtkohl Exp $ -.\" $Id: ext_srvtab.8,v 1.2 1994/07/19 19:27:20 g89r4222 Exp $ +.\" $Id: ext_srvtab.8,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -50,14 +50,13 @@ match the given realm rather than the local realm. The master key string entered was incorrect. .SH FILES .TP 20n -.IR hostname -new-srvtab -Service key file generated for -.I hostname +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH SEE ALSO read_service_key(3), krb_get_phost(3) diff --git a/eBones/usr.sbin/ext_srvtab/ext_srvtab.c b/eBones/usr.sbin/ext_srvtab/ext_srvtab.c index 3a5dcec..093dfe2 100644 --- a/eBones/usr.sbin/ext_srvtab/ext_srvtab.c +++ b/eBones/usr.sbin/ext_srvtab/ext_srvtab.c @@ -1,13 +1,13 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * * from: ext_srvtab.c,v 4.1 89/07/18 16:49:30 jtkohl Exp $ - * $Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $ + * $Id: ext_srvtab.c,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: ext_srvtab.c,v 1.2 1994/07/19 19:22:36 g89r4222 Exp $"; +"$Id: ext_srvtab.c,v 1.1.1.1 1994/09/30 14:49:53 csgr Exp $"; #endif lint #include <stdio.h> @@ -39,12 +39,12 @@ main(argc, argv) int fopen_errs = 0; int arg; Principal princs[40]; - int more; + int more; int prompt = TRUE; register int n, i; - + bzero(realm, sizeof(realm)); - + /* Parse commandline arguments */ if (argc < 2) usage(); @@ -57,7 +57,7 @@ main(argc, argv) usage(); else { strcpy(realm, argv[i]); - /* + /* * This is to humor the broken way commandline * argument parsing is done. Later, this * program ignores everything that starts with -. @@ -118,7 +118,7 @@ main(argc, argv) bcopy(&princs[i].key_low, session_key, sizeof(long)); bcopy(&princs[i].key_high, session_key + sizeof(long), sizeof(long)); - kdb_encrypt_key (session_key, session_key, + kdb_encrypt_key (session_key, session_key, master_key, master_key_schedule, DES_DECRYPT); FWrite(session_key, sizeof session_key, 1, fout); } @@ -158,7 +158,7 @@ StampOutSecrets() usage() { - fprintf(stderr, + fprintf(stderr, "Usage: %s [-n] [-r realm] instance [instance ...]\n", progname); exit(1); } diff --git a/eBones/usr.sbin/kadmin/Makefile b/eBones/usr.sbin/kadmin/Makefile new file mode 100644 index 0000000..77069be --- /dev/null +++ b/eBones/usr.sbin/kadmin/Makefile @@ -0,0 +1,11 @@ +# $Id$ + +PROG= kadmind +SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c +CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \ + -I${.CURDIR}/../libkadm -I${KADMOBJDIR} +LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ + -L${DESOBJDIR} -ldes -L${ACLOBJDIR} -lacl -lcom_err +NOMAN= # man page in ../man + +.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kadmin/admin_server.c b/eBones/usr.sbin/kadmin/admin_server.c new file mode 100644 index 0000000..ce36eb6 --- /dev/null +++ b/eBones/usr.sbin/kadmin/admin_server.c @@ -0,0 +1,457 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Top-level loop of the kerberos Administration server + */ + +#ifndef lint +#if 0 +static char rcsid_admin_server_c[] = +"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id"; +#endif lint + +/* + admin_server.c + this holds the main loop and initialization and cleanup code for the server +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <signal.h> +#ifndef sigmask +#define sigmask(m) (1 <<((m)-1)) +#endif +#include <sys/wait.h> +#include <errno.h> +#include <sys/socket.h> +#include <syslog.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +/* Almost all procs and such need this, so it is global */ +admin_params prm; /* The command line parameters struct */ + +char prog[32]; /* WHY IS THIS NEEDED??????? */ +char *progname = prog; +char *acldir = DEFAULT_ACL_DIR; +char krbrlm[REALM_SZ]; +extern Kadm_Server server_parm; + +/* +** Main does the logical thing, it sets up the database and RPC interface, +** as well as handling the creation and maintenance of the syslog file... +*/ +main(argc, argv) /* admin_server main routine */ +int argc; +char *argv[]; +{ + int errval; + int c; + extern char *optarg; + + prog[sizeof(prog)-1]='\0'; /* Terminate... */ + (void) strncpy(prog, argv[0], sizeof(prog)-1); + + /* initialize the admin_params structure */ + prm.sysfile = KADM_SYSLOG; /* default file name */ + prm.inter = 1; + + bzero(krbrlm, sizeof(krbrlm)); + + while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) + switch(c) { + case 'f': /* Syslog file name change */ + prm.sysfile = optarg; + break; + case 'n': + prm.inter = 0; + break; + case 'a': /* new acl directory */ + acldir = optarg; + break; + case 'd': + /* put code to deal with alt database place */ + if (errval = kerb_db_set_name(optarg)) { + fprintf(stderr, "opening database %s: %s", + optarg, error_message(errval)); + exit(1); + } + break; + case 'r': + (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + break; + case 'h': /* get help on using admin_server */ + default: + printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); + exit(-1); /* failure */ + } + + if (krbrlm[0] == 0) + if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { + fprintf(stderr, + "Unable to get local realm. Fix krb.conf or use -r.\n"); + exit(1); + } + + printf("KADM Server %s initializing\n",KADM_VERSTR); + printf("Please do not use 'kill -9' to kill this job, use a\n"); + printf("regular kill instead\n\n"); + + set_logfile(prm.sysfile); + log("Admin server starting"); + + (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); + errval = kerb_init(); /* Open the Kerberos database */ + if (errval) { + fprintf(stderr, "error: kerb_init() failed"); + close_syslog(); + byebye(); + } + /* set up the server_parm struct */ + if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + kerb_fini(); /* Close the Kerberos database-- + will re-open later */ + errval = kadm_listen(); /* listen for calls to server from + clients */ + } + if (errval != KADM_SUCCESS) { + fprintf(stderr,"error: %s\n",error_message(errval)); + kerb_fini(); /* Close if error */ + } + close_syslog(); /* Close syslog file, print + closing note */ + byebye(); /* Say bye bye on the terminal + in use */ +} /* procedure main */ + + +/* close the system log file */ +close_syslog() +{ + log("Shutting down admin server"); +} + +byebye() /* say goodnight gracie */ +{ + printf("Admin Server (kadm server) has completed operation.\n"); +} + +static clear_secrets() +{ + bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); + bzero((char *)server_parm.master_key_schedule, + sizeof(server_parm.master_key_schedule)); + server_parm.master_key_version = 0L; + return; +} + +static exit_now = 0; + +sigtype +doexit() +{ + exit_now = 1; +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +unsigned pidarraysize = 0; +int *pidarray = (int *)0; + +/* +kadm_listen +listen on the admin servers port for a request +*/ +kadm_listen() +{ + extern int errno; + int found; + int admin_fd; + int peer_fd; + fd_set mask, readfds; + struct sockaddr_in peer; + int addrlen; + void process_client(), kill_children(); + int pid; + sigtype do_child(); + + (void) signal(SIGINT, doexit); + (void) signal(SIGTERM, doexit); + (void) signal(SIGHUP, doexit); + (void) signal(SIGQUIT, doexit); + (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ + (void) signal(SIGALRM, doexit); + (void) signal(SIGCHLD, do_child); + + if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + return KADM_NO_SOCK; + if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, + sizeof(struct sockaddr_in)) < 0) + return KADM_NO_BIND; + (void) listen(admin_fd, 1); + FD_ZERO(&mask); + FD_SET(admin_fd, &mask); + + for (;;) { /* loop nearly forever */ + if (exit_now) { + clear_secrets(); + kill_children(); + return(0); + } + readfds = mask; + if ((found = select(admin_fd+1,&readfds,(fd_set *)0, + (fd_set *)0, (struct timeval *)0)) == 0) + continue; /* no things read */ + if (found < 0) { + if (errno != EINTR) + log("select: %s",error_message(errno)); + continue; + } + if (FD_ISSET(admin_fd, &readfds)) { + /* accept the conn */ + addrlen = sizeof(peer); + if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, + &addrlen)) < 0) { + log("accept: %s",error_message(errno)); + continue; + } + addrlen = sizeof(server_parm.admin_addr); + if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, + &addrlen)) { + log("getsockname: %s",error_message(errno)); + continue; + } +#ifdef DEBUG + printf("Connection recieved on %s\n", + inet_ntoa(server_parm.admin_addr.sin_addr)); +#endif /* DEBUG */ +#ifndef DEBUG + /* if you want a sep daemon for each server */ + if (pid = fork()) { + /* parent */ + if (pid < 0) { + log("fork: %s",error_message(errno)); + (void) close(peer_fd); + continue; + } + /* fork succeded: keep tabs on child */ + (void) close(peer_fd); + if (pidarray) { + pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); + pidarray[pidarraysize-1] = pid; + } else { + pidarray = (int *)malloc(pidarraysize = 1); + pidarray[0] = pid; + } + } else { + /* child */ + (void) close(admin_fd); +#endif /* DEBUG */ + /* do stuff */ + process_client (peer_fd, &peer); +#ifndef DEBUG + } +#endif + } else { + log("something else woke me up!"); + return(0); + } + } + /*NOTREACHED*/ +} + +#ifdef DEBUG +#define cleanexit(code) {kerb_fini(); return;} +#endif + +void +process_client(fd, who) +int fd; +struct sockaddr_in *who; +{ + u_char *dat; + int dat_len; + u_short dlen; + int retval; + int on = 1; + Principal service; + des_cblock skey; + int more; + int status; + + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + log("setsockopt keepalive: %d",errno); + + server_parm.recv_addr = *who; + + if (kerb_init()) { /* Open as client */ + log("can't open krb db"); + cleanexit(1); + } + /* need to set service key to changepw.KRB_MASTER */ + + status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, + 1, &more); + if (status == -1) { + /* db locked */ + u_long retcode = KADM_DB_INUSE; + char *pdat; + + dat_len = KADM_VERSIZE + sizeof(u_long); + dat = (u_char *) malloc((unsigned)dat_len); + pdat = (char *) dat; + retcode = htonl((u_long) KADM_DB_INUSE); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + goto out; + } else if (!status) { + log("no service %s.%s",server_parm.sname, server_parm.sinst); + cleanexit(2); + } + + bcopy((char *)&service.key_low, (char *)skey, 4); + bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); + bzero((char *)&service, sizeof(service)); + kdb_encrypt_key (skey, skey, server_parm.master_key, + server_parm.master_key_schedule, DECRYPT); + (void) krb_set_key((char *)skey, 0); /* if error, will show up when + rd_req fails */ + bzero((char *)skey, sizeof(skey)); + + while (1) { + if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != + sizeof(u_short)) { + if (retval < 0) + log("dlen read: %s",error_message(errno)); + else if (retval) + log("short dlen read: %d",retval); + (void) close(fd); + cleanexit(retval ? 3 : 0); + } + if (exit_now) { + cleanexit(0); + } + dat_len = (int) ntohs(dlen); + dat = (u_char *) malloc((unsigned)dat_len); + if (!dat) { + log("malloc: No memory"); + (void) close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { + if (retval < 0) + log("data read: %s",error_message(errno)); + else + log("short read: %d vs. %d", dat_len, retval); + (void) close(fd); + cleanexit(5); + } + if (exit_now) { + cleanexit(0); + } + if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + log("processing request: %s", error_message(retval)); + + /* kadm_ser_in did the processing and returned stuff in + dat & dat_len , return the appropriate data */ + + out: + dlen = (u_short) dat_len; + + if (dat_len != (int)dlen) { + clear_secrets(); + abort(); /* XXX */ + } + dlen = htons(dlen); + + if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { + log("writing dlen to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(6); + } + + if (krb_net_write(fd, (char *)dat, dat_len) < 0) { + log(LOG_ERR, "writing to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(7); + } + free((char *)dat); + } + /*NOTREACHED*/ +} + +sigtype +do_child() +{ + /* SIGCHLD brings us here */ + int pid; + register int i, j; + +#ifdef POSIX + int status; +#else + union wait status; +#endif + + pid = wait(&status); + + for (i = 0; i < pidarraysize; i++) + if (pidarray[i] == pid) { + /* found it */ + for (j = i; j < pidarraysize-1; j++) + /* copy others down */ + pidarray[j] = pidarray[j+1]; + pidarraysize--; + if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) + log("child %d: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ + } + log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +#ifndef DEBUG +cleanexit(val) +{ + kerb_fini(); + clear_secrets(); + exit(val); +} +#endif + +void +kill_children() +{ + register int i; + int osigmask; + + osigmask = sigblock(sigmask(SIGCHLD)); + + for (i = 0; i < pidarraysize; i++) { + kill(pidarray[i], SIGINT); + log("killing child %d", pidarray[i]); + } + sigsetmask(osigmask); + return; +} diff --git a/eBones/usr.sbin/kadmin/kadm_funcs.c b/eBones/usr.sbin/kadmin/kadm_funcs.c new file mode 100644 index 0000000..9f06e30 --- /dev/null +++ b/eBones/usr.sbin/kadmin/kadm_funcs.c @@ -0,0 +1,373 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT + * + * Kerberos administration server-side database manipulation routines + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_funcs_c[] = +"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_funcs.c,v 1.1 1995/01/20 03:12:55 wollman Exp $"; +#endif lint + +/* +kadm_funcs.c +the actual database manipulation code +*/ + +#include <sys/param.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +extern Kadm_Server server_parm; + +check_access(pname, pinst, prealm, acltype) +char *pname; +char *pinst; +char *prealm; +enum acl_types acltype; +{ + char checkname[MAX_K_NAME_SZ]; + char filename[MAXPATHLEN]; + extern char *acldir; + + (void) sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); + + switch (acltype) { + case ADDACL: + (void) sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); + break; + case GETACL: + (void) sprintf(filename, "%s%s", acldir, GET_ACL_FILE); + break; + case MODACL: + (void) sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); + break; + } + return(acl_check(filename, checkname)); +} + +int +wildcard(str) +char *str; +{ + if (!strcmp(str, WILDCARD_STR)) + return(1); + return(0); +} + +#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; +Kadm_vals *valsout; +{ + long numfound; /* check how many we get written */ + int more; /* pointer to more grabbed records */ + Principal data_i, data_o; /* temporary principal */ + u_char flags[4]; + des_cblock newpw; + Principal default_princ; + + if (!check_access(rname, rinstance, rrealm, ADDACL)) { + (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failadd(KADM_ILL_WILDCARD); + } + + (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound != 1) { + failadd(KADM_UK_RERROR); + } + + kadm_vals_to_prin(valsin->fields, &data_i, valsin); + (void) strncpy(data_i.name, valsin->name, ANAME_SZ); + (void) strncpy(data_i.instance, valsin->instance, INST_SZ); + + if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) + data_i.exp_date = default_princ.exp_date; + if (!IS_FIELD(KADM_ATTR,valsin->fields)) + data_i.attributes = default_princ.attributes; + if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) + data_i.max_life = default_princ.max_life; + + bzero((char *)&default_princ, sizeof(default_princ)); + + /* convert to host order */ + data_i.key_low = ntohl(data_i.key_low); + data_i.key_high = ntohl(data_i.key_high); + + + bcopy(&data_i.key_low,newpw,4); + bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_i.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + + data_o = data_i; + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_INUSE); + } else { + data_i.key_version++; + data_i.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); + (void) strncpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)-1); + + numfound = kerb_put_principal(&data_i, 1); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((numfound!=1) || (more!=0)) { + failadd(KADM_UK_RERROR); + } + bzero((char *)flags, sizeof(flags)); + SET_FIELD(KADM_NAME,flags); + SET_FIELD(KADM_INST,flags); + SET_FIELD(KADM_EXPDATE,flags); + SET_FIELD(KADM_ATTR,flags); + SET_FIELD(KADM_MAXLIFE,flags); + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' added.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } +} +#undef failadd + +#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; /* what they wannt to get */ +u_char *flags; /* which fields we want */ +Kadm_vals *valsout; /* what data is there */ +{ + long numfound; /* check how many were returned */ + int more; /* To point to more name.instances */ + Principal data_o; /* Data object to hold Principal */ + + + if (!check_access(rname, rinstance, rrealm, GETACL)) { + (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failget(KADM_ILL_WILDCARD); + } + + (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + /* Look up the record in the database */ + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failget(KADM_DB_INUSE); + } else if (numfound) { /* We got the record, let's return it */ + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } else { + failget(KADM_NOENTRY); /* Else whimper and moan */ + } +} +#undef failget + +#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } + +kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin1, *valsin2; /* holds the parameters being + passed in */ +Kadm_vals *valsout; /* the actual record which is returned */ +{ + long numfound; + int more; + Principal data_o, temp_key; + u_char fields[4]; + des_cblock newpw; + + if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { + failmod(KADM_ILL_WILDCARD); + } + + if (!check_access(rname, rinstance, rrealm, MODACL)) { + (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", + rname, rinstance, rrealm, valsin1->name, valsin1->instance); + return KADM_UNAUTH; + } + + (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", + valsin1->name, valsin1->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if (numfound == -1) { + failmod(KADM_DB_INUSE); + } else if (numfound) { + kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); + (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); + (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) + data_o.exp_date = temp_key.exp_date; + if (IS_FIELD(KADM_ATTR,valsin2->fields)) + data_o.attributes = temp_key.attributes; + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) + data_o.max_life = temp_key.max_life; + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + + + /* convert to host order */ + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + + + bcopy(&temp_key.key_low,newpw,4); + bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_o.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + } + bzero((char *)&temp_key, sizeof(temp_key)); + + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + + bzero((char *)&data_o, sizeof(data_o)); + + if (more == -1) { + failmod(KADM_DB_INUSE); + } else if (more) { + failmod(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if ((more!=0)||(numfound!=1)) { + failmod(KADM_UK_RERROR); + } + bzero((char *) fields, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } + else { + failmod(KADM_NOENTRY); + } +} +#undef failmod + +#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } + +kadm_change (rname, rinstance, rrealm, newpw) +char *rname; +char *rinstance; +char *rrealm; +des_cblock newpw; +{ + long numfound; + int more; + Principal data_o; + des_cblock local_pw; + + if (strcmp(server_parm.krbrlm, rrealm)) { + (void) log("change key request from wrong realm, '%s.%s@%s'!\n", + rname, rinstance, rrealm); + return(KADM_WRONG_REALM); + } + + if (wildcard(rname) || wildcard(rinstance)) { + failchange(KADM_ILL_WILDCARD); + } + (void) log("'%s.%s@%s' wants to change its password", + rname, rinstance, rrealm); + + bcopy(newpw, local_pw, sizeof(local_pw)); + + /* encrypt new key in master key */ + kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + + numfound = kerb_get_principal(rname, rinstance, + &data_o, 1, &more); + if (numfound == -1) { + failchange(KADM_DB_INUSE); + } else if (numfound) { + bcopy(local_pw,&data_o.key_low,4); + bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + bzero((char *) local_pw, sizeof(local_pw)); + bzero((char *) &data_o, sizeof(data_o)); + if (more == -1) { + failchange(KADM_DB_INUSE); + } else if (more) { + failchange(KADM_UK_SERROR); + } else { + (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); + return KADM_SUCCESS; + } + } + else { + failchange(KADM_NOENTRY); + } +} +#undef failchange diff --git a/eBones/usr.sbin/kadmin/kadm_ser_wrap.c b/eBones/usr.sbin/kadmin/kadm_ser_wrap.c new file mode 100644 index 0000000..23664d4 --- /dev/null +++ b/eBones/usr.sbin/kadmin/kadm_ser_wrap.c @@ -0,0 +1,205 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side support functions + */ + +#ifndef lint +static char rcsid_module_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; +#endif lint + +/* +kadm_ser_wrap.c +unwraps wrapped packets and calls the appropriate server subroutine +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <netdb.h> +#include <sys/socket.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_err.h> +#include "kadm_server.h" + +Kadm_Server server_parm; + +/* +kadm_ser_init +set up the server_parm structure +*/ +kadm_ser_init(inter, realm) +int inter; /* interactive or from file */ +char realm[]; +{ + struct servent *sep; + struct hostent *hp; + char hostname[MAXHOSTNAMELEN]; + + (void) init_kadm_err_tbl(); + (void) init_krb_err_tbl(); + if (gethostname(hostname, sizeof(hostname))) + return KADM_NO_HOSTNAME; + + (void) strcpy(server_parm.sname, PWSERV_NAME); + (void) strcpy(server_parm.sinst, KRB_MASTER); + (void) strcpy(server_parm.krbrlm, realm); + + server_parm.admin_fd = -1; + /* setting up the addrs */ + if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) + return KADM_NO_SERV; + bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); + server_parm.admin_addr.sin_family = AF_INET; + if ((hp = gethostbyname(hostname)) == NULL) + return KADM_NO_HOSTNAME; + server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + server_parm.admin_addr.sin_port = sep->s_port; + /* setting up the database */ + if (kdb_get_master_key((inter==1),server_parm.master_key, + server_parm.master_key_schedule) != 0) + return KADM_NO_MAST; + if ((server_parm.master_key_version = + kdb_verify_master_key(server_parm.master_key, + server_parm.master_key_schedule,stderr))<0) + return KADM_NO_VERI; + return KADM_SUCCESS; +} + +static void errpkt(dat, dat_len, code) +u_char **dat; +int *dat_len; +int code; +{ + u_long retcode; + char *pdat; + + free((char *)*dat); /* free up req */ + *dat_len = KADM_VERSIZE + sizeof(u_long); + *dat = (u_char *) malloc((unsigned)*dat_len); + pdat = (char *) *dat; + retcode = htonl((u_long) code); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + return; +} + +/* +kadm_ser_in +unwrap the data stored in dat, process, and return it. +*/ +kadm_ser_in(dat,dat_len) +u_char **dat; +int *dat_len; +{ + u_char *in_st; /* pointer into the sent packet */ + int in_len,retc; /* where in packet we are, for + returns */ + u_long r_len; /* length of the actual packet */ + KTEXT_ST authent; /* the authenticator */ + AUTH_DAT ad; /* who is this, klink */ + u_long ncksum; /* checksum of encrypted data */ + des_key_schedule sess_sched; /* our schedule */ + MSG_DAT msg_st; + u_char *retdat, *tmpdat; + int retval, retlen; + + if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { + errpkt(dat, dat_len, KADM_BAD_VER); + return KADM_BAD_VER; + } + in_len = KADM_VERSIZE; + /* get the length */ + if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) + return KADM_LENGTH_ERROR; + in_len += retc; + authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); + bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); + authent.mbz = 0; + /* service key should be set before here */ + if (retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, + server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0)) + { + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + +#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} + + in_st = *dat + *dat_len - r_len; +#ifdef NOENCRYPTION + ncksum = 0; +#else + ncksum = quad_cksum(in_st, (u_long *)0, (long) r_len, 0, ad.session); +#endif + if (ncksum!=ad.checksum) { /* yow, are we correct yet */ + clr_cli_secrets(); + errpkt(dat, dat_len,KADM_BAD_CHK); + return KADM_BAD_CHK; + } +#ifdef NOENCRYPTION + bzero(sess_sched, sizeof(sess_sched)); +#else + des_key_sched(ad.session, sess_sched); +#endif + if (retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, + &server_parm.recv_addr, + &server_parm.admin_addr, &msg_st)) { + clr_cli_secrets(); + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + switch (msg_st.app_data[0]) { + case CHANGE_PW: + retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case ADD_ENT: + retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case GET_ENT: + retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case MOD_ENT: + retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + default: + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_OPCODE); + return KADM_NO_OPCODE; + } + /* Now seal the response back into a priv msg */ + free((char *)*dat); + tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + + sizeof(u_long))); + (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); + retval = htonl((u_long)retval); + bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); + if (retlen) { + bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), + retlen); + free((char *)retdat); + } + /* slop for mk_priv stuff */ + *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + + sizeof(u_long) + 200)); + if ((*dat_len = krb_mk_priv(tmpdat, *dat, + (u_long) (retlen + KADM_VERSIZE + + sizeof(u_long)), + sess_sched, + ad.session, &server_parm.admin_addr, + &server_parm.recv_addr)) < 0) { + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_ENCRYPT); + return KADM_NO_ENCRYPT; + } + clr_cli_secrets(); + return KADM_SUCCESS; +} diff --git a/eBones/usr.sbin/kadmin/kadm_server.c b/eBones/usr.sbin/kadmin/kadm_server.c new file mode 100644 index 0000000..25a58be --- /dev/null +++ b/eBones/usr.sbin/kadmin/kadm_server.c @@ -0,0 +1,159 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side subroutines + */ + +#ifndef lint +static char rcsid_kadm_server_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; +#endif lint + +#include <kadm.h> +#include <kadm_err.h> + +/* +kadm_ser_cpw - the server side of the change_password routine + recieves : KTEXT, {key} + returns : CKSUM, RETCODE + acl : caller can change only own password + +Replaces the password (i.e. des key) of the caller with that specified in key. +Returns no actual data from the master server, since this is called by a user +*/ +kadm_ser_cpw(dat, len, ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + unsigned long keylow, keyhigh; + des_cblock newkey; + int stvlen; + + /* take key off the stream, and change the database */ + + if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) + return(KADM_LENGTH_ERROR); + if (stv_long(dat, &keylow, stvlen, len) < 0) + return(KADM_LENGTH_ERROR); + + keylow = ntohl(keylow); + keyhigh = ntohl(keyhigh); + bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); + bcopy((char *)&keylow, (char *)newkey, 4); + *datout = 0; + *outlen = 0; + + return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); +} + +/* +kadm_ser_add - the server side of the add_entry routine + recieves : KTEXT, {values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as alloc) + +Adds and entry containing values to the database +returns the values of the entry, so if you leave certain fields blank you will + be able to determine the default values they are set to +*/ +kadm_ser_add(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + int status; + + if ((status = stream_to_vals(dat, &values, len)) < 0) + return(KADM_LENGTH_ERROR); + if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, + &values, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_mod - the server side of the mod_entry routine + recieves : KTEXT, {values, values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as register or dealloc) + +Modifies all entries corresponding to the first values so they match the + second values. +returns the values for the changed entries +*/ +kadm_ser_mod(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals vals1, vals2, retvals; + int wh; + int status; + + if ((wh = stream_to_vals(dat, &vals1, len)) < 0) + return KADM_LENGTH_ERROR; + if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) + return KADM_LENGTH_ERROR; + if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, + &vals2, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_get + recieves : KTEXT, {values, flags} + returns : CKSUM, RETCODE, {count, values, values, values} + acl : su + +gets the fields requested by flags from all entries matching values +returns this data for each matching recipient, after a count of how many such + matches there were +*/ +kadm_ser_get(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + u_char fl[FLDSZ]; + int loop,wh; + int status; + + if ((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if (wh + FLDSZ > len) + return KADM_LENGTH_ERROR; + for (loop=FLDSZ-1; loop>=0; loop--) + fl[loop] = dat[wh++]; + if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, + &values, fl, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + diff --git a/eBones/usr.sbin/kadmin/kadm_server.h b/eBones/usr.sbin/kadmin/kadm_server.h new file mode 100644 index 0000000..33b1904 --- /dev/null +++ b/eBones/usr.sbin/kadmin/kadm_server.h @@ -0,0 +1,51 @@ +/* + * $Source: /home/ncvs/src/eBones/kadmind/kadm_server.h,v $ + * $Author: wollman $ + * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +#include <sys/types.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + C_Block master_key; + C_Block session_key; + Key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +/* the default syslog file */ +#define KADM_SYSLOG "/var/log/kadmind.syslog" + +#define DEFAULT_ACL_DIR "/etc/kerberosIV" +#define ADD_ACL_FILE "/admin_acl.add" +#define GET_ACL_FILE "/admin_acl.get" +#define MOD_ACL_FILE "/admin_acl.mod" + +#endif KADM_SERVER_DEFS diff --git a/eBones/usr.sbin/kadmin/kadmind.8 b/eBones/usr.sbin/kadmin/kadmind.8 index 59075ee..1eb10d7 100644 --- a/eBones/usr.sbin/kadmin/kadmind.8 +++ b/eBones/usr.sbin/kadmin/kadmind.8 @@ -1,5 +1,5 @@ .\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $ +.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -95,19 +95,19 @@ in the database. A principal is always granted authorization to change its own password. .SH FILES .TP 20n -/kerberos/admin_server.syslog +/var/log/kadmind.syslog Default log file. .TP -/kerberos -Default access control list directory. +/etc/kerberosIV/admin_acl.{add,get,mod} +Access control list files .TP -admin_acl.{add,get,mod} -Access control list files (within the directory) +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -Default DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) diff --git a/eBones/usr.sbin/kadmind/Makefile b/eBones/usr.sbin/kadmind/Makefile new file mode 100644 index 0000000..77069be --- /dev/null +++ b/eBones/usr.sbin/kadmind/Makefile @@ -0,0 +1,11 @@ +# $Id$ + +PROG= kadmind +SRCS= admin_server.c kadm_funcs.c kadm_ser_wrap.c kadm_server.c +CFLAGS+=-DPOSIX -I${.CURDIR}/../include -I${KRBOBJDIR} \ + -I${.CURDIR}/../libkadm -I${KADMOBJDIR} +LDADD+= -L${KADMOBJDIR} -lkadm -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb \ + -L${DESOBJDIR} -ldes -L${ACLOBJDIR} -lacl -lcom_err +NOMAN= # man page in ../man + +.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kadmind/admin_server.c b/eBones/usr.sbin/kadmind/admin_server.c new file mode 100644 index 0000000..ce36eb6 --- /dev/null +++ b/eBones/usr.sbin/kadmind/admin_server.c @@ -0,0 +1,457 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Top-level loop of the kerberos Administration server + */ + +#ifndef lint +#if 0 +static char rcsid_admin_server_c[] = +"Id: admin_server.c,v 4.8 90/01/02 13:50:38 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id"; +#endif lint + +/* + admin_server.c + this holds the main loop and initialization and cleanup code for the server +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <signal.h> +#ifndef sigmask +#define sigmask(m) (1 <<((m)-1)) +#endif +#include <sys/wait.h> +#include <errno.h> +#include <sys/socket.h> +#include <syslog.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +/* Almost all procs and such need this, so it is global */ +admin_params prm; /* The command line parameters struct */ + +char prog[32]; /* WHY IS THIS NEEDED??????? */ +char *progname = prog; +char *acldir = DEFAULT_ACL_DIR; +char krbrlm[REALM_SZ]; +extern Kadm_Server server_parm; + +/* +** Main does the logical thing, it sets up the database and RPC interface, +** as well as handling the creation and maintenance of the syslog file... +*/ +main(argc, argv) /* admin_server main routine */ +int argc; +char *argv[]; +{ + int errval; + int c; + extern char *optarg; + + prog[sizeof(prog)-1]='\0'; /* Terminate... */ + (void) strncpy(prog, argv[0], sizeof(prog)-1); + + /* initialize the admin_params structure */ + prm.sysfile = KADM_SYSLOG; /* default file name */ + prm.inter = 1; + + bzero(krbrlm, sizeof(krbrlm)); + + while ((c = getopt(argc, argv, "f:hnd:a:r:")) != EOF) + switch(c) { + case 'f': /* Syslog file name change */ + prm.sysfile = optarg; + break; + case 'n': + prm.inter = 0; + break; + case 'a': /* new acl directory */ + acldir = optarg; + break; + case 'd': + /* put code to deal with alt database place */ + if (errval = kerb_db_set_name(optarg)) { + fprintf(stderr, "opening database %s: %s", + optarg, error_message(errval)); + exit(1); + } + break; + case 'r': + (void) strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + break; + case 'h': /* get help on using admin_server */ + default: + printf("Usage: admin_server [-h] [-n] [-r realm] [-d dbname] [-f filename] [-a acldir]\n"); + exit(-1); /* failure */ + } + + if (krbrlm[0] == 0) + if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) { + fprintf(stderr, + "Unable to get local realm. Fix krb.conf or use -r.\n"); + exit(1); + } + + printf("KADM Server %s initializing\n",KADM_VERSTR); + printf("Please do not use 'kill -9' to kill this job, use a\n"); + printf("regular kill instead\n\n"); + + set_logfile(prm.sysfile); + log("Admin server starting"); + + (void) kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); + errval = kerb_init(); /* Open the Kerberos database */ + if (errval) { + fprintf(stderr, "error: kerb_init() failed"); + close_syslog(); + byebye(); + } + /* set up the server_parm struct */ + if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + kerb_fini(); /* Close the Kerberos database-- + will re-open later */ + errval = kadm_listen(); /* listen for calls to server from + clients */ + } + if (errval != KADM_SUCCESS) { + fprintf(stderr,"error: %s\n",error_message(errval)); + kerb_fini(); /* Close if error */ + } + close_syslog(); /* Close syslog file, print + closing note */ + byebye(); /* Say bye bye on the terminal + in use */ +} /* procedure main */ + + +/* close the system log file */ +close_syslog() +{ + log("Shutting down admin server"); +} + +byebye() /* say goodnight gracie */ +{ + printf("Admin Server (kadm server) has completed operation.\n"); +} + +static clear_secrets() +{ + bzero((char *)server_parm.master_key, sizeof(server_parm.master_key)); + bzero((char *)server_parm.master_key_schedule, + sizeof(server_parm.master_key_schedule)); + server_parm.master_key_version = 0L; + return; +} + +static exit_now = 0; + +sigtype +doexit() +{ + exit_now = 1; +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +unsigned pidarraysize = 0; +int *pidarray = (int *)0; + +/* +kadm_listen +listen on the admin servers port for a request +*/ +kadm_listen() +{ + extern int errno; + int found; + int admin_fd; + int peer_fd; + fd_set mask, readfds; + struct sockaddr_in peer; + int addrlen; + void process_client(), kill_children(); + int pid; + sigtype do_child(); + + (void) signal(SIGINT, doexit); + (void) signal(SIGTERM, doexit); + (void) signal(SIGHUP, doexit); + (void) signal(SIGQUIT, doexit); + (void) signal(SIGPIPE, SIG_IGN); /* get errors on write() */ + (void) signal(SIGALRM, doexit); + (void) signal(SIGCHLD, do_child); + + if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + return KADM_NO_SOCK; + if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, + sizeof(struct sockaddr_in)) < 0) + return KADM_NO_BIND; + (void) listen(admin_fd, 1); + FD_ZERO(&mask); + FD_SET(admin_fd, &mask); + + for (;;) { /* loop nearly forever */ + if (exit_now) { + clear_secrets(); + kill_children(); + return(0); + } + readfds = mask; + if ((found = select(admin_fd+1,&readfds,(fd_set *)0, + (fd_set *)0, (struct timeval *)0)) == 0) + continue; /* no things read */ + if (found < 0) { + if (errno != EINTR) + log("select: %s",error_message(errno)); + continue; + } + if (FD_ISSET(admin_fd, &readfds)) { + /* accept the conn */ + addrlen = sizeof(peer); + if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, + &addrlen)) < 0) { + log("accept: %s",error_message(errno)); + continue; + } + addrlen = sizeof(server_parm.admin_addr); + if (getsockname(peer_fd, (struct sockaddr *)&server_parm.admin_addr, + &addrlen)) { + log("getsockname: %s",error_message(errno)); + continue; + } +#ifdef DEBUG + printf("Connection recieved on %s\n", + inet_ntoa(server_parm.admin_addr.sin_addr)); +#endif /* DEBUG */ +#ifndef DEBUG + /* if you want a sep daemon for each server */ + if (pid = fork()) { + /* parent */ + if (pid < 0) { + log("fork: %s",error_message(errno)); + (void) close(peer_fd); + continue; + } + /* fork succeded: keep tabs on child */ + (void) close(peer_fd); + if (pidarray) { + pidarray = (int *)realloc((char *)pidarray, ++pidarraysize); + pidarray[pidarraysize-1] = pid; + } else { + pidarray = (int *)malloc(pidarraysize = 1); + pidarray[0] = pid; + } + } else { + /* child */ + (void) close(admin_fd); +#endif /* DEBUG */ + /* do stuff */ + process_client (peer_fd, &peer); +#ifndef DEBUG + } +#endif + } else { + log("something else woke me up!"); + return(0); + } + } + /*NOTREACHED*/ +} + +#ifdef DEBUG +#define cleanexit(code) {kerb_fini(); return;} +#endif + +void +process_client(fd, who) +int fd; +struct sockaddr_in *who; +{ + u_char *dat; + int dat_len; + u_short dlen; + int retval; + int on = 1; + Principal service; + des_cblock skey; + int more; + int status; + + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) + log("setsockopt keepalive: %d",errno); + + server_parm.recv_addr = *who; + + if (kerb_init()) { /* Open as client */ + log("can't open krb db"); + cleanexit(1); + } + /* need to set service key to changepw.KRB_MASTER */ + + status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, + 1, &more); + if (status == -1) { + /* db locked */ + u_long retcode = KADM_DB_INUSE; + char *pdat; + + dat_len = KADM_VERSIZE + sizeof(u_long); + dat = (u_char *) malloc((unsigned)dat_len); + pdat = (char *) dat; + retcode = htonl((u_long) KADM_DB_INUSE); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + goto out; + } else if (!status) { + log("no service %s.%s",server_parm.sname, server_parm.sinst); + cleanexit(2); + } + + bcopy((char *)&service.key_low, (char *)skey, 4); + bcopy((char *)&service.key_high, (char *)(((long *) skey) + 1), 4); + bzero((char *)&service, sizeof(service)); + kdb_encrypt_key (skey, skey, server_parm.master_key, + server_parm.master_key_schedule, DECRYPT); + (void) krb_set_key((char *)skey, 0); /* if error, will show up when + rd_req fails */ + bzero((char *)skey, sizeof(skey)); + + while (1) { + if ((retval = krb_net_read(fd, (char *)&dlen, sizeof(u_short))) != + sizeof(u_short)) { + if (retval < 0) + log("dlen read: %s",error_message(errno)); + else if (retval) + log("short dlen read: %d",retval); + (void) close(fd); + cleanexit(retval ? 3 : 0); + } + if (exit_now) { + cleanexit(0); + } + dat_len = (int) ntohs(dlen); + dat = (u_char *) malloc((unsigned)dat_len); + if (!dat) { + log("malloc: No memory"); + (void) close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, (char *)dat, dat_len)) != dat_len) { + if (retval < 0) + log("data read: %s",error_message(errno)); + else + log("short read: %d vs. %d", dat_len, retval); + (void) close(fd); + cleanexit(5); + } + if (exit_now) { + cleanexit(0); + } + if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + log("processing request: %s", error_message(retval)); + + /* kadm_ser_in did the processing and returned stuff in + dat & dat_len , return the appropriate data */ + + out: + dlen = (u_short) dat_len; + + if (dat_len != (int)dlen) { + clear_secrets(); + abort(); /* XXX */ + } + dlen = htons(dlen); + + if (krb_net_write(fd, (char *)&dlen, sizeof(u_short)) < 0) { + log("writing dlen to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(6); + } + + if (krb_net_write(fd, (char *)dat, dat_len) < 0) { + log(LOG_ERR, "writing to client: %s",error_message(errno)); + (void) close(fd); + cleanexit(7); + } + free((char *)dat); + } + /*NOTREACHED*/ +} + +sigtype +do_child() +{ + /* SIGCHLD brings us here */ + int pid; + register int i, j; + +#ifdef POSIX + int status; +#else + union wait status; +#endif + + pid = wait(&status); + + for (i = 0; i < pidarraysize; i++) + if (pidarray[i] == pid) { + /* found it */ + for (j = i; j < pidarraysize-1; j++) + /* copy others down */ + pidarray[j] = pidarray[j+1]; + pidarraysize--; + if (WEXITSTATUS(status) || WCOREDUMP(status) || WIFSIGNALED(status)) + log("child %d: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ + } + log("child %d not in list: termsig %d, coredump %d, retcode %d", pid, + WTERMSIG(status), WCOREDUMP(status), WEXITSTATUS(status)); +#ifdef POSIX + return; +#else /* !POSIX */ + return(0); +#endif /* POSIX */ +} + +#ifndef DEBUG +cleanexit(val) +{ + kerb_fini(); + clear_secrets(); + exit(val); +} +#endif + +void +kill_children() +{ + register int i; + int osigmask; + + osigmask = sigblock(sigmask(SIGCHLD)); + + for (i = 0; i < pidarraysize; i++) { + kill(pidarray[i], SIGINT); + log("killing child %d", pidarray[i]); + } + sigsetmask(osigmask); + return; +} diff --git a/eBones/usr.sbin/kadmind/kadm_funcs.c b/eBones/usr.sbin/kadmind/kadm_funcs.c new file mode 100644 index 0000000..9f06e30 --- /dev/null +++ b/eBones/usr.sbin/kadmind/kadm_funcs.c @@ -0,0 +1,373 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT + * + * Kerberos administration server-side database manipulation routines + */ + +#ifndef lint +#if 0 +static char rcsid_kadm_funcs_c[] = +"Id: kadm_funcs.c,v 4.3 90/03/20 01:39:51 jon Exp "; +#endif +static const char rcsid[] = + "$Id: kadm_funcs.c,v 1.1 1995/01/20 03:12:55 wollman Exp $"; +#endif lint + +/* +kadm_funcs.c +the actual database manipulation code +*/ + +#include <sys/param.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_db.h> +#include "kadm_server.h" + +extern Kadm_Server server_parm; + +check_access(pname, pinst, prealm, acltype) +char *pname; +char *pinst; +char *prealm; +enum acl_types acltype; +{ + char checkname[MAX_K_NAME_SZ]; + char filename[MAXPATHLEN]; + extern char *acldir; + + (void) sprintf(checkname, "%s.%s@%s", pname, pinst, prealm); + + switch (acltype) { + case ADDACL: + (void) sprintf(filename, "%s%s", acldir, ADD_ACL_FILE); + break; + case GETACL: + (void) sprintf(filename, "%s%s", acldir, GET_ACL_FILE); + break; + case MODACL: + (void) sprintf(filename, "%s%s", acldir, MOD_ACL_FILE); + break; + } + return(acl_check(filename, checkname)); +} + +int +wildcard(str) +char *str; +{ + if (!strcmp(str, WILDCARD_STR)) + return(1); + return(0); +} + +#define failadd(code) { (void) log("FAILED addding '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_add_entry (rname, rinstance, rrealm, valsin, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; +Kadm_vals *valsout; +{ + long numfound; /* check how many we get written */ + int more; /* pointer to more grabbed records */ + Principal data_i, data_o; /* temporary principal */ + u_char flags[4]; + des_cblock newpw; + Principal default_princ; + + if (!check_access(rname, rinstance, rrealm, ADDACL)) { + (void) log("WARNING: '%s.%s@%s' tried to add an entry for '%s.%s'", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failadd(KADM_ILL_WILDCARD); + } + + (void) log("request to add an entry for '%s.%s' from '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound != 1) { + failadd(KADM_UK_RERROR); + } + + kadm_vals_to_prin(valsin->fields, &data_i, valsin); + (void) strncpy(data_i.name, valsin->name, ANAME_SZ); + (void) strncpy(data_i.instance, valsin->instance, INST_SZ); + + if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) + data_i.exp_date = default_princ.exp_date; + if (!IS_FIELD(KADM_ATTR,valsin->fields)) + data_i.attributes = default_princ.attributes; + if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) + data_i.max_life = default_princ.max_life; + + bzero((char *)&default_princ, sizeof(default_princ)); + + /* convert to host order */ + data_i.key_low = ntohl(data_i.key_low); + data_i.key_high = ntohl(data_i.key_high); + + + bcopy(&data_i.key_low,newpw,4); + bcopy(&data_i.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_i.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_i.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + + data_o = data_i; + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_INUSE); + } else { + data_i.key_version++; + data_i.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); + (void) strncpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)-1); + + numfound = kerb_put_principal(&data_i, 1); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((numfound!=1) || (more!=0)) { + failadd(KADM_UK_RERROR); + } + bzero((char *)flags, sizeof(flags)); + SET_FIELD(KADM_NAME,flags); + SET_FIELD(KADM_INST,flags); + SET_FIELD(KADM_EXPDATE,flags); + SET_FIELD(KADM_ATTR,flags); + SET_FIELD(KADM_MAXLIFE,flags); + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' added.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } +} +#undef failadd + +#define failget(code) { (void) log("FAILED retrieving '%s.%s' (%s)", valsin->name, valsin->instance, error_message(code)); return code; } + +kadm_get_entry (rname, rinstance, rrealm, valsin, flags, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin; /* what they wannt to get */ +u_char *flags; /* which fields we want */ +Kadm_vals *valsout; /* what data is there */ +{ + long numfound; /* check how many were returned */ + int more; /* To point to more name.instances */ + Principal data_o; /* Data object to hold Principal */ + + + if (!check_access(rname, rinstance, rrealm, GETACL)) { + (void) log("WARNING: '%s.%s@%s' tried to get '%s.%s's entry", + rname, rinstance, rrealm, valsin->name, valsin->instance); + return KADM_UNAUTH; + } + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failget(KADM_ILL_WILDCARD); + } + + (void) log("retrieve '%s.%s's entry for '%s.%s@%s'", + valsin->name, valsin->instance, rname, rinstance, rrealm); + + /* Look up the record in the database */ + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failget(KADM_DB_INUSE); + } else if (numfound) { /* We got the record, let's return it */ + kadm_prin_to_vals(flags, valsout, &data_o); + (void) log("'%s.%s' retrieved.", valsin->name, valsin->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } else { + failget(KADM_NOENTRY); /* Else whimper and moan */ + } +} +#undef failget + +#define failmod(code) { (void) log("FAILED modifying '%s.%s' (%s)", valsin1->name, valsin1->instance, error_message(code)); return code; } + +kadm_mod_entry (rname, rinstance, rrealm, valsin1, valsin2, valsout) +char *rname; /* requestors name */ +char *rinstance; /* requestors instance */ +char *rrealm; /* requestors realm */ +Kadm_vals *valsin1, *valsin2; /* holds the parameters being + passed in */ +Kadm_vals *valsout; /* the actual record which is returned */ +{ + long numfound; + int more; + Principal data_o, temp_key; + u_char fields[4]; + des_cblock newpw; + + if (wildcard(valsin1->name) || wildcard(valsin1->instance)) { + failmod(KADM_ILL_WILDCARD); + } + + if (!check_access(rname, rinstance, rrealm, MODACL)) { + (void) log("WARNING: '%s.%s@%s' tried to change '%s.%s's entry", + rname, rinstance, rrealm, valsin1->name, valsin1->instance); + return KADM_UNAUTH; + } + + (void) log("request to modify '%s.%s's entry from '%s.%s@%s' ", + valsin1->name, valsin1->instance, rname, rinstance, rrealm); + + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if (numfound == -1) { + failmod(KADM_DB_INUSE); + } else if (numfound) { + kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); + (void) strncpy(data_o.name, valsin1->name, ANAME_SZ); + (void) strncpy(data_o.instance, valsin1->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) + data_o.exp_date = temp_key.exp_date; + if (IS_FIELD(KADM_ATTR,valsin2->fields)) + data_o.attributes = temp_key.attributes; + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) + data_o.max_life = temp_key.max_life; + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + + + /* convert to host order */ + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + + + bcopy(&temp_key.key_low,newpw,4); + bcopy(&temp_key.key_high,(char *)(((long *) newpw) + 1),4); + + /* encrypt new key in master key */ + kdb_encrypt_key (newpw, newpw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + bcopy(newpw,&data_o.key_low,4); + bcopy((char *)(((long *) newpw) + 1), &data_o.key_high,4); + bzero((char *)newpw, sizeof(newpw)); + } + bzero((char *)&temp_key, sizeof(temp_key)); + + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + + bzero((char *)&data_o, sizeof(data_o)); + + if (more == -1) { + failmod(KADM_DB_INUSE); + } else if (more) { + failmod(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin1->name, valsin1->instance, + &data_o, 1, &more); + if ((more!=0)||(numfound!=1)) { + failmod(KADM_UK_RERROR); + } + bzero((char *) fields, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + (void) log("'%s.%s' modified.", valsin1->name, valsin1->instance); + return KADM_DATA; /* Set all the appropriate fields */ + } + } + else { + failmod(KADM_NOENTRY); + } +} +#undef failmod + +#define failchange(code) { (void) log("FAILED changing key for '%s.%s@%s' (%s)", rname, rinstance, rrealm, error_message(code)); return code; } + +kadm_change (rname, rinstance, rrealm, newpw) +char *rname; +char *rinstance; +char *rrealm; +des_cblock newpw; +{ + long numfound; + int more; + Principal data_o; + des_cblock local_pw; + + if (strcmp(server_parm.krbrlm, rrealm)) { + (void) log("change key request from wrong realm, '%s.%s@%s'!\n", + rname, rinstance, rrealm); + return(KADM_WRONG_REALM); + } + + if (wildcard(rname) || wildcard(rinstance)) { + failchange(KADM_ILL_WILDCARD); + } + (void) log("'%s.%s@%s' wants to change its password", + rname, rinstance, rrealm); + + bcopy(newpw, local_pw, sizeof(local_pw)); + + /* encrypt new key in master key */ + kdb_encrypt_key (local_pw, local_pw, server_parm.master_key, + server_parm.master_key_schedule, ENCRYPT); + + numfound = kerb_get_principal(rname, rinstance, + &data_o, 1, &more); + if (numfound == -1) { + failchange(KADM_DB_INUSE); + } else if (numfound) { + bcopy(local_pw,&data_o.key_low,4); + bcopy((char *)(((long *) local_pw) + 1), &data_o.key_high,4); + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + (void) strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + (void) strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + bzero((char *) local_pw, sizeof(local_pw)); + bzero((char *) &data_o, sizeof(data_o)); + if (more == -1) { + failchange(KADM_DB_INUSE); + } else if (more) { + failchange(KADM_UK_SERROR); + } else { + (void) log("'%s.%s@%s' password changed.", rname, rinstance, rrealm); + return KADM_SUCCESS; + } + } + else { + failchange(KADM_NOENTRY); + } +} +#undef failchange diff --git a/eBones/usr.sbin/kadmind/kadm_ser_wrap.c b/eBones/usr.sbin/kadmind/kadm_ser_wrap.c new file mode 100644 index 0000000..23664d4 --- /dev/null +++ b/eBones/usr.sbin/kadmind/kadm_ser_wrap.c @@ -0,0 +1,205 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side support functions + */ + +#ifndef lint +static char rcsid_module_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_ser_wrap.c,v 4.4 89/09/26 09:29:36 jtkohl Exp "; +#endif lint + +/* +kadm_ser_wrap.c +unwraps wrapped packets and calls the appropriate server subroutine +*/ + +#include <stdio.h> +#include <sys/types.h> +#include <netdb.h> +#include <sys/socket.h> +#include <kadm.h> +#include <kadm_err.h> +#include <krb_err.h> +#include "kadm_server.h" + +Kadm_Server server_parm; + +/* +kadm_ser_init +set up the server_parm structure +*/ +kadm_ser_init(inter, realm) +int inter; /* interactive or from file */ +char realm[]; +{ + struct servent *sep; + struct hostent *hp; + char hostname[MAXHOSTNAMELEN]; + + (void) init_kadm_err_tbl(); + (void) init_krb_err_tbl(); + if (gethostname(hostname, sizeof(hostname))) + return KADM_NO_HOSTNAME; + + (void) strcpy(server_parm.sname, PWSERV_NAME); + (void) strcpy(server_parm.sinst, KRB_MASTER); + (void) strcpy(server_parm.krbrlm, realm); + + server_parm.admin_fd = -1; + /* setting up the addrs */ + if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL) + return KADM_NO_SERV; + bzero((char *)&server_parm.admin_addr,sizeof(server_parm.admin_addr)); + server_parm.admin_addr.sin_family = AF_INET; + if ((hp = gethostbyname(hostname)) == NULL) + return KADM_NO_HOSTNAME; + server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + server_parm.admin_addr.sin_port = sep->s_port; + /* setting up the database */ + if (kdb_get_master_key((inter==1),server_parm.master_key, + server_parm.master_key_schedule) != 0) + return KADM_NO_MAST; + if ((server_parm.master_key_version = + kdb_verify_master_key(server_parm.master_key, + server_parm.master_key_schedule,stderr))<0) + return KADM_NO_VERI; + return KADM_SUCCESS; +} + +static void errpkt(dat, dat_len, code) +u_char **dat; +int *dat_len; +int code; +{ + u_long retcode; + char *pdat; + + free((char *)*dat); /* free up req */ + *dat_len = KADM_VERSIZE + sizeof(u_long); + *dat = (u_char *) malloc((unsigned)*dat_len); + pdat = (char *) *dat; + retcode = htonl((u_long) code); + (void) strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + bcopy((char *)&retcode, &pdat[KADM_VERSIZE], sizeof(u_long)); + return; +} + +/* +kadm_ser_in +unwrap the data stored in dat, process, and return it. +*/ +kadm_ser_in(dat,dat_len) +u_char **dat; +int *dat_len; +{ + u_char *in_st; /* pointer into the sent packet */ + int in_len,retc; /* where in packet we are, for + returns */ + u_long r_len; /* length of the actual packet */ + KTEXT_ST authent; /* the authenticator */ + AUTH_DAT ad; /* who is this, klink */ + u_long ncksum; /* checksum of encrypted data */ + des_key_schedule sess_sched; /* our schedule */ + MSG_DAT msg_st; + u_char *retdat, *tmpdat; + int retval, retlen; + + if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { + errpkt(dat, dat_len, KADM_BAD_VER); + return KADM_BAD_VER; + } + in_len = KADM_VERSIZE; + /* get the length */ + if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) + return KADM_LENGTH_ERROR; + in_len += retc; + authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_long); + bcopy((char *)(*dat) + in_len, (char *)authent.dat, authent.length); + authent.mbz = 0; + /* service key should be set before here */ + if (retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, + server_parm.recv_addr.sin_addr.s_addr, &ad, (char *)0)) + { + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + +#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));} + + in_st = *dat + *dat_len - r_len; +#ifdef NOENCRYPTION + ncksum = 0; +#else + ncksum = quad_cksum(in_st, (u_long *)0, (long) r_len, 0, ad.session); +#endif + if (ncksum!=ad.checksum) { /* yow, are we correct yet */ + clr_cli_secrets(); + errpkt(dat, dat_len,KADM_BAD_CHK); + return KADM_BAD_CHK; + } +#ifdef NOENCRYPTION + bzero(sess_sched, sizeof(sess_sched)); +#else + des_key_sched(ad.session, sess_sched); +#endif + if (retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session, + &server_parm.recv_addr, + &server_parm.admin_addr, &msg_st)) { + clr_cli_secrets(); + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + switch (msg_st.app_data[0]) { + case CHANGE_PW: + retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case ADD_ENT: + retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case GET_ENT: + retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + case MOD_ENT: + retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length,&ad, + &retdat, &retlen); + break; + default: + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_OPCODE); + return KADM_NO_OPCODE; + } + /* Now seal the response back into a priv msg */ + free((char *)*dat); + tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + + sizeof(u_long))); + (void) strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); + retval = htonl((u_long)retval); + bcopy((char *)&retval, (char *)tmpdat + KADM_VERSIZE, sizeof(u_long)); + if (retlen) { + bcopy((char *)retdat, (char *)tmpdat + KADM_VERSIZE + sizeof(u_long), + retlen); + free((char *)retdat); + } + /* slop for mk_priv stuff */ + *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + + sizeof(u_long) + 200)); + if ((*dat_len = krb_mk_priv(tmpdat, *dat, + (u_long) (retlen + KADM_VERSIZE + + sizeof(u_long)), + sess_sched, + ad.session, &server_parm.admin_addr, + &server_parm.recv_addr)) < 0) { + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_ENCRYPT); + return KADM_NO_ENCRYPT; + } + clr_cli_secrets(); + return KADM_SUCCESS; +} diff --git a/eBones/usr.sbin/kadmind/kadm_server.c b/eBones/usr.sbin/kadmind/kadm_server.c new file mode 100644 index 0000000..25a58be --- /dev/null +++ b/eBones/usr.sbin/kadmind/kadm_server.c @@ -0,0 +1,159 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Kerberos administration server-side subroutines + */ + +#ifndef lint +static char rcsid_kadm_server_c[] = +"Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.c,v 4.2 89/09/26 09:30:23 jtkohl Exp "; +#endif lint + +#include <kadm.h> +#include <kadm_err.h> + +/* +kadm_ser_cpw - the server side of the change_password routine + recieves : KTEXT, {key} + returns : CKSUM, RETCODE + acl : caller can change only own password + +Replaces the password (i.e. des key) of the caller with that specified in key. +Returns no actual data from the master server, since this is called by a user +*/ +kadm_ser_cpw(dat, len, ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + unsigned long keylow, keyhigh; + des_cblock newkey; + int stvlen; + + /* take key off the stream, and change the database */ + + if ((stvlen = stv_long(dat, &keyhigh, 0, len)) < 0) + return(KADM_LENGTH_ERROR); + if (stv_long(dat, &keylow, stvlen, len) < 0) + return(KADM_LENGTH_ERROR); + + keylow = ntohl(keylow); + keyhigh = ntohl(keyhigh); + bcopy((char *)&keyhigh, (char *)(((long *)newkey) + 1), 4); + bcopy((char *)&keylow, (char *)newkey, 4); + *datout = 0; + *outlen = 0; + + return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); +} + +/* +kadm_ser_add - the server side of the add_entry routine + recieves : KTEXT, {values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as alloc) + +Adds and entry containing values to the database +returns the values of the entry, so if you leave certain fields blank you will + be able to determine the default values they are set to +*/ +kadm_ser_add(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + int status; + + if ((status = stream_to_vals(dat, &values, len)) < 0) + return(KADM_LENGTH_ERROR); + if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, + &values, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_mod - the server side of the mod_entry routine + recieves : KTEXT, {values, values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as register or dealloc) + +Modifies all entries corresponding to the first values so they match the + second values. +returns the values for the changed entries +*/ +kadm_ser_mod(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals vals1, vals2, retvals; + int wh; + int status; + + if ((wh = stream_to_vals(dat, &vals1, len)) < 0) + return KADM_LENGTH_ERROR; + if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) + return KADM_LENGTH_ERROR; + if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, + &vals2, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_get + recieves : KTEXT, {values, flags} + returns : CKSUM, RETCODE, {count, values, values, values} + acl : su + +gets the fields requested by flags from all entries matching values +returns this data for each matching recipient, after a count of how many such + matches there were +*/ +kadm_ser_get(dat,len,ad, datout, outlen) +u_char *dat; +int len; +AUTH_DAT *ad; +u_char **datout; +int *outlen; +{ + Kadm_vals values, retvals; + u_char fl[FLDSZ]; + int loop,wh; + int status; + + if ((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if (wh + FLDSZ > len) + return KADM_LENGTH_ERROR; + for (loop=FLDSZ-1; loop>=0; loop--) + fl[loop] = dat[wh++]; + if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, + &values, fl, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + diff --git a/eBones/usr.sbin/kadmind/kadm_server.h b/eBones/usr.sbin/kadmind/kadm_server.h new file mode 100644 index 0000000..33b1904 --- /dev/null +++ b/eBones/usr.sbin/kadmind/kadm_server.h @@ -0,0 +1,51 @@ +/* + * $Source: /home/ncvs/src/eBones/kadmind/kadm_server.h,v $ + * $Author: wollman $ + * Header: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/kadm_server.h,v 4.1 89/12/21 17:46:51 jtkohl Exp + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +#include <sys/types.h> +#include <kerberosIV/krb.h> +#include <kerberosIV/des.h> + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + C_Block master_key; + C_Block session_key; + Key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +/* the default syslog file */ +#define KADM_SYSLOG "/var/log/kadmind.syslog" + +#define DEFAULT_ACL_DIR "/etc/kerberosIV" +#define ADD_ACL_FILE "/admin_acl.add" +#define GET_ACL_FILE "/admin_acl.get" +#define MOD_ACL_FILE "/admin_acl.mod" + +#endif KADM_SERVER_DEFS diff --git a/eBones/usr.sbin/kadmind/kadmind.8 b/eBones/usr.sbin/kadmind/kadmind.8 index 59075ee..1eb10d7 100644 --- a/eBones/usr.sbin/kadmind/kadmind.8 +++ b/eBones/usr.sbin/kadmind/kadmind.8 @@ -1,5 +1,5 @@ .\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $ -.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $ +.\" $Id: kadmind.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -95,19 +95,19 @@ in the database. A principal is always granted authorization to change its own password. .SH FILES .TP 20n -/kerberos/admin_server.syslog +/var/log/kadmind.syslog Default log file. .TP -/kerberos -Default access control list directory. +/etc/kerberosIV/admin_acl.{add,get,mod} +Access control list files .TP -admin_acl.{add,get,mod} -Access control list files (within the directory) +/etc/kerberosIV/principal.db +DBM file containing database .TP -/kerberos/principal.pag, /kerberos/principal.dir -Default DBM files containing database +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .TP -/.k +/etc/kerberosIV/master_key Master key cache file. .SH "SEE ALSO" kerberos(1), kpasswd(1), kadmin(8), acl_check(3) diff --git a/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 b/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 index 93db466..2e57876 100644 --- a/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 +++ b/eBones/usr.sbin/kdb_destroy/kdb_destroy.8 @@ -1,5 +1,5 @@ .\" from: kdb_destroy.8,v 4.1 89/01/23 11:08:02 jtkohl Exp $ -.\" $Id: kdb_destroy.8,v 1.2 1994/07/19 19:27:26 g89r4222 Exp $ +.\" $Id: kdb_destroy.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -27,7 +27,10 @@ access permission error). The user aborted the deletion. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database +.TP +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. .SH SEE ALSO kdb_init(8) diff --git a/eBones/usr.sbin/kdb_destroy/kdb_destroy.c b/eBones/usr.sbin/kdb_destroy/kdb_destroy.c index 0c45896..29c68a8 100644 --- a/eBones/usr.sbin/kdb_destroy/kdb_destroy.c +++ b/eBones/usr.sbin/kdb_destroy/kdb_destroy.c @@ -4,12 +4,12 @@ * <Copyright.MIT>. * * from: kdb_destroy.c,v 4.0 89/01/24 21:49:02 jtkohl Exp $ - * $Id: kdb_destroy.c,v 1.2 1994/07/19 19:23:49 g89r4222 Exp $ + * $Id: kdb_destroy.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_destroy.c,v 1.2 1994/07/19 19:23:49 g89r4222 Exp $"; +"$Id: kdb_destroy.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <strings.h> @@ -22,12 +22,20 @@ main() char answer[10]; /* user input */ char dbm[256]; /* database path and name */ char dbm1[256]; /* database path and name */ +#ifndef __FreeBSD__ char *file1, *file2; /* database file names */ +#else + char *file; /* database file names */ +#endif strcpy(dbm, DBM_FILE); +#ifndef __FreeBSD__ strcpy(dbm1, DBM_FILE); file1 = strcat(dbm, ".dir"); file2 = strcat(dbm1, ".pag"); +#else + file = strcat(dbm, ".db"); +#endif printf("You are about to destroy the Kerberos database "); printf("on this machine.\n"); @@ -35,7 +43,11 @@ main() fgets(answer, sizeof(answer), stdin); if (answer[0] == 'y' || answer[0] == 'Y') { +#ifndef __FreeBSD__ if (unlink(file1) == 0 && unlink(file2) == 0) +#else + if (unlink(file) == 0) +#endif fprintf(stderr, "Database deleted at %s\n", DBM_FILE); else fprintf(stderr, "Database cannot be deleted at %s\n", diff --git a/eBones/usr.sbin/kdb_edit/kdb_edit.8 b/eBones/usr.sbin/kdb_edit/kdb_edit.8 index 1cfd6ed..b2630c5 100644 --- a/eBones/usr.sbin/kdb_edit/kdb_edit.8 +++ b/eBones/usr.sbin/kdb_edit/kdb_edit.8 @@ -1,5 +1,5 @@ .\" from: kdb_edit.8,v 4.1 89/01/23 11:08:55 jtkohl Exp $ -.\" $Id: kdb_edit.8,v 1.2 1994/07/19 19:27:27 g89r4222 Exp $ +.\" $Id: kdb_edit.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -48,8 +48,11 @@ printed. The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/usr.sbin/kdb_edit/kdb_edit.c b/eBones/usr.sbin/kdb_edit/kdb_edit.c index 4c02db6..438317f 100644 --- a/eBones/usr.sbin/kdb_edit/kdb_edit.c +++ b/eBones/usr.sbin/kdb_edit/kdb_edit.c @@ -5,19 +5,19 @@ * <Copyright.MIT>. * * This routine changes the Kerberos encryption keys for principals, - * i.e., users or services. + * i.e., users or services. * * from: kdb_edit.c,v 4.2 90/01/09 16:05:09 raeburn Exp $ - * $Id: kdb_edit.c,v 1.3 1994/09/09 21:43:46 g89r4222 Exp $ + * $Id: kdb_edit.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ /* - * exit returns 0 ==> success -1 ==> error + * exit returns 0 ==> success -1 ==> error */ #ifndef lint static char rcsid[] = -"$Id: kdb_edit.c,v 1.3 1994/09/09 21:43:46 g89r4222 Exp $"; +"$Id: kdb_edit.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <stdio.h> @@ -158,7 +158,7 @@ main(argc, argv) #endif - if (kdb_get_master_key ((nflag == 0), + if (kdb_get_master_key ((nflag == 0), master_key, master_key_schedule) != 0) { fprintf (stdout, "Couldn't read master key.\n"); fflush (stdout); @@ -241,7 +241,7 @@ change_principal() if (!creating) { /* * copy the existing data so we can use the old values - * for the qualifier clause of the replace + * for the qualifier clause of the replace */ principal_data[i].old = (char *) &old_principal; bcopy(&principal_data[i], &old_principal, @@ -310,7 +310,7 @@ change_principal() } /* seal it under the kerberos master key */ - kdb_encrypt_key (new_key, new_key, + kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule, ENCRYPT); bcopy(new_key, &principal_data[i].key_low, 4); @@ -398,7 +398,7 @@ change_principal() /* * remaining fields -- key versions and mod info, should - * not be directly manipulated + * not be directly manipulated */ if (changed) { if (kerb_put_principal(&principal_data[i], 1)) { diff --git a/eBones/usr.sbin/kdb_init/kdb_init.8 b/eBones/usr.sbin/kdb_init/kdb_init.8 index 54537ad..d884d00 100644 --- a/eBones/usr.sbin/kdb_init/kdb_init.8 +++ b/eBones/usr.sbin/kdb_init/kdb_init.8 @@ -1,5 +1,5 @@ .\" from: kdb_init.8,v 4.1 89/01/23 11:09:02 jtkohl Exp $ -.\" $Id: kdb_init.8,v 1.2 1994/07/19 19:27:29 g89r4222 Exp $ +.\" $Id: kdb_init.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -21,21 +21,25 @@ If the optional .I realm argument is not present, .I kdb_init -prompts for a realm name (defaulting to the definition in /usr/include/krb.h). +prompts for a realm name (defaulting to the definition in +/usr/include/kerberosIV/krb.h). After determining the realm to be created, it prompts for a master key password. The master key password is used to encrypt every encryption key stored in the database. .SH DIAGNOSTICS .TP 20n -"/kerberos/principal: File exists" +"/etc/kerberosIV/principal: File exists" An attempt was made to create a database on a machine which already had an existing database. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/usr/include/krb.h +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/usr/include/kerberosIV/krb.h Include file defining default realm .SH SEE ALSO kdb_destroy(8) diff --git a/eBones/usr.sbin/kdb_init/kdb_init.c b/eBones/usr.sbin/kdb_init/kdb_init.c index dc7055e..7a8e32f 100644 --- a/eBones/usr.sbin/kdb_init/kdb_init.c +++ b/eBones/usr.sbin/kdb_init/kdb_init.c @@ -1,18 +1,18 @@ /* - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. * For copying and distribution information, please see the file - * <Copyright.MIT>. + * <Copyright.MIT>. * * program to initialize the database, reports error if database file - * already exists. + * already exists. * * from: kdb_init.c,v 4.0 89/01/24 21:50:45 jtkohl Exp $ - * $Id: kdb_init.c,v 1.3 1994/09/24 14:04:17 g89r4222 Exp $ + * $Id: kdb_init.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_init.c,v 1.3 1994/09/24 14:04:17 g89r4222 Exp $"; +"$Id: kdb_init.c,v 1.1.1.1 1994/09/30 14:49:56 csgr Exp $"; #endif lint #include <stdio.h> @@ -44,7 +44,7 @@ main(argc, argv) char *cp; int code; char *database; - + progname = (cp = rindex(*argv, '/')) ? cp + 1 : *argv; if (argc > 3) { @@ -96,7 +96,7 @@ main(argc, argv) add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY) || add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY) || add_principal("krbtgt", realm, RANDOM_KEY) || - add_principal("changepw", KRB_MASTER, RANDOM_KEY) + add_principal("changepw", KRB_MASTER, RANDOM_KEY) ) { fprintf(stderr, "\n%s: couldn't initialize database.\n", progname); @@ -169,7 +169,7 @@ add_principal(name, instance, aap_op) principal.old = 0; kerb_db_put_principal(&principal, 1); - + /* let's play it safe */ bzero (new_key, sizeof (C_Block)); bzero (&principal.key_low, 4); diff --git a/eBones/usr.sbin/kdb_util/kdb_util.8 b/eBones/usr.sbin/kdb_util/kdb_util.8 index 30a3b9f..4183ef3 100644 --- a/eBones/usr.sbin/kdb_util/kdb_util.8 +++ b/eBones/usr.sbin/kdb_util/kdb_util.8 @@ -1,5 +1,5 @@ .\" from: kdb_util.8,v 4.1 89/01/23 11:09:11 jtkohl Exp $ -.\" $Id: kdb_util.8,v 1.2 1994/07/19 19:27:30 g89r4222 Exp $ +.\" $Id: kdb_util.8,v 1.1.1.1 1994/09/30 14:50:06 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -56,9 +56,9 @@ is encrypted using the new format (encrypted directly with master key). The master key string entered was incorrect. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -.IR filename .ok +.IR filename .dump_ok semaphore file created by .IR slave_dump. diff --git a/eBones/usr.sbin/kdb_util/kdb_util.c b/eBones/usr.sbin/kdb_util/kdb_util.c index 8465b5b..7bc8559 100644 --- a/eBones/usr.sbin/kdb_util/kdb_util.c +++ b/eBones/usr.sbin/kdb_util/kdb_util.c @@ -7,17 +7,17 @@ * dump a kerberos database to an ascii readable file and load this * file into the database. Read locking of the database is done during a * dump operation. NO LOCKING is done during a load operation. Loads - * should happen with other processes shutdown. + * should happen with other processes shutdown. * * Written July 9, 1987 by Jeffrey I. Schiller * * from: kdb_util.c,v 4.4 90/01/09 15:57:20 raeburn Exp $ - * $Id: kdb_util.c,v 1.3 1994/09/24 14:04:21 g89r4222 Exp $ + * $Id: kdb_util.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kdb_util.c,v 1.3 1994/09/24 14:04:21 g89r4222 Exp $"; +"$Id: kdb_util.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> @@ -62,7 +62,7 @@ main(argc, argv) char *db_name; progname = prog; - + if (argc != 3 && argc != 4) { fprintf(stderr, "Usage: %s operation file-name [database name].\n", argv[0]); @@ -77,7 +77,7 @@ main(argc, argv) perror("Can't open database"); exit(1); } - + if (!strcmp(argv[1], "load")) op = OP_LOAD; else if (!strcmp(argv[1], "dump")) @@ -134,7 +134,7 @@ main(argc, argv) break; case OP_CONVERT_OLD_DB: convert_old_format_db (db_name, file); - printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); break; } exit(0); @@ -148,7 +148,7 @@ clear_secrets () bzero((char *)new_master_key_schedule, sizeof (Key_schedule)); } -/* cv_key is a procedure which takes a principle and changes its key, +/* cv_key is a procedure which takes a principle and changes its key, either for a new method of encrypting the keys, or a new master key. if cv_key is null no transformation of key is done (other than net byte order). */ @@ -163,7 +163,7 @@ static int dump_db_1(arg, principal) Principal *principal; { /* replace null strings with "*" */ struct callback_args *a = (struct callback_args *)arg; - + if (principal->instance[0] == '\0') { principal->instance[0] = '*'; principal->instance[1] = '\0'; @@ -205,7 +205,7 @@ dump_db (db_file, output_file, cv_key) a.cv_key = cv_key; a.output_file = output_file; - + kerb_db_iterate (dump_db_1, (char *)&a); return fflush(output_file); } @@ -432,7 +432,7 @@ convert_old_format_db (db_file, out) /* * now use the master key to decrypt (old style) the key in the db, had better - * be the same! + * be the same! */ bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4); bcopy((char *)&principal_data[0].key_high, @@ -451,7 +451,7 @@ convert_old_format_db (db_file, out) fprintf(stderr, "does not match database.\n"); exit (-1); } - + fprintf(stderr, "Master key verified.\n"); (void) fflush(stderr); @@ -468,14 +468,14 @@ register char *cp; int local; zaptime(&tp); /* clear out the struct */ - + if (strlen(cp) > 10) { /* new format */ (void) strncpy(wbuf, cp, 4); wbuf[4] = 0; tp.tm_year = atoi(wbuf); cp += 4; /* step over the year */ local = 0; /* GMT */ - } else { /* old format: local time, + } else { /* old format: local time, year is 2 digits, assuming 19xx */ wbuf[0] = *cp++; wbuf[1] = *cp++; @@ -492,11 +492,11 @@ register char *cp; wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_mday = atoi(wbuf); - + wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_hour = atoi(wbuf); - + wbuf[0] = *cp++; wbuf[1] = *cp++; tp.tm_min = atoi(wbuf); diff --git a/eBones/usr.sbin/kerberos/Makefile b/eBones/usr.sbin/kerberos/Makefile index 7f36cf7..44853ef 100644 --- a/eBones/usr.sbin/kerberos/Makefile +++ b/eBones/usr.sbin/kerberos/Makefile @@ -1,9 +1,9 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.2 1994/07/19 19:24:22 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ PROG= kerberos SRCS= kerberos.c cr_err_reply.c -CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include +CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes NOMAN= noman diff --git a/eBones/usr.sbin/kerberos/cr_err_reply.c b/eBones/usr.sbin/kerberos/cr_err_reply.c index 585fd03..c5178fe 100644 --- a/eBones/usr.sbin/kerberos/cr_err_reply.c +++ b/eBones/usr.sbin/kerberos/cr_err_reply.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: cr_err_reply.c,v 4.10 89/01/10 11:34:42 steiner Exp $ - * $Id: cr_err_reply.c,v 1.1 1994/07/19 19:24:24 g89r4222 Exp $ + * $Id: cr_err_reply.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: cr_err_reply.c,v 1.1 1994/07/19 19:24:24 g89r4222 Exp $"; +"$Id: cr_err_reply.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif /* lint */ #include <sys/types.h> @@ -30,28 +30,28 @@ extern int req_act_vno; /* this is defined in the kerberos * and an error string as arguments. Its return value is undefined. * * The packet is built in the following format: - * + * * type variable data * or constant * ---- ----------- ---- * * unsigned char req_ack_vno protocol version number - * + * * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * + * * [least significant HOST_BYTE_ORDER sender's (server's) byte * bit of above field] order - * + * * string pname principal's name - * + * * string pinst principal's instance - * + * * string prealm principal's realm - * + * * unsigned long time_ws client's timestamp - * + * * unsigned long e error code - * + * * string e_string error text */ diff --git a/eBones/usr.sbin/kerberos/kerberos.c b/eBones/usr.sbin/kerberos/kerberos.c index b980577..a7f391c 100644 --- a/eBones/usr.sbin/kerberos/kerberos.c +++ b/eBones/usr.sbin/kerberos/kerberos.c @@ -5,12 +5,12 @@ * <Copyright.MIT>. * * from: kerberos.c,v 4.19 89/11/01 17:18:07 qjb Exp $ - * $Id: kerberos.c,v 1.3 1994/09/09 21:43:51 g89r4222 Exp $ + * $Id: kerberos.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kerberos.c,v 1.3 1994/09/09 21:43:51 g89r4222 Exp $"; +"$Id: kerberos.c,v 1.1.1.1 1994/09/30 14:49:57 csgr Exp $"; #endif lint #include <stdio.h> @@ -97,7 +97,7 @@ static void hang(); */ static void usage() { - fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, + fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]%s%s\n", progname, " [-a max_age] [-l log_file] [-r realm]" ," [database_pathname]" ); @@ -160,7 +160,7 @@ main(argc, argv) break; case 'a': /* Set max age. */ - if (!isdigit(optarg[0])) + if (!isdigit(optarg[0])) usage(); max_age = atoi(optarg); if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { @@ -194,9 +194,9 @@ main(argc, argv) if (optind != argc) usage(); - + printf("Kerberos server starting\n"); - + if ((!nflag) && (max_age != -1)) printf("\tMaximum database age: %d seconds\n", max_age); if (pause_int != -1) @@ -205,12 +205,12 @@ main(argc, argv) printf("\tSleep forever on error\n"); if (mflag) printf("\tMaster key will be entered manually\n"); - + printf("\tLog file is %s\n", lflag ? log_file : KRBLOG); if (lflag) kset_logfile(log_file); - + /* find our hostname, and use it as the instance */ if (gethostname(k_instance, INST_SZ)) { fprintf(stderr, "%s: gethostname error\n", progname); @@ -249,7 +249,7 @@ main(argc, argv) /* Make sure database isn't stale */ check_db_age(); - + /* setup master key */ if (kdb_get_master_key (mflag, master_key, master_key_schedule) != 0) { klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); @@ -449,7 +449,7 @@ kerberos(client, pkt) /* * get the user's key, unseal it from the server's key, and - * use it to seal the cipher + * use it to seal the cipher */ /* a_name_data.key_low a_name_data.key_high */ @@ -457,7 +457,7 @@ kerberos(client, pkt) bcopy(&a_name_data.key_high, ((long *) key) + 1, 4); /* unseal the a_name key from the master key */ - kdb_encrypt_key(key, key, master_key, + kdb_encrypt_key(key, key, master_key, master_key_schedule, DECRYPT); create_ciph(ciph, session_key, s_name_data.name, @@ -616,10 +616,10 @@ kerberos(client, pkt) /* - * setup_disc + * setup_disc * * disconnect all descriptors, remove ourself from the process - * group that spawned us. + * group that spawned us. */ setup_disc() @@ -648,7 +648,7 @@ setup_disc() /* * kerb_er_reply creates an error reply packet and sends it to the - * client. + * client. */ kerb_err_reply(client, pkt, err, string) @@ -680,7 +680,7 @@ kerb_err_reply(client, pkt, err, string) static void check_db_age() { long age; - + if (max_age != -1) { /* Requires existance of kerb_get_db_age() */ gettimeofday(&kerb_time, 0); @@ -712,16 +712,16 @@ check_princ(p_name, instance, lifetime, p) klog(L_ALL_REQ, "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d", p_name, instance, lifetime, n, 0); - + if (n < 0) { lt = klog(L_KRB_PERR, "Database unavailable!"); hang(); } - + /* * if more than one p_name, pick one, randomly create a session key, * compute maximum lifetime, lookup authorizations if applicable, - * and stuff into cipher. + * and stuff into cipher. */ if (n == 0) { /* service unknown, log error, skip to next request */ diff --git a/eBones/usr.sbin/ksrvutil/Makefile b/eBones/usr.sbin/ksrvutil/Makefile new file mode 100644 index 0000000..bdff452 --- /dev/null +++ b/eBones/usr.sbin/ksrvutil/Makefile @@ -0,0 +1,10 @@ +# $Id$ + +PROG= ksrvutil +SRCS= ksrvutil.c +CFLAGS+= -I${.CURDIR}/../include -I${.CURDIR}/../libkadm +LDADD+= -L${KADMOBJDIR} -lkadm -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes \ + -lcom_err +NOMAN= #man page installed by ../man + +.include <bsd.prog.mk> diff --git a/eBones/usr.sbin/ksrvutil/ksrvutil.c b/eBones/usr.sbin/ksrvutil/ksrvutil.c new file mode 100644 index 0000000..d1e9474 --- /dev/null +++ b/eBones/usr.sbin/ksrvutil/ksrvutil.c @@ -0,0 +1,580 @@ +/* + * Copyright 1989 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * Copyright.MIT. + * + * list and update contents of srvtab files + */ + +#ifndef lint +#if 0 +static char rcsid_ksrvutil_c[] = +"BonesHeader: /afs/athena.mit.edu/astaff/project/kerberos/src/kadmin/RCS/ksrvutil.c,v 4.1 89/09/26 09:33:49 jtkohl Exp "; +#endif +static const char rcsid[] = + "$Id: ksrvutil.c,v 1.2 1995/01/23 22:54:08 wollman Exp $"; +#endif lint + +/* + * ksrvutil + * list and update the contents of srvtab files + */ + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#include <sys/types.h> +#include <sys/file.h> +#include <sys/param.h> +#include <stdio.h> +#include <sys/stat.h> +#include <errno.h> +#include <kadm.h> +#include <err.h> +#include <com_err.h> + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else /* NOENCRYPTION */ +#define read_long_pw_string des_read_pw_string +#endif /* NOENCRYPTION */ +int read_long_pw_string(); + +#define SRVTAB_MODE 0600 /* rw------- */ +#define PAD " " +#define VNO_HEADER "Version" +#define VNO_FORMAT "%4d " +#define KEY_HEADER " Key " /* 17 characters long */ +#define PRINC_HEADER " Principal\n" +#define PRINC_FORMAT "%s" + +extern int errno; + +extern void krb_set_tkt_string(); +void leave(); +unsigned short get_mode(); + +void +copy_keyfile(progname, keyfile, backup_keyfile) + char *progname; + char *keyfile; + char *backup_keyfile; +{ + int keyfile_fd; + int backup_keyfile_fd; + int keyfile_mode; + char buf[BUFSIZ]; /* for copying keyfiles */ + int rcount; /* for copying keyfiles */ + int try_again; + + (void) bzero((char *)buf, sizeof(buf)); + + do { + try_again = FALSE; + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) { + err(1, "unable to read %s", keyfile); + } + else { + try_again = TRUE; + if ((keyfile_fd = + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) { + err(1, "unable to create %s", keyfile); + } + else + if (close(keyfile_fd) < 0) { + err(1, "failure closing %s", keyfile); + } + } + } + } while(try_again); + + keyfile_mode = get_mode(keyfile); + + if ((backup_keyfile_fd = + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) { + err(1, "unable to write %s", backup_keyfile); + } + do { + if ((rcount = read(keyfile_fd, (char *)buf, sizeof(buf))) < 0) { + err(1, "error reading %s", keyfile); + } + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) { + err(1, "error writing %s", backup_keyfile); + } + } while (rcount); + if (close(backup_keyfile_fd) < 0) { + err(1, "error closing %s", backup_keyfile); + } + if (close(keyfile_fd) < 0) { + err(1, "error closing %s", keyfile); + } +} + +void +safe_read_stdin(prompt, buf, size) + char *prompt; + char *buf; + int size; +{ + (void) printf(prompt); + (void) fflush(stdout); + (void) bzero(buf, size); + if (read(0, buf, size - 1) < 0) { + warn("failure reading from stdin"); + leave((char *)NULL, 1); + } + fflush(stdin); + buf[strlen(buf)-1] = 0; +} + + +void +safe_write(progname, filename, fd, buf, len) + char *progname; + char *filename; + int fd; + char *buf; + int len; +{ + if (write(fd, buf, len) != len) { + warn("failure writing %s", filename); + close(fd); + leave("In progress srvtab in this file.", 1); + } +} + +int +yn(string) + char *string; +{ + char ynbuf[5]; + + (void) printf("%s (y,n) [y] ", string); + for (;;) { + safe_read_stdin("", ynbuf, sizeof(ynbuf)); + + if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) + return(0); + else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y') || (ynbuf[0] == 0)) + return(1); + else { + (void) printf("Please enter 'y' or 'n': "); + fflush(stdout); + } + } +} + +void +append_srvtab(progname, filename, fd, sname, sinst, + srealm, key_vno, key) + char *progname; + char *filename; + int fd; + char *sname; + char *sinst; + char *srealm; + unsigned char key_vno; + des_cblock key; +{ + /* Add one to append null */ + safe_write(progname, filename, fd, sname, strlen(sname) + 1); + safe_write(progname, filename, fd, sinst, strlen(sinst) + 1); + safe_write(progname, filename, fd, srealm, strlen(srealm) + 1); + safe_write(progname, filename, fd, (char *)&key_vno, 1); + safe_write(progname, filename, fd, (char *)key, sizeof(des_cblock)); + (void) fsync(fd); +} + +unsigned short +get_mode(filename) + char *filename; +{ + struct stat statbuf; + unsigned short mode; + + (void) bzero((char *)&statbuf, sizeof(statbuf)); + + if (stat(filename, &statbuf) < 0) + mode = SRVTAB_MODE; + else + mode = statbuf.st_mode; + + return(mode); +} + +main(argc,argv) + int argc; + char *argv[]; +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + unsigned char key_vno; /* key version number */ + int status; /* general purpose error status */ + des_cblock new_key; + des_cblock old_key; + char change_tkt[MAXPATHLEN]; /* Ticket to use for key change */ + char keyfile[MAXPATHLEN]; /* Original keyfile */ + char work_keyfile[MAXPATHLEN]; /* Working copy of keyfile */ + char backup_keyfile[MAXPATHLEN]; /* Backup copy of keyfile */ + unsigned short keyfile_mode; /* Protections on keyfile */ + int work_keyfile_fd = -1; /* Initialize so that */ + int backup_keyfile_fd = -1; /* compiler doesn't complain */ + char local_realm[REALM_SZ]; /* local kerberos realm */ + int i; + int interactive = FALSE; + int list = FALSE; + int change = FALSE; + int add = FALSE; + int key = FALSE; /* do we show keys? */ + int arg_entered = FALSE; + int change_this_key = FALSE; + char databuf[BUFSIZ]; + int first_printed = FALSE; /* have we printed the first item? */ + + int get_svc_new_key(); + void get_key_from_password(); + void print_key(); + void print_name(); + + (void) bzero((char *)sname, sizeof(sname)); + (void) bzero((char *)sinst, sizeof(sinst)); + (void) bzero((char *)srealm, sizeof(srealm)); + + (void) bzero((char *)change_tkt, sizeof(change_tkt)); + (void) bzero((char *)keyfile, sizeof(keyfile)); + (void) bzero((char *)work_keyfile, sizeof(work_keyfile)); + (void) bzero((char *)backup_keyfile, sizeof(backup_keyfile)); + (void) bzero((char *)local_realm, sizeof(local_realm)); + + (void) sprintf(change_tkt, "/tmp/tkt_ksrvutil.%d", getpid()); + krb_set_tkt_string(change_tkt); + + /* This is used only as a default for adding keys */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + (void) strcpy(local_realm, KRB_REALM); + + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-i") == 0) + interactive++; + else if (strcmp(argv[i], "-k") == 0) + key++; + else if (strcmp(argv[i], "list") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + list++; + } + } + else if (strcmp(argv[i], "change") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + change++; + } + } + else if (strcmp(argv[i], "add") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + add++; + } + } + else if (strcmp(argv[i], "-f") == 0) { + if (++i == argc) + usage(); + else + (void) strcpy(keyfile, argv[i]); + } + else + usage(); + } + + if (!arg_entered) + usage(); + + if (!keyfile[0]) + (void) strcpy(keyfile, KEYFILE); + + (void) strcpy(work_keyfile, keyfile); + (void) strcpy(backup_keyfile, keyfile); + + if (change || add) { + (void) strcat(work_keyfile, ".work"); + (void) strcat(backup_keyfile, ".old"); + + copy_keyfile(argv[0], keyfile, backup_keyfile); + } + + if (add) + copy_keyfile(argv[0], backup_keyfile, work_keyfile); + + keyfile_mode = get_mode(keyfile); + + if (change || list) { + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) { + err(1, "unable to read %s", backup_keyfile); + } + } + + if (change) { + if ((work_keyfile_fd = + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) { + err(1, "unable to write %s", work_keyfile); + } + } + else if (add) { + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) { + err(1, "unable to append to %s", work_keyfile); + } + } + + if (change || list) { + while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && + (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && + (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && + (read(backup_keyfile_fd, &key_vno, 1) > 0) && + (read(backup_keyfile_fd,(char *)old_key,sizeof(old_key)) > 0)) { + if (list) { + if (!first_printed) { + (void) printf(VNO_HEADER); + (void) printf(PAD); + if (key) { + (void) printf(KEY_HEADER); + (void) printf(PAD); + } + (void) printf(PRINC_HEADER); + first_printed = 1; + } + (void) printf(VNO_FORMAT, key_vno); + (void) printf(PAD); + if (key) { + print_key(old_key); + (void) printf(PAD); + } + print_name(sname, sinst, srealm); + (void) printf("\n"); + } + else if (change) { + (void) printf("\nPrincipal: "); + print_name(sname, sinst, srealm); + (void) printf("; version %d\n", key_vno); + if (interactive) + change_this_key = yn("Change this key?"); + else if (change) + change_this_key = 1; + else + change_this_key = 0; + + if (change_this_key) + (void) printf("Changing to version %d.\n", key_vno + 1); + else if (change) + (void) printf("Not changing this key.\n"); + + if (change_this_key) { + /* + * Pick a new key and determine whether or not + * it is safe to change + */ + if ((status = + get_svc_new_key(new_key, sname, sinst, + srealm, keyfile)) == KADM_SUCCESS) + key_vno++; + else { + (void) bcopy(old_key, new_key, sizeof(new_key)); + com_err(argv[0], status, ": key NOT changed"); + change_this_key = FALSE; + } + } + else + (void) bcopy(old_key, new_key, sizeof(new_key)); + append_srvtab(argv[0], work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + if (key && change_this_key) { + (void) printf("Old key: "); + print_key(old_key); + (void) printf("; new key: "); + print_key(new_key); + (void) printf("\n"); + } + if (change_this_key) { + if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { + (void) printf("Key changed.\n"); + (void) dest_tkt(); + } + else { + com_err(argv[0], status, + " attempting to change password."); + (void) dest_tkt(); + /* XXX This knows the format of a keyfile */ + if (lseek(work_keyfile_fd, -9, L_INCR) >= 0) { + key_vno--; + safe_write(argv[0], work_keyfile, + work_keyfile_fd, (char *)&key_vno, 1); + safe_write(argv[0], work_keyfile, work_keyfile_fd, + (char *)old_key, sizeof(des_cblock)); + (void) fsync(work_keyfile_fd); + (void) fprintf(stderr,"Key NOT changed.\n"); + } + else { + warn("unable to revert keyfile"); + leave("", 1); + } + } + } + } + bzero((char *)old_key, sizeof(des_cblock)); + bzero((char *)new_key, sizeof(des_cblock)); + } + } + else if (add) { + do { + do { + safe_read_stdin("Name: ", databuf, sizeof(databuf)); + (void) strncpy(sname, databuf, sizeof(sname) - 1); + safe_read_stdin("Instance: ", databuf, sizeof(databuf)); + (void) strncpy(sinst, databuf, sizeof(sinst) - 1); + safe_read_stdin("Realm: ", databuf, sizeof(databuf)); + (void) strncpy(srealm, databuf, sizeof(srealm) - 1); + safe_read_stdin("Version number: ", databuf, sizeof(databuf)); + key_vno = atoi(databuf); + if (!srealm[0]) + (void) strcpy(srealm, local_realm); + (void) printf("New principal: "); + print_name(sname, sinst, srealm); + (void) printf("; version %d\n", key_vno); + } while (!yn("Is this correct?")); + get_key_from_password(new_key); + if (key) { + (void) printf("Key: "); + print_key(new_key); + (void) printf("\n"); + } + append_srvtab(argv[0], work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + (void) printf("Key successfully added.\n"); + } while (yn("Would you like to add another key?")); + } + + if (change || list) + if (close(backup_keyfile_fd) < 0) { + warn("failure closing %s, continuing", backup_keyfile); + } + + if (change || add) { + if (close(work_keyfile_fd) < 0) { + err(1, "failure closing %s", work_keyfile); + } + if (rename(work_keyfile, keyfile) < 0) { + err(1, "failure renaming %s to %s", work_keyfile, keyfile); + } + (void) chmod(backup_keyfile, keyfile_mode); + (void) chmod(keyfile, keyfile_mode); + (void) printf("Old keyfile in %s.\n", backup_keyfile); + } + + exit(0); +} + +void +print_key(key) + des_cblock key; +{ + int i; + + for (i = 0; i < 4; i++) + (void) printf("%02x", key[i]); + (void) printf(" "); + for (i = 4; i < 8; i++) + (void) printf("%02x", key[i]); +} + +void +print_name(name, inst, realm) + char *name; + char *inst; + char *realm; +{ + (void) printf("%s%s%s%s%s", name, inst[0] ? "." : "", inst, + realm[0] ? "@" : "", realm); +} + +int +get_svc_new_key(new_key, sname, sinst, srealm, keyfile) + des_cblock new_key; + char *sname; + char *sinst; + char *srealm; + char *keyfile; +{ + int status = KADM_SUCCESS; + + if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, + KADM_SINST, 1, keyfile)) == KSUCCESS) && + ((status = kadm_init_link("changepw", KRB_MASTER, srealm)) == + KADM_SUCCESS)) { +#ifdef NOENCRYPTION + (void) bzero((char *) new_key, sizeof(des_cblock)); + new_key[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + (void) des_random_key(new_key); +#endif /* NOENCRYPTION */ + return(KADM_SUCCESS); + } + + return(status); +} + +void +get_key_from_password(key) + des_cblock key; +{ + char password[MAX_KPW_LEN]; /* storage for the password */ + + if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) + leave("Error reading password.", 1); + +#ifdef NOENCRYPTION + (void) bzero((char *) key, sizeof(des_cblock)); + key[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + (void) des_string_to_key(password, key); +#endif /* NOENCRYPTION */ + (void) bzero((char *)password, sizeof(password)); +} + +usage() +{ + (void) fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); + (void) fprintf(stderr, "{list | change | add}\n"); + (void) fprintf(stderr, " -i causes the program to ask for "); + (void) fprintf(stderr, "confirmation before changing keys.\n"); + (void) fprintf(stderr, " -k causes the key to printed for list or "); + (void) fprintf(stderr, "change.\n"); + exit(1); +} + +void +leave(str,x) +char *str; +int x; +{ + if (str) + (void) fprintf(stderr, "%s\n", str); + (void) dest_tkt(); + exit(x); +} diff --git a/eBones/usr.sbin/kstash/Makefile b/eBones/usr.sbin/kstash/Makefile index 8331c97a..d096b9c 100644 --- a/eBones/usr.sbin/kstash/Makefile +++ b/eBones/usr.sbin/kstash/Makefile @@ -1,10 +1,10 @@ # From: @(#)Makefile 5.2 (Berkeley) 3/5/91 -# $Id: Makefile,v 1.2 1994/07/19 19:27:04 g89r4222 Exp $ +# $Id: Makefile,v 1.1.1.1 1994/09/30 14:50:04 csgr Exp $ PROG= kstash CFLAGS+=-DKERBEROS -DDEBUG -I${.CURDIR}/../include DPADD= ${LIBKDB} ${LIBKRB} ${LIBDES} -LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes +LDADD= -L${KDBOBJDIR} -lkdb -L${KRBOBJDIR} -lkrb -L${DESOBJDIR} -ldes NOMAN= noman .include <bsd.prog.mk> diff --git a/eBones/usr.sbin/kstash/kstash.8 b/eBones/usr.sbin/kstash/kstash.8 index d83379a..ac8c57b 100644 --- a/eBones/usr.sbin/kstash/kstash.8 +++ b/eBones/usr.sbin/kstash/kstash.8 @@ -1,5 +1,5 @@ .\" from: kstash.8,v 4.1 89/01/23 11:11:39 jtkohl Exp $ -.\" $Id: kstash.8,v 1.2 1994/07/19 19:27:55 g89r4222 Exp $ +.\" $Id: kstash.8,v 1.1.1.1 1994/09/30 14:50:07 csgr Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -34,8 +34,11 @@ system call returned an error while was attempting to write the key to the file. .SH FILES .TP 20n -/kerberos/principal.pag, /kerberos/principal.dir -DBM files containing database +/etc/kerberosIV/principal.db +DBM file containing database .TP -/.k +/etc/kerberosIV/principal.ok +Semaphore indicating that the DBM database is not being modified. +.TP +/etc/kerberosIV/master_key Master key cache file. diff --git a/eBones/usr.sbin/kstash/kstash.c b/eBones/usr.sbin/kstash/kstash.c index 696e4e1..d8afe20 100644 --- a/eBones/usr.sbin/kstash/kstash.c +++ b/eBones/usr.sbin/kstash/kstash.c @@ -1,16 +1,16 @@ /* * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology + * of Technology * For copying and distribution information, please see the file * <Copyright.MIT>. * * from: kstash.c,v 4.0 89/01/23 09:45:43 jtkohl Exp $ - * $Id: kstash.c,v 1.2 1994/07/19 19:27:05 g89r4222 Exp $ + * $Id: kstash.c,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $ */ #ifndef lint static char rcsid[] = -"$Id: kstash.c,v 1.2 1994/07/19 19:27:05 g89r4222 Exp $"; +"$Id: kstash.c,v 1.1.1.1 1994/09/30 14:50:05 csgr Exp $"; #endif lint #include <stdio.h> @@ -84,7 +84,7 @@ main(argc, argv) clear_secrets(); } -static void +static void clear_secrets() { bzero(master_key_schedule, sizeof(master_key_schedule)); |
