From a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 Mon Sep 17 00:00:00 2001 From: markm Date: Thu, 4 Sep 1997 06:04:33 +0000 Subject: Initial import of KTH eBones. This has been cleaned up to only include the "core" Kerberos functionality. The rest of the userland will get their own changes later. --- crypto/kerberosIV/COPYRIGHT | 166 + crypto/kerberosIV/ChangeLog | 3761 +++++++++ crypto/kerberosIV/Makefile.in | 70 + crypto/kerberosIV/NEWS | 563 ++ crypto/kerberosIV/PROBLEMS | 74 + crypto/kerberosIV/README | 44 + crypto/kerberosIV/README-WIN32 | 30 + crypto/kerberosIV/TODO | 42 + crypto/kerberosIV/acconfig.h | 282 + crypto/kerberosIV/aclocal.m4 | 543 ++ crypto/kerberosIV/admin/Makefile.in | 104 + crypto/kerberosIV/admin/adm_locl.h | 91 + crypto/kerberosIV/admin/ext_srvtab.c | 143 + crypto/kerberosIV/admin/kdb_destroy.c | 57 + crypto/kerberosIV/admin/kdb_edit.c | 404 + crypto/kerberosIV/admin/kdb_init.c | 174 + crypto/kerberosIV/admin/kdb_util.c | 496 ++ crypto/kerberosIV/admin/kstash.c | 56 + crypto/kerberosIV/appl/Makefile.in | 43 + crypto/kerberosIV/appl/bsd/Makefile.in | 135 + crypto/kerberosIV/appl/bsd/README.login | 20 + crypto/kerberosIV/appl/bsd/bsd_locl.h | 380 + crypto/kerberosIV/appl/bsd/encrypt.c | 311 + crypto/kerberosIV/appl/bsd/forkpty.c | 461 + crypto/kerberosIV/appl/bsd/iruserok.c | 279 + crypto/kerberosIV/appl/bsd/kcmd.c | 270 + crypto/kerberosIV/appl/bsd/klogin.c | 184 + crypto/kerberosIV/appl/bsd/krcmd.c | 117 + crypto/kerberosIV/appl/bsd/login.c | 990 +++ crypto/kerberosIV/appl/bsd/login_access.c | 221 + crypto/kerberosIV/appl/bsd/login_fbtab.c | 144 + crypto/kerberosIV/appl/bsd/pathnames.h | 191 + crypto/kerberosIV/appl/bsd/rcmd_util.c | 246 + crypto/kerberosIV/appl/bsd/rcp.c | 1019 +++ crypto/kerberosIV/appl/bsd/rcp_util.c | 97 + crypto/kerberosIV/appl/bsd/rlogin.c | 707 ++ crypto/kerberosIV/appl/bsd/rlogind.c | 934 ++ crypto/kerberosIV/appl/bsd/rsh.c | 353 + crypto/kerberosIV/appl/bsd/rshd.c | 635 ++ crypto/kerberosIV/appl/bsd/stty_default.c | 105 + crypto/kerberosIV/appl/bsd/su.c | 452 + crypto/kerberosIV/appl/bsd/sysv_default.c | 95 + crypto/kerberosIV/appl/bsd/sysv_default.h | 18 + crypto/kerberosIV/appl/bsd/sysv_environ.c | 192 + crypto/kerberosIV/appl/bsd/sysv_shadow.c | 45 + crypto/kerberosIV/appl/bsd/sysv_shadow.h | 5 + crypto/kerberosIV/appl/bsd/tty.c | 75 + crypto/kerberosIV/appl/bsd/utmp_login.c | 121 + crypto/kerberosIV/appl/bsd/utmpx_login.c | 88 + crypto/kerberosIV/appl/ftp/Makefile.in | 41 + crypto/kerberosIV/appl/ftp/common/Makefile.in | 52 + crypto/kerberosIV/appl/ftp/common/base64.c | 149 + crypto/kerberosIV/appl/ftp/common/base64.h | 47 + crypto/kerberosIV/appl/ftp/common/buffer.c | 73 + crypto/kerberosIV/appl/ftp/common/common.h | 62 + crypto/kerberosIV/appl/ftp/common/glob.c | 835 ++ crypto/kerberosIV/appl/ftp/common/glob.h | 84 + crypto/kerberosIV/appl/ftp/common/sockbuf.c | 61 + crypto/kerberosIV/appl/ftp/ftp/Makefile.in | 76 + crypto/kerberosIV/appl/ftp/ftp/cmds.c | 2073 +++++ crypto/kerberosIV/appl/ftp/ftp/cmdtab.c | 193 + crypto/kerberosIV/appl/ftp/ftp/domacro.c | 138 + crypto/kerberosIV/appl/ftp/ftp/extern.h | 167 + crypto/kerberosIV/appl/ftp/ftp/ftp.c | 1658 ++++ crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h | 145 + crypto/kerberosIV/appl/ftp/ftp/ftp_var.h | 127 + crypto/kerberosIV/appl/ftp/ftp/globals.c | 76 + crypto/kerberosIV/appl/ftp/ftp/kauth.c | 145 + crypto/kerberosIV/appl/ftp/ftp/krb4.c | 567 ++ crypto/kerberosIV/appl/ftp/ftp/krb4.h | 81 + crypto/kerberosIV/appl/ftp/ftp/main.c | 542 ++ crypto/kerberosIV/appl/ftp/ftp/pathnames.h | 44 + crypto/kerberosIV/appl/ftp/ftp/ruserpass.c | 274 + crypto/kerberosIV/appl/ftp/ftpd/Makefile.in | 84 + crypto/kerberosIV/appl/ftp/ftpd/auth.c | 249 + crypto/kerberosIV/appl/ftp/ftpd/auth.h | 109 + crypto/kerberosIV/appl/ftp/ftpd/extern.h | 141 + crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y | 1408 ++++ crypto/kerberosIV/appl/ftp/ftpd/ftpd.c | 2076 +++++ crypto/kerberosIV/appl/ftp/ftpd/kauth.c | 325 + crypto/kerberosIV/appl/ftp/ftpd/krb4.c | 372 + crypto/kerberosIV/appl/ftp/ftpd/krb4.h | 61 + crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c | 136 + crypto/kerberosIV/appl/ftp/ftpd/pathnames.h | 55 + crypto/kerberosIV/appl/ftp/ftpd/popen.c | 224 + crypto/kerberosIV/appl/kauth/Makefile.in | 112 + crypto/kerberosIV/appl/kauth/encdata.c | 101 + crypto/kerberosIV/appl/kauth/kauth.c | 312 + crypto/kerberosIV/appl/kauth/kauth.h | 118 + crypto/kerberosIV/appl/kauth/kauthd.c | 201 + crypto/kerberosIV/appl/kauth/ksrvtgt.in | 14 + crypto/kerberosIV/appl/kauth/marshall.c | 97 + crypto/kerberosIV/appl/kauth/rkinit.c | 222 + crypto/kerberosIV/appl/kauth/zrefresh | 12 + crypto/kerberosIV/appl/kip/Makefile.in | 96 + crypto/kerberosIV/appl/kip/common.c | 178 + crypto/kerberosIV/appl/kip/kip.c | 179 + crypto/kerberosIV/appl/kip/kip.h | 106 + crypto/kerberosIV/appl/kip/kipd.c | 128 + crypto/kerberosIV/config.guess | 696 ++ crypto/kerberosIV/config.sub | 932 ++ crypto/kerberosIV/configure | 9343 +++++++++++++++++++++ crypto/kerberosIV/configure.in | 970 +++ crypto/kerberosIV/doc/Makefile.in | 65 + crypto/kerberosIV/doc/ack.texi | 80 + crypto/kerberosIV/doc/index.texi | 6 + crypto/kerberosIV/doc/install.texi | 368 + crypto/kerberosIV/doc/intro.texi | 69 + crypto/kerberosIV/doc/kth-krb.texi | 300 + crypto/kerberosIV/doc/latin1.tex | 95 + crypto/kerberosIV/doc/otp.texi | 127 + crypto/kerberosIV/doc/problems.texi | 156 + crypto/kerberosIV/doc/setup.texi | 794 ++ crypto/kerberosIV/doc/whatis.texi | 137 + crypto/kerberosIV/eBones-p9.README | 26 + crypto/kerberosIV/etc/README | 41 + crypto/kerberosIV/etc/default.login | 47 + crypto/kerberosIV/etc/fbtab | 15 + crypto/kerberosIV/etc/hosts.equiv | 1 + crypto/kerberosIV/etc/inetd.conf.changes | 33 + crypto/kerberosIV/etc/krb.conf | 56 + crypto/kerberosIV/etc/krb.equiv | 14 + crypto/kerberosIV/etc/krb.realms | 51 + crypto/kerberosIV/etc/login.access | 54 + crypto/kerberosIV/etc/services.append | 22 + crypto/kerberosIV/include/Makefile.in | 147 + crypto/kerberosIV/include/config.h.in | 984 +++ crypto/kerberosIV/include/ktypes.c | 64 + crypto/kerberosIV/include/protos.h | 276 + crypto/kerberosIV/include/sys/Makefile.in | 53 + crypto/kerberosIV/include/sys/cdefs.H | 149 + crypto/kerberosIV/install-sh | 250 + crypto/kerberosIV/kadmin/Design.txt | 23 + crypto/kerberosIV/kadmin/Makefile.in | 125 + crypto/kerberosIV/kadmin/admin_server.c | 432 + crypto/kerberosIV/kadmin/kadm_funcs.c | 411 + crypto/kerberosIV/kadmin/kadm_locl.h | 148 + crypto/kerberosIV/kadmin/kadm_ser_wrap.c | 213 + crypto/kerberosIV/kadmin/kadm_server.c | 198 + crypto/kerberosIV/kadmin/kadm_server.h | 66 + crypto/kerberosIV/kadmin/kadmin.c | 845 ++ crypto/kerberosIV/kadmin/kpasswd.c | 163 + crypto/kerberosIV/kadmin/ksrvutil.c | 601 ++ crypto/kerberosIV/kadmin/ksrvutil.h | 54 + crypto/kerberosIV/kadmin/ksrvutil_get.c | 400 + crypto/kerberosIV/kadmin/new_pwd.c | 146 + crypto/kerberosIV/kadmin/pw_check.c | 87 + crypto/kerberosIV/kadmin/pw_check.h | 45 + crypto/kerberosIV/kuser/Makefile.in | 92 + crypto/kerberosIV/kuser/kdestroy.c | 72 + crypto/kerberosIV/kuser/kinit.c | 158 + crypto/kerberosIV/kuser/klist.c | 314 + crypto/kerberosIV/kuser/kuser_locl.h | 86 + crypto/kerberosIV/lib/Makefile.in | 46 + crypto/kerberosIV/lib/acl/Makefile.in | 84 + crypto/kerberosIV/lib/acl/acl.h | 53 + crypto/kerberosIV/lib/acl/acl_files.c | 540 ++ crypto/kerberosIV/lib/acl/acl_files.doc | 107 + crypto/kerberosIV/lib/kadm/Makefile.in | 92 + crypto/kerberosIV/lib/kadm/kadm.h | 143 + crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c | 545 ++ crypto/kerberosIV/lib/kadm/kadm_err.et | 59 + crypto/kerberosIV/lib/kadm/kadm_locl.h | 90 + crypto/kerberosIV/lib/kadm/kadm_stream.c | 299 + crypto/kerberosIV/lib/kadm/kadm_supp.c | 111 + crypto/kerberosIV/lib/kafs/Makefile.in | 90 + crypto/kerberosIV/lib/kafs/afskrb.c | 373 + crypto/kerberosIV/lib/kafs/afsl.exp | 6 + crypto/kerberosIV/lib/kafs/afslib.c | 60 + crypto/kerberosIV/lib/kafs/afslib.exp | 3 + crypto/kerberosIV/lib/kafs/afssys.c | 293 + crypto/kerberosIV/lib/kafs/afssysdefs.h | 87 + crypto/kerberosIV/lib/kafs/dlfcn.c | 570 ++ crypto/kerberosIV/lib/kafs/dlfcn.h | 46 + crypto/kerberosIV/lib/kafs/kafs.h | 100 + crypto/kerberosIV/lib/kafs/kafs_locl.h | 96 + crypto/kerberosIV/lib/kdb/Makefile.in | 83 + crypto/kerberosIV/lib/kdb/base64.c | 150 + crypto/kerberosIV/lib/kdb/base64.h | 47 + crypto/kerberosIV/lib/kdb/copykey.c | 55 + crypto/kerberosIV/lib/kdb/kdb_locl.h | 98 + crypto/kerberosIV/lib/kdb/kdc.h | 34 + crypto/kerberosIV/lib/kdb/krb_cache.c | 189 + crypto/kerberosIV/lib/kdb/krb_db.h | 137 + crypto/kerberosIV/lib/kdb/krb_dbm.c | 823 ++ crypto/kerberosIV/lib/kdb/krb_kdb_utils.c | 261 + crypto/kerberosIV/lib/kdb/krb_lib.c | 259 + crypto/kerberosIV/lib/kdb/print_princ.c | 48 + crypto/kerberosIV/lib/krb/Makefile.in | 269 + crypto/kerberosIV/lib/krb/check_time.c | 56 + crypto/kerberosIV/lib/krb/cr_err_reply.c | 99 + crypto/kerberosIV/lib/krb/create_auth_reply.c | 131 + crypto/kerberosIV/lib/krb/create_ciph.c | 117 + crypto/kerberosIV/lib/krb/create_death_packet.c | 85 + crypto/kerberosIV/lib/krb/create_ticket.c | 134 + crypto/kerberosIV/lib/krb/debug_decl.c | 29 + crypto/kerberosIV/lib/krb/decomp_ticket.c | 119 + crypto/kerberosIV/lib/krb/dest_tkt.c | 82 + crypto/kerberosIV/lib/krb/dllmain.c | 128 + crypto/kerberosIV/lib/krb/encrypt_ktext.c | 51 + crypto/kerberosIV/lib/krb/et_list.c | 74 + crypto/kerberosIV/lib/krb/get_ad_tkt.c | 190 + crypto/kerberosIV/lib/krb/get_cred.c | 70 + crypto/kerberosIV/lib/krb/get_default_principal.c | 94 + crypto/kerberosIV/lib/krb/get_host.c | 292 + crypto/kerberosIV/lib/krb/get_in_tkt.c | 99 + crypto/kerberosIV/lib/krb/get_krbrlm.c | 116 + crypto/kerberosIV/lib/krb/get_svc_in_tkt.c | 76 + crypto/kerberosIV/lib/krb/get_tf_fullname.c | 70 + crypto/kerberosIV/lib/krb/get_tf_realm.c | 41 + crypto/kerberosIV/lib/krb/getaddrs.c | 130 + crypto/kerberosIV/lib/krb/getrealm.c | 184 + crypto/kerberosIV/lib/krb/getst.c | 45 + crypto/kerberosIV/lib/krb/gettimeofday.c | 56 + crypto/kerberosIV/lib/krb/k_concat.c | 116 + crypto/kerberosIV/lib/krb/k_flock.c | 95 + crypto/kerberosIV/lib/krb/k_gethostname.c | 58 + crypto/kerberosIV/lib/krb/k_getport.c | 57 + crypto/kerberosIV/lib/krb/k_getsockinst.c | 73 + crypto/kerberosIV/lib/krb/k_localtime.c | 48 + crypto/kerberosIV/lib/krb/kdc_reply.c | 131 + crypto/kerberosIV/lib/krb/klog.h | 47 + crypto/kerberosIV/lib/krb/kntoln.c | 180 + crypto/kerberosIV/lib/krb/krb.def | 92 + crypto/kerberosIV/lib/krb/krb.h | 565 ++ crypto/kerberosIV/lib/krb/krb.mak | 3065 +++++++ crypto/kerberosIV/lib/krb/krb_check_auth.c | 76 + crypto/kerberosIV/lib/krb/krb_equiv.c | 144 + crypto/kerberosIV/lib/krb/krb_err.et | 257 + crypto/kerberosIV/lib/krb/krb_err_txt.c | 299 + crypto/kerberosIV/lib/krb/krb_get_in_tkt.c | 175 + crypto/kerberosIV/lib/krb/krb_locl.h | 163 + crypto/kerberosIV/lib/krb/kuserok.c | 156 + crypto/kerberosIV/lib/krb/lifetime.c | 213 + crypto/kerberosIV/lib/krb/logging.c | 240 + crypto/kerberosIV/lib/krb/lsb_addr_comp.c | 105 + crypto/kerberosIV/lib/krb/lsb_addr_comp.h | 26 + crypto/kerberosIV/lib/krb/mk_auth.c | 96 + crypto/kerberosIV/lib/krb/mk_err.c | 56 + crypto/kerberosIV/lib/krb/mk_priv.c | 125 + crypto/kerberosIV/lib/krb/mk_req.c | 215 + crypto/kerberosIV/lib/krb/mk_safe.c | 131 + crypto/kerberosIV/lib/krb/month_sname.c | 39 + crypto/kerberosIV/lib/krb/name2name.c | 102 + crypto/kerberosIV/lib/krb/netread.c | 55 + crypto/kerberosIV/lib/krb/netwrite.c | 52 + crypto/kerberosIV/lib/krb/one.c | 27 + crypto/kerberosIV/lib/krb/parse_name.c | 199 + crypto/kerberosIV/lib/krb/prot.h | 105 + crypto/kerberosIV/lib/krb/rd_err.c | 82 + crypto/kerberosIV/lib/krb/rd_priv.c | 129 + crypto/kerberosIV/lib/krb/rd_req.c | 324 + crypto/kerberosIV/lib/krb/rd_safe.c | 178 + crypto/kerberosIV/lib/krb/read_service_key.c | 116 + crypto/kerberosIV/lib/krb/realm_parse.c | 88 + crypto/kerberosIV/lib/krb/recvauth.c | 190 + crypto/kerberosIV/lib/krb/resolve.c | 288 + crypto/kerberosIV/lib/krb/resolve.h | 110 + crypto/kerberosIV/lib/krb/rw.c | 128 + crypto/kerberosIV/lib/krb/save_credentials.c | 59 + crypto/kerberosIV/lib/krb/send_to_kdc.c | 251 + crypto/kerberosIV/lib/krb/sendauth.c | 163 + crypto/kerberosIV/lib/krb/sizetest.c | 41 + crypto/kerberosIV/lib/krb/stime.c | 35 + crypto/kerberosIV/lib/krb/str2key.c | 103 + crypto/kerberosIV/lib/krb/swab.c | 56 + crypto/kerberosIV/lib/krb/tf_util.c | 645 ++ crypto/kerberosIV/lib/krb/ticket_memory.c | 438 + crypto/kerberosIV/lib/krb/ticket_memory.h | 69 + crypto/kerberosIV/lib/krb/tkt_string.c | 85 + crypto/kerberosIV/lib/krb/unparse_name.c | 105 + crypto/kerberosIV/lib/krb/util.c | 64 + crypto/kerberosIV/lib/krb/verify_user.c | 111 + crypto/kerberosIV/lib/roken/Makefile.in | 94 + crypto/kerberosIV/lib/roken/chown.c | 50 + crypto/kerberosIV/lib/roken/daemon.c | 89 + crypto/kerberosIV/lib/roken/err.c | 53 + crypto/kerberosIV/lib/roken/err.h | 76 + crypto/kerberosIV/lib/roken/errx.c | 53 + crypto/kerberosIV/lib/roken/fchown.c | 50 + crypto/kerberosIV/lib/roken/get_window_size.c | 96 + crypto/kerberosIV/lib/roken/getcwd.c | 59 + crypto/kerberosIV/lib/roken/getdtablesize.c | 102 + crypto/kerberosIV/lib/roken/getopt.c | 128 + crypto/kerberosIV/lib/roken/getusershell.c | 160 + crypto/kerberosIV/lib/roken/hstrerror.c | 87 + crypto/kerberosIV/lib/roken/inaddr2str.c | 88 + crypto/kerberosIV/lib/roken/inet_aton.c | 68 + crypto/kerberosIV/lib/roken/initgroups.c | 50 + crypto/kerberosIV/lib/roken/k_getpwnam.c | 69 + crypto/kerberosIV/lib/roken/k_getpwuid.c | 69 + crypto/kerberosIV/lib/roken/lstat.c | 50 + crypto/kerberosIV/lib/roken/memmove.c | 67 + crypto/kerberosIV/lib/roken/mini_inetd.c | 99 + crypto/kerberosIV/lib/roken/mkstemp.c | 89 + crypto/kerberosIV/lib/roken/putenv.c | 81 + crypto/kerberosIV/lib/roken/rcmd.c | 57 + crypto/kerberosIV/lib/roken/roken.def | 4 + crypto/kerberosIV/lib/roken/roken.h | 338 + crypto/kerberosIV/lib/roken/roken.mak | 278 + crypto/kerberosIV/lib/roken/setegid.c | 60 + crypto/kerberosIV/lib/roken/setenv.c | 71 + crypto/kerberosIV/lib/roken/seteuid.c | 60 + crypto/kerberosIV/lib/roken/signal.c | 86 + crypto/kerberosIV/lib/roken/snprintf.c | 520 ++ crypto/kerberosIV/lib/roken/strcasecmp.c | 118 + crypto/kerberosIV/lib/roken/strdup.c | 55 + crypto/kerberosIV/lib/roken/strerror.c | 62 + crypto/kerberosIV/lib/roken/strftime.c | 299 + crypto/kerberosIV/lib/roken/strlwr.c | 58 + crypto/kerberosIV/lib/roken/strnlen.c | 53 + crypto/kerberosIV/lib/roken/strtok_r.c | 70 + crypto/kerberosIV/lib/roken/strupr.c | 58 + crypto/kerberosIV/lib/roken/tm2time.c | 66 + crypto/kerberosIV/lib/roken/unsetenv.c | 75 + crypto/kerberosIV/lib/roken/verify.c | 67 + crypto/kerberosIV/lib/roken/verr.c | 50 + crypto/kerberosIV/lib/roken/verrx.c | 50 + crypto/kerberosIV/lib/roken/vwarn.c | 50 + crypto/kerberosIV/lib/roken/vwarnx.c | 51 + crypto/kerberosIV/lib/roken/warn.c | 53 + crypto/kerberosIV/lib/roken/warnerr.c | 86 + crypto/kerberosIV/lib/roken/warnx.c | 53 + crypto/kerberosIV/lib/roken/xdbm.h | 75 + crypto/kerberosIV/lib/sl/Makefile.in | 84 + crypto/kerberosIV/lib/sl/sl.c | 190 + crypto/kerberosIV/lib/sl/sl.h | 58 + crypto/kerberosIV/lib/sl/sl_locl.h | 48 + crypto/kerberosIV/man/Makefile.in | 95 + crypto/kerberosIV/man/acl_check.3 | 182 + crypto/kerberosIV/man/ext_srvtab.8 | 62 + crypto/kerberosIV/man/getusershell.3 | 99 + crypto/kerberosIV/man/kadmin.8 | 176 + crypto/kerberosIV/man/kadmind.8 | 125 + crypto/kerberosIV/man/kafs.3 | 122 + crypto/kerberosIV/man/kauth.1 | 65 + crypto/kerberosIV/man/kauthd.8 | 27 + crypto/kerberosIV/man/kdb_destroy.8 | 32 + crypto/kerberosIV/man/kdb_edit.8 | 54 + crypto/kerberosIV/man/kdb_init.8 | 37 + crypto/kerberosIV/man/kdb_util.8 | 68 + crypto/kerberosIV/man/kdestroy.1 | 88 + crypto/kerberosIV/man/kerberos.1 | 258 + crypto/kerberosIV/man/kerberos.3 | 460 + crypto/kerberosIV/man/kerberos.8 | 44 + crypto/kerberosIV/man/kinit.1 | 136 + crypto/kerberosIV/man/klist.1 | 83 + crypto/kerberosIV/man/kprop.8 | 58 + crypto/kerberosIV/man/kpropd.8 | 63 + crypto/kerberosIV/man/krb.conf.5 | 31 + crypto/kerberosIV/man/krb.equiv.5 | 28 + crypto/kerberosIV/man/krb.realms.5 | 38 + crypto/kerberosIV/man/krb_realmofhost.3 | 160 + crypto/kerberosIV/man/krb_sendauth.3 | 347 + crypto/kerberosIV/man/krb_set_tkt_string.3 | 42 + crypto/kerberosIV/man/ksrvtgt.1 | 50 + crypto/kerberosIV/man/ksrvutil.8 | 104 + crypto/kerberosIV/man/kstash.8 | 40 + crypto/kerberosIV/man/kuserok.3 | 66 + crypto/kerberosIV/man/tf_util.3 | 150 + crypto/kerberosIV/mkinstalldirs | 40 + crypto/kerberosIV/server/Makefile.in | 79 + crypto/kerberosIV/server/kerberos.c | 846 ++ crypto/kerberosIV/slave/Makefile.in | 82 + crypto/kerberosIV/slave/kprop.c | 530 ++ crypto/kerberosIV/slave/kprop.h | 19 + crypto/kerberosIV/slave/kpropd.c | 301 + crypto/kerberosIV/slave/slav_locl.h | 101 + 368 files changed, 82832 insertions(+) create mode 100644 crypto/kerberosIV/COPYRIGHT create mode 100644 crypto/kerberosIV/ChangeLog create mode 100644 crypto/kerberosIV/Makefile.in create mode 100644 crypto/kerberosIV/NEWS create mode 100644 crypto/kerberosIV/PROBLEMS create mode 100644 crypto/kerberosIV/README create mode 100644 crypto/kerberosIV/README-WIN32 create mode 100644 crypto/kerberosIV/TODO create mode 100644 crypto/kerberosIV/acconfig.h create mode 100644 crypto/kerberosIV/aclocal.m4 create mode 100644 crypto/kerberosIV/admin/Makefile.in create mode 100644 crypto/kerberosIV/admin/adm_locl.h create mode 100644 crypto/kerberosIV/admin/ext_srvtab.c create mode 100644 crypto/kerberosIV/admin/kdb_destroy.c create mode 100644 crypto/kerberosIV/admin/kdb_edit.c create mode 100644 crypto/kerberosIV/admin/kdb_init.c create mode 100644 crypto/kerberosIV/admin/kdb_util.c create mode 100644 crypto/kerberosIV/admin/kstash.c create mode 100644 crypto/kerberosIV/appl/Makefile.in create mode 100644 crypto/kerberosIV/appl/bsd/Makefile.in create mode 100644 crypto/kerberosIV/appl/bsd/README.login create mode 100644 crypto/kerberosIV/appl/bsd/bsd_locl.h create mode 100644 crypto/kerberosIV/appl/bsd/encrypt.c create mode 100644 crypto/kerberosIV/appl/bsd/forkpty.c create mode 100644 crypto/kerberosIV/appl/bsd/iruserok.c create mode 100644 crypto/kerberosIV/appl/bsd/kcmd.c create mode 100644 crypto/kerberosIV/appl/bsd/klogin.c create mode 100644 crypto/kerberosIV/appl/bsd/krcmd.c create mode 100644 crypto/kerberosIV/appl/bsd/login.c create mode 100644 crypto/kerberosIV/appl/bsd/login_access.c create mode 100644 crypto/kerberosIV/appl/bsd/login_fbtab.c create mode 100644 crypto/kerberosIV/appl/bsd/pathnames.h create mode 100644 crypto/kerberosIV/appl/bsd/rcmd_util.c create mode 100644 crypto/kerberosIV/appl/bsd/rcp.c create mode 100644 crypto/kerberosIV/appl/bsd/rcp_util.c create mode 100644 crypto/kerberosIV/appl/bsd/rlogin.c create mode 100644 crypto/kerberosIV/appl/bsd/rlogind.c create mode 100644 crypto/kerberosIV/appl/bsd/rsh.c create mode 100644 crypto/kerberosIV/appl/bsd/rshd.c create mode 100644 crypto/kerberosIV/appl/bsd/stty_default.c create mode 100644 crypto/kerberosIV/appl/bsd/su.c create mode 100644 crypto/kerberosIV/appl/bsd/sysv_default.c create mode 100644 crypto/kerberosIV/appl/bsd/sysv_default.h create mode 100644 crypto/kerberosIV/appl/bsd/sysv_environ.c create mode 100644 crypto/kerberosIV/appl/bsd/sysv_shadow.c create mode 100644 crypto/kerberosIV/appl/bsd/sysv_shadow.h create mode 100644 crypto/kerberosIV/appl/bsd/tty.c create mode 100644 crypto/kerberosIV/appl/bsd/utmp_login.c create mode 100644 crypto/kerberosIV/appl/bsd/utmpx_login.c create mode 100644 crypto/kerberosIV/appl/ftp/Makefile.in create mode 100644 crypto/kerberosIV/appl/ftp/common/Makefile.in create mode 100644 crypto/kerberosIV/appl/ftp/common/base64.c create mode 100644 crypto/kerberosIV/appl/ftp/common/base64.h create mode 100644 crypto/kerberosIV/appl/ftp/common/buffer.c create mode 100644 crypto/kerberosIV/appl/ftp/common/common.h create mode 100644 crypto/kerberosIV/appl/ftp/common/glob.c create mode 100644 crypto/kerberosIV/appl/ftp/common/glob.h create mode 100644 crypto/kerberosIV/appl/ftp/common/sockbuf.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/Makefile.in create mode 100644 crypto/kerberosIV/appl/ftp/ftp/cmds.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/cmdtab.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/domacro.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/extern.h create mode 100644 crypto/kerberosIV/appl/ftp/ftp/ftp.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h create mode 100644 crypto/kerberosIV/appl/ftp/ftp/ftp_var.h create mode 100644 crypto/kerberosIV/appl/ftp/ftp/globals.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/kauth.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/krb4.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/krb4.h create mode 100644 crypto/kerberosIV/appl/ftp/ftp/main.c create mode 100644 crypto/kerberosIV/appl/ftp/ftp/pathnames.h create mode 100644 crypto/kerberosIV/appl/ftp/ftp/ruserpass.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/Makefile.in create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/auth.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/auth.h create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/extern.h create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/ftpd.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/kauth.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/krb4.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/krb4.h create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/pathnames.h create mode 100644 crypto/kerberosIV/appl/ftp/ftpd/popen.c create mode 100644 crypto/kerberosIV/appl/kauth/Makefile.in create mode 100644 crypto/kerberosIV/appl/kauth/encdata.c create mode 100644 crypto/kerberosIV/appl/kauth/kauth.c create mode 100644 crypto/kerberosIV/appl/kauth/kauth.h create mode 100644 crypto/kerberosIV/appl/kauth/kauthd.c create mode 100644 crypto/kerberosIV/appl/kauth/ksrvtgt.in create mode 100644 crypto/kerberosIV/appl/kauth/marshall.c create mode 100644 crypto/kerberosIV/appl/kauth/rkinit.c create mode 100644 crypto/kerberosIV/appl/kauth/zrefresh create mode 100644 crypto/kerberosIV/appl/kip/Makefile.in create mode 100644 crypto/kerberosIV/appl/kip/common.c create mode 100644 crypto/kerberosIV/appl/kip/kip.c create mode 100644 crypto/kerberosIV/appl/kip/kip.h create mode 100644 crypto/kerberosIV/appl/kip/kipd.c create mode 100644 crypto/kerberosIV/config.guess create mode 100644 crypto/kerberosIV/config.sub create mode 100644 crypto/kerberosIV/configure create mode 100644 crypto/kerberosIV/configure.in create mode 100644 crypto/kerberosIV/doc/Makefile.in create mode 100644 crypto/kerberosIV/doc/ack.texi create mode 100644 crypto/kerberosIV/doc/index.texi create mode 100644 crypto/kerberosIV/doc/install.texi create mode 100644 crypto/kerberosIV/doc/intro.texi create mode 100644 crypto/kerberosIV/doc/kth-krb.texi create mode 100644 crypto/kerberosIV/doc/latin1.tex create mode 100644 crypto/kerberosIV/doc/otp.texi create mode 100644 crypto/kerberosIV/doc/problems.texi create mode 100644 crypto/kerberosIV/doc/setup.texi create mode 100644 crypto/kerberosIV/doc/whatis.texi create mode 100644 crypto/kerberosIV/eBones-p9.README create mode 100644 crypto/kerberosIV/etc/README create mode 100644 crypto/kerberosIV/etc/default.login create mode 100644 crypto/kerberosIV/etc/fbtab create mode 100644 crypto/kerberosIV/etc/hosts.equiv create mode 100644 crypto/kerberosIV/etc/inetd.conf.changes create mode 100644 crypto/kerberosIV/etc/krb.conf create mode 100644 crypto/kerberosIV/etc/krb.equiv create mode 100644 crypto/kerberosIV/etc/krb.realms create mode 100644 crypto/kerberosIV/etc/login.access create mode 100644 crypto/kerberosIV/etc/services.append create mode 100644 crypto/kerberosIV/include/Makefile.in create mode 100644 crypto/kerberosIV/include/config.h.in create mode 100644 crypto/kerberosIV/include/ktypes.c create mode 100644 crypto/kerberosIV/include/protos.h create mode 100644 crypto/kerberosIV/include/sys/Makefile.in create mode 100644 crypto/kerberosIV/include/sys/cdefs.H create mode 100644 crypto/kerberosIV/install-sh create mode 100644 crypto/kerberosIV/kadmin/Design.txt create mode 100644 crypto/kerberosIV/kadmin/Makefile.in create mode 100644 crypto/kerberosIV/kadmin/admin_server.c create mode 100644 crypto/kerberosIV/kadmin/kadm_funcs.c create mode 100644 crypto/kerberosIV/kadmin/kadm_locl.h create mode 100644 crypto/kerberosIV/kadmin/kadm_ser_wrap.c create mode 100644 crypto/kerberosIV/kadmin/kadm_server.c create mode 100644 crypto/kerberosIV/kadmin/kadm_server.h create mode 100644 crypto/kerberosIV/kadmin/kadmin.c create mode 100644 crypto/kerberosIV/kadmin/kpasswd.c create mode 100644 crypto/kerberosIV/kadmin/ksrvutil.c create mode 100644 crypto/kerberosIV/kadmin/ksrvutil.h create mode 100644 crypto/kerberosIV/kadmin/ksrvutil_get.c create mode 100644 crypto/kerberosIV/kadmin/new_pwd.c create mode 100644 crypto/kerberosIV/kadmin/pw_check.c create mode 100644 crypto/kerberosIV/kadmin/pw_check.h create mode 100644 crypto/kerberosIV/kuser/Makefile.in create mode 100644 crypto/kerberosIV/kuser/kdestroy.c create mode 100644 crypto/kerberosIV/kuser/kinit.c create mode 100644 crypto/kerberosIV/kuser/klist.c create mode 100644 crypto/kerberosIV/kuser/kuser_locl.h create mode 100644 crypto/kerberosIV/lib/Makefile.in create mode 100644 crypto/kerberosIV/lib/acl/Makefile.in create mode 100644 crypto/kerberosIV/lib/acl/acl.h create mode 100644 crypto/kerberosIV/lib/acl/acl_files.c create mode 100644 crypto/kerberosIV/lib/acl/acl_files.doc create mode 100644 crypto/kerberosIV/lib/kadm/Makefile.in create mode 100644 crypto/kerberosIV/lib/kadm/kadm.h create mode 100644 crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c create mode 100644 crypto/kerberosIV/lib/kadm/kadm_err.et create mode 100644 crypto/kerberosIV/lib/kadm/kadm_locl.h create mode 100644 crypto/kerberosIV/lib/kadm/kadm_stream.c create mode 100644 crypto/kerberosIV/lib/kadm/kadm_supp.c create mode 100644 crypto/kerberosIV/lib/kafs/Makefile.in create mode 100644 crypto/kerberosIV/lib/kafs/afskrb.c create mode 100644 crypto/kerberosIV/lib/kafs/afsl.exp create mode 100644 crypto/kerberosIV/lib/kafs/afslib.c create mode 100644 crypto/kerberosIV/lib/kafs/afslib.exp create mode 100644 crypto/kerberosIV/lib/kafs/afssys.c create mode 100644 crypto/kerberosIV/lib/kafs/afssysdefs.h create mode 100644 crypto/kerberosIV/lib/kafs/dlfcn.c create mode 100644 crypto/kerberosIV/lib/kafs/dlfcn.h create mode 100644 crypto/kerberosIV/lib/kafs/kafs.h create mode 100644 crypto/kerberosIV/lib/kafs/kafs_locl.h create mode 100644 crypto/kerberosIV/lib/kdb/Makefile.in create mode 100644 crypto/kerberosIV/lib/kdb/base64.c create mode 100644 crypto/kerberosIV/lib/kdb/base64.h create mode 100644 crypto/kerberosIV/lib/kdb/copykey.c create mode 100644 crypto/kerberosIV/lib/kdb/kdb_locl.h create mode 100644 crypto/kerberosIV/lib/kdb/kdc.h create mode 100644 crypto/kerberosIV/lib/kdb/krb_cache.c create mode 100644 crypto/kerberosIV/lib/kdb/krb_db.h create mode 100644 crypto/kerberosIV/lib/kdb/krb_dbm.c create mode 100644 crypto/kerberosIV/lib/kdb/krb_kdb_utils.c create mode 100644 crypto/kerberosIV/lib/kdb/krb_lib.c create mode 100644 crypto/kerberosIV/lib/kdb/print_princ.c create mode 100644 crypto/kerberosIV/lib/krb/Makefile.in create mode 100644 crypto/kerberosIV/lib/krb/check_time.c create mode 100644 crypto/kerberosIV/lib/krb/cr_err_reply.c create mode 100644 crypto/kerberosIV/lib/krb/create_auth_reply.c create mode 100644 crypto/kerberosIV/lib/krb/create_ciph.c create mode 100644 crypto/kerberosIV/lib/krb/create_death_packet.c create mode 100644 crypto/kerberosIV/lib/krb/create_ticket.c create mode 100644 crypto/kerberosIV/lib/krb/debug_decl.c create mode 100644 crypto/kerberosIV/lib/krb/decomp_ticket.c create mode 100644 crypto/kerberosIV/lib/krb/dest_tkt.c create mode 100644 crypto/kerberosIV/lib/krb/dllmain.c create mode 100644 crypto/kerberosIV/lib/krb/encrypt_ktext.c create mode 100644 crypto/kerberosIV/lib/krb/et_list.c create mode 100644 crypto/kerberosIV/lib/krb/get_ad_tkt.c create mode 100644 crypto/kerberosIV/lib/krb/get_cred.c create mode 100644 crypto/kerberosIV/lib/krb/get_default_principal.c create mode 100644 crypto/kerberosIV/lib/krb/get_host.c create mode 100644 crypto/kerberosIV/lib/krb/get_in_tkt.c create mode 100644 crypto/kerberosIV/lib/krb/get_krbrlm.c create mode 100644 crypto/kerberosIV/lib/krb/get_svc_in_tkt.c create mode 100644 crypto/kerberosIV/lib/krb/get_tf_fullname.c create mode 100644 crypto/kerberosIV/lib/krb/get_tf_realm.c create mode 100644 crypto/kerberosIV/lib/krb/getaddrs.c create mode 100644 crypto/kerberosIV/lib/krb/getrealm.c create mode 100644 crypto/kerberosIV/lib/krb/getst.c create mode 100644 crypto/kerberosIV/lib/krb/gettimeofday.c create mode 100644 crypto/kerberosIV/lib/krb/k_concat.c create mode 100644 crypto/kerberosIV/lib/krb/k_flock.c create mode 100644 crypto/kerberosIV/lib/krb/k_gethostname.c create mode 100644 crypto/kerberosIV/lib/krb/k_getport.c create mode 100644 crypto/kerberosIV/lib/krb/k_getsockinst.c create mode 100644 crypto/kerberosIV/lib/krb/k_localtime.c create mode 100644 crypto/kerberosIV/lib/krb/kdc_reply.c create mode 100644 crypto/kerberosIV/lib/krb/klog.h create mode 100644 crypto/kerberosIV/lib/krb/kntoln.c create mode 100644 crypto/kerberosIV/lib/krb/krb.def create mode 100644 crypto/kerberosIV/lib/krb/krb.h create mode 100644 crypto/kerberosIV/lib/krb/krb.mak create mode 100644 crypto/kerberosIV/lib/krb/krb_check_auth.c create mode 100644 crypto/kerberosIV/lib/krb/krb_equiv.c create mode 100644 crypto/kerberosIV/lib/krb/krb_err.et create mode 100644 crypto/kerberosIV/lib/krb/krb_err_txt.c create mode 100644 crypto/kerberosIV/lib/krb/krb_get_in_tkt.c create mode 100644 crypto/kerberosIV/lib/krb/krb_locl.h create mode 100644 crypto/kerberosIV/lib/krb/kuserok.c create mode 100644 crypto/kerberosIV/lib/krb/lifetime.c create mode 100644 crypto/kerberosIV/lib/krb/logging.c create mode 100644 crypto/kerberosIV/lib/krb/lsb_addr_comp.c create mode 100644 crypto/kerberosIV/lib/krb/lsb_addr_comp.h create mode 100644 crypto/kerberosIV/lib/krb/mk_auth.c create mode 100644 crypto/kerberosIV/lib/krb/mk_err.c create mode 100644 crypto/kerberosIV/lib/krb/mk_priv.c create mode 100644 crypto/kerberosIV/lib/krb/mk_req.c create mode 100644 crypto/kerberosIV/lib/krb/mk_safe.c create mode 100644 crypto/kerberosIV/lib/krb/month_sname.c create mode 100644 crypto/kerberosIV/lib/krb/name2name.c create mode 100644 crypto/kerberosIV/lib/krb/netread.c create mode 100644 crypto/kerberosIV/lib/krb/netwrite.c create mode 100644 crypto/kerberosIV/lib/krb/one.c create mode 100644 crypto/kerberosIV/lib/krb/parse_name.c create mode 100644 crypto/kerberosIV/lib/krb/prot.h create mode 100644 crypto/kerberosIV/lib/krb/rd_err.c create mode 100644 crypto/kerberosIV/lib/krb/rd_priv.c create mode 100644 crypto/kerberosIV/lib/krb/rd_req.c create mode 100644 crypto/kerberosIV/lib/krb/rd_safe.c create mode 100644 crypto/kerberosIV/lib/krb/read_service_key.c create mode 100644 crypto/kerberosIV/lib/krb/realm_parse.c create mode 100644 crypto/kerberosIV/lib/krb/recvauth.c create mode 100644 crypto/kerberosIV/lib/krb/resolve.c create mode 100644 crypto/kerberosIV/lib/krb/resolve.h create mode 100644 crypto/kerberosIV/lib/krb/rw.c create mode 100644 crypto/kerberosIV/lib/krb/save_credentials.c create mode 100644 crypto/kerberosIV/lib/krb/send_to_kdc.c create mode 100644 crypto/kerberosIV/lib/krb/sendauth.c create mode 100644 crypto/kerberosIV/lib/krb/sizetest.c create mode 100644 crypto/kerberosIV/lib/krb/stime.c create mode 100644 crypto/kerberosIV/lib/krb/str2key.c create mode 100644 crypto/kerberosIV/lib/krb/swab.c create mode 100644 crypto/kerberosIV/lib/krb/tf_util.c create mode 100644 crypto/kerberosIV/lib/krb/ticket_memory.c create mode 100644 crypto/kerberosIV/lib/krb/ticket_memory.h create mode 100644 crypto/kerberosIV/lib/krb/tkt_string.c create mode 100644 crypto/kerberosIV/lib/krb/unparse_name.c create mode 100644 crypto/kerberosIV/lib/krb/util.c create mode 100644 crypto/kerberosIV/lib/krb/verify_user.c create mode 100644 crypto/kerberosIV/lib/roken/Makefile.in create mode 100644 crypto/kerberosIV/lib/roken/chown.c create mode 100644 crypto/kerberosIV/lib/roken/daemon.c create mode 100644 crypto/kerberosIV/lib/roken/err.c create mode 100644 crypto/kerberosIV/lib/roken/err.h create mode 100644 crypto/kerberosIV/lib/roken/errx.c create mode 100644 crypto/kerberosIV/lib/roken/fchown.c create mode 100644 crypto/kerberosIV/lib/roken/get_window_size.c create mode 100644 crypto/kerberosIV/lib/roken/getcwd.c create mode 100644 crypto/kerberosIV/lib/roken/getdtablesize.c create mode 100644 crypto/kerberosIV/lib/roken/getopt.c create mode 100644 crypto/kerberosIV/lib/roken/getusershell.c create mode 100644 crypto/kerberosIV/lib/roken/hstrerror.c create mode 100644 crypto/kerberosIV/lib/roken/inaddr2str.c create mode 100644 crypto/kerberosIV/lib/roken/inet_aton.c create mode 100644 crypto/kerberosIV/lib/roken/initgroups.c create mode 100644 crypto/kerberosIV/lib/roken/k_getpwnam.c create mode 100644 crypto/kerberosIV/lib/roken/k_getpwuid.c create mode 100644 crypto/kerberosIV/lib/roken/lstat.c create mode 100644 crypto/kerberosIV/lib/roken/memmove.c create mode 100644 crypto/kerberosIV/lib/roken/mini_inetd.c create mode 100644 crypto/kerberosIV/lib/roken/mkstemp.c create mode 100644 crypto/kerberosIV/lib/roken/putenv.c create mode 100644 crypto/kerberosIV/lib/roken/rcmd.c create mode 100644 crypto/kerberosIV/lib/roken/roken.def create mode 100644 crypto/kerberosIV/lib/roken/roken.h create mode 100644 crypto/kerberosIV/lib/roken/roken.mak create mode 100644 crypto/kerberosIV/lib/roken/setegid.c create mode 100644 crypto/kerberosIV/lib/roken/setenv.c create mode 100644 crypto/kerberosIV/lib/roken/seteuid.c create mode 100644 crypto/kerberosIV/lib/roken/signal.c create mode 100644 crypto/kerberosIV/lib/roken/snprintf.c create mode 100644 crypto/kerberosIV/lib/roken/strcasecmp.c create mode 100644 crypto/kerberosIV/lib/roken/strdup.c create mode 100644 crypto/kerberosIV/lib/roken/strerror.c create mode 100644 crypto/kerberosIV/lib/roken/strftime.c create mode 100644 crypto/kerberosIV/lib/roken/strlwr.c create mode 100644 crypto/kerberosIV/lib/roken/strnlen.c create mode 100644 crypto/kerberosIV/lib/roken/strtok_r.c create mode 100644 crypto/kerberosIV/lib/roken/strupr.c create mode 100644 crypto/kerberosIV/lib/roken/tm2time.c create mode 100644 crypto/kerberosIV/lib/roken/unsetenv.c create mode 100644 crypto/kerberosIV/lib/roken/verify.c create mode 100644 crypto/kerberosIV/lib/roken/verr.c create mode 100644 crypto/kerberosIV/lib/roken/verrx.c create mode 100644 crypto/kerberosIV/lib/roken/vwarn.c create mode 100644 crypto/kerberosIV/lib/roken/vwarnx.c create mode 100644 crypto/kerberosIV/lib/roken/warn.c create mode 100644 crypto/kerberosIV/lib/roken/warnerr.c create mode 100644 crypto/kerberosIV/lib/roken/warnx.c create mode 100644 crypto/kerberosIV/lib/roken/xdbm.h create mode 100644 crypto/kerberosIV/lib/sl/Makefile.in create mode 100644 crypto/kerberosIV/lib/sl/sl.c create mode 100644 crypto/kerberosIV/lib/sl/sl.h create mode 100644 crypto/kerberosIV/lib/sl/sl_locl.h create mode 100644 crypto/kerberosIV/man/Makefile.in create mode 100644 crypto/kerberosIV/man/acl_check.3 create mode 100644 crypto/kerberosIV/man/ext_srvtab.8 create mode 100644 crypto/kerberosIV/man/getusershell.3 create mode 100644 crypto/kerberosIV/man/kadmin.8 create mode 100644 crypto/kerberosIV/man/kadmind.8 create mode 100644 crypto/kerberosIV/man/kafs.3 create mode 100644 crypto/kerberosIV/man/kauth.1 create mode 100644 crypto/kerberosIV/man/kauthd.8 create mode 100644 crypto/kerberosIV/man/kdb_destroy.8 create mode 100644 crypto/kerberosIV/man/kdb_edit.8 create mode 100644 crypto/kerberosIV/man/kdb_init.8 create mode 100644 crypto/kerberosIV/man/kdb_util.8 create mode 100644 crypto/kerberosIV/man/kdestroy.1 create mode 100644 crypto/kerberosIV/man/kerberos.1 create mode 100644 crypto/kerberosIV/man/kerberos.3 create mode 100644 crypto/kerberosIV/man/kerberos.8 create mode 100644 crypto/kerberosIV/man/kinit.1 create mode 100644 crypto/kerberosIV/man/klist.1 create mode 100644 crypto/kerberosIV/man/kprop.8 create mode 100644 crypto/kerberosIV/man/kpropd.8 create mode 100644 crypto/kerberosIV/man/krb.conf.5 create mode 100644 crypto/kerberosIV/man/krb.equiv.5 create mode 100644 crypto/kerberosIV/man/krb.realms.5 create mode 100644 crypto/kerberosIV/man/krb_realmofhost.3 create mode 100644 crypto/kerberosIV/man/krb_sendauth.3 create mode 100644 crypto/kerberosIV/man/krb_set_tkt_string.3 create mode 100644 crypto/kerberosIV/man/ksrvtgt.1 create mode 100644 crypto/kerberosIV/man/ksrvutil.8 create mode 100644 crypto/kerberosIV/man/kstash.8 create mode 100644 crypto/kerberosIV/man/kuserok.3 create mode 100644 crypto/kerberosIV/man/tf_util.3 create mode 100644 crypto/kerberosIV/mkinstalldirs create mode 100644 crypto/kerberosIV/server/Makefile.in create mode 100644 crypto/kerberosIV/server/kerberos.c create mode 100644 crypto/kerberosIV/slave/Makefile.in create mode 100644 crypto/kerberosIV/slave/kprop.c create mode 100644 crypto/kerberosIV/slave/kprop.h create mode 100644 crypto/kerberosIV/slave/kpropd.c create mode 100644 crypto/kerberosIV/slave/slav_locl.h (limited to 'crypto') diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT new file mode 100644 index 0000000..1ec6394 --- /dev/null +++ b/crypto/kerberosIV/COPYRIGHT @@ -0,0 +1,166 @@ +Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the Kungliga Tekniska + Högskolan and its contributors. + +4. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (C) 1995 Eric Young (eay@mincom.oz.au) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@mincom.oz.au) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (c) 1983, 1990 The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America is assumed +to require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + + +Copyright 1987, 1989 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + + + +Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. + +This software is not subject to any license of the American Telephone +and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on +any computer system, and to alter it and redistribute it freely, subject +to the following restrictions: + +1. The authors are not responsible for the consequences of use of this + software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. Since few users ever read sources, + credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. Since few users + ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. + diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog new file mode 100644 index 0000000..1467488 --- /dev/null +++ b/crypto/kerberosIV/ChangeLog @@ -0,0 +1,3761 @@ +Tue Jun 3 1997 + + * Release 0.9.6 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w + term_emulator' for specifiying which terminal emulator to use. + Based on a patch from . + +Mon Jun 2 1997 + + * appl/xnlock/Makefile.in, appl/kx/Makefile.in, + lib/auth/Makefile.in: fix the Makefile to do the for loops the + automake way. + +Sun Jun 1 1997 + + * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install + correctly even if there are no programs to install + + * configure.in: Check for `h_nerr'. + + * lib/auth/pam/pam.c: Include to make it + compile on Solaris 2.6 + + lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c, + appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c, + appl/bsd/login_access.c: Initialize the `lasts' to NULL before + calling strtok_r the first time. With our strtok_r it's not + necessary, but the man-page on SGIs says it should be done. + +Fri May 30 1997 + + * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for + multi-realm ticket files by using the best matching TGT to define + the realm of the ticket holder. + + + * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're + using utmpx + + * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if + we're using utmpx + +Wed May 28 1997 + + * lib/roken/daemon.c: New file. + + * include/protos.H: needed on solaris 2.4 + +Mon May 26 1997 + + * appl/bsd/su.c (kerberos): If kerberos password is zero length + immediately try next scheme. + + + * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even + if we don't know the proper ViceId. + + + * Release 0.9.5 + + * man/Makefile.in: Install preformatted manual pages with correct + suffix on *BSD. + +Sun May 25 1997 + + * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND + XOVER to XOVER. + + + * appl/telnet/telnetd/sys_term.c: Only include and + once + + * fix-export: Also create cat manpages. + + * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP' + + * appl/telnet/telnetd/sys_term.c: Ditto. + Remove stupid macros. + + * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is + (apparently) a standard with many representations. + + * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto. + + * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a + command to it. + + * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and + basename argument. + + * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the + one in ~ftp fails. + + * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one + + * appl/bsd/forkpty.c: Use `_getpty' if there's one + + * configure.in: check for `_getpty' + + * acconfig.h: correct test for IRIX + + * lib/roken/snprintf.c: code for checking the correct functioning + of *nprintf is now #ifdef PARANOIA + + * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize + + * appl/bsd/rlogin.c: New option `-p'. + + * lib/des/fcrypt.c: removed `inline' from `des_set_key' + +Thu May 22 1997 + + * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD. + + * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument + to MD5Final instead. + + * lib/des/fcrypt.c: Also support MD5 style crypt(2). + +Tue May 20 1997 + + * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be + compatible with login + + * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx + + + * (*/)*/Makefile.in:s (install): Avoid redundant multiple + recursion in install targets. + + * Made things compile with socks5-v1.0r1. + + + * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use + ut_id at all + + * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such + as HP-UX 10) + + * appl/bsd/rlogind.c: Added support for utmpx + +Sun May 18 1997 + + * lib/roken: removed herror, strchr, and strrchr + + * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT + + * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live + in lib/roken and get linked here when needed. + + * lib/roken: removed strchr, strrchr. + + * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for + compatibility reasons. + + * appl/telnet/telnetd/telnetd.c: Removed and . + They doesn't seem to be used and breaks on fujitsu. + + * appl/kx/kx.c: try to give a better error message (than a core + dump :-) when talking to an old kxd. + + * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected + fencepost error with KRB_SENDAUTH_VLEN. + + * appl/ftp/common/buffer.c: new file. + + * configure.in: cray hides their bitypes in . + Also check for this file. + + * appl/telnet/telnet/telnet_locl.h: moved termios.h before + curses.h. This was needed to compile on cray, but will probably + break on some other host. + +Thu May 15 1997 + + * server/kerberos.c: Implement changes to the tcp protocol, while + being compatible with the old protocol. + + * lib/krb/send_to_kdc.c: The old method to signal end of + transmission by closing the sending side of the socket does not + work well through some firewalls. This is now changed so that the + client instead sends the length of the request as a four byte + integer (in network byte order) before sending the data. + +Wed May 14 1997 + + * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix + for OSF1. + + * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H + + * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf. + +Tue May 13 1997 + + * kuser/klist.c: updated usage string + + * lib/otp/otp_print.c: make word table and reverse word table + constant + +Sun May 11 1997 + + * */*: Added some __attribute__ ((format (printf))) and fixes + where needed. + + * appl/ftp/common/sockbuf.c: start probing at 4Mb + + * appl/ftp/ftpd/ftpd.c: use MAP_FAILED + + * appl/ftp/ftp/ftp.c: Use MAP_FAILED. + (alloc_buffer): new function for allocating a buffer of size + max(BUFSIZ, st.st_blksize) (Based on a patch from + ) + + * appl/ftpd/ftpdcmd.y: hack for reget. + + * appl/kx/kxd.c: Give a error message to old-version kx. + + * replaced vsprintf with vsnprintf. + + * lib/roken/vsyslog.c: not used. removed. + + * Changed -> + + * include/Makefile.in: Added ktypes.h + + * include/sys/Makefile.in: removed bitypes.h + +Wed May 7 1997 + + * appl/ftp/ftp/ftp.c: Open files in binary mode. + + * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file + mean `allow'. Added shell matching to names (if fnmatch is + available). + + + * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE' + + * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to + (long) before printing out an `off_t' + + * lib/kdb/print_princ.c (krb_print_principal), + lib/kdb/krb_lib.c (kerb_put_principal), + admin/kdb_edit.c (change_principal), + admin/kdb_util.c (print_time) : gmtime should never return + tm_year > 1900 + + * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix + + * appl/telnet/telnetd/telnetd.c: removed code that used `getent' + + * lib/roken/getent.c: removed + +Mon May 5 1997 + + * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point + + * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm + +Sun May 4 1997 + + * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic', + otherwise it's not possible to make libotp on hpux. + + * configure.in: try sending picflags even when linking a shared + library with $CC + + * lib/roken/getent.c: remove getstr + + * configure.in: removed unneeded REAL_-variables working shared + libraries on *bsd* + + * appl/kip/kip.h: Added + + * */Makefile.in: Use @LDSHARED@ + + * configure.in: Fix shared libraries on HP/UX. + check for curses.h + check for `getstr' and `cgetstr' in curses + + * appl/telnet/telnet: clean-up + + * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid + referencing `syscall' on AIX. + + * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/ + + * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output + + * lib/roken/snprintf.c: fix for the case of max_sz == 0 + + * doc/kth-krb.texi: Add @dircategory and @direntry to enable + `install-info' to install this entry in `dir'. + + * appl/telnet/telnetd/Makefile.in: Don't link with getstr + + + * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and + chk_user. + +Sat May 3 1997 + + * lib/auth/sia/sia.c: Some cleanup. + +Fri May 2 1997 + + * configure.in: only link the programs that need it with the + db/dbm library + + + * lib/auth/sia/sia.c: Merge code for for normal and su + authentication. + + + * Replaced sprintf with snprintf and asprintf all over the place. + + * lib/roken/snprintf.c: Added asnprintf and vasnprintf + + * lib/roken/snprintf.c: implemented asprintf, vasprintf + + * lib/roken/snprintf.c: new file + +Thu May 1 1997 + + * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat' + +Wed Apr 30 1997 + + * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some + potential buffer overruns. + + * lib/krb/k_concat.c: Safely concatenate two strings. + +Sat Apr 26 1997 + + * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0 + + * appl/bsd/rlogind.c (send_oob): different default for `last_oob' + to avoid losing first OOB packet + +Fri Apr 25 1997 + + * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on + encryption + +Wed Apr 23 1997 + + * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with + result from `gethostbyaddr' + + * lib/krb/name2name.c (krb_name_to_name): new parameter + `phost_size' to disable buffer overflowing. Changed all callers. + + * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable + buffer overflowing. Changed all callers. + + * appl/kpopper/Makefile.in: soriasis make stupidity + + * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON, + otherwise DEC make gets upset. + +Tue Apr 22 1997 + + * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost. + + + * acconfig.h: hp-ux 10 also has `pututxline' that writes both to + utmp and utmpx. + +Sun Apr 20 1997 + + * include/win32/config.h: adapted to win95/NT + + * appl/voodoo: Merged in win32-telnet from + + * lib/krb/tkt_string.c: dummy `getuid' function. + + * lib/krb/ticket_memory.c (tf_setup): implement + + * lib/roken/roken.mak, roken.def: new files + + * lib/des/des.def: Removed des_random_{seed,key} + + * lib/krb/dllmain.c: Rewrote `msg'. + Better explanation when it fails to spawn `krbmanager'. + + * lib/krb/tf_util.c: backwards `in_tkt' added. + + * lib/krb/in_tkt.c: removed + + * lib/kclient/KClient: Reformatted and fixed. + +Sat Apr 19 1997 + + * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from + NetBSD. + + * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better. + +Fri Apr 18 1997 + + * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line + parsing bug. + + * appl/kpopper/pop_dropinfo.c: Add support for xover. + + * appl/kpopper/pop_xover.c: Add some kind of xover support. + + * appl/kpopper/pop_debug.c: New tiny popper debugging program. + +Tue Apr 15 1997 + + * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks. + + * appl/bsd/rshd.c: k_afsklog so that remote command gets a token. + fix usage string. + +Sat Apr 12 1997 + + * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer + without using the kshell service. + + + * lib/krb/mk_safe.c: Emit new checksum. + + * lib/krb/rd_safe.c: New code to handle both new and old + checksums. + + * lib/des/qud_cksm.c: Fix compatibility with mit deslib. + +Fri Apr 11 1997 + + * lib/sl/sl.c (sl_match): initialize `partial_cmd' + +Sun Apr 6 1997 + + * lib/kafs/kafs.h: Ugly addition of `_P' + + * lib/kafs/afssys.c: contains the definition of + `_IOW' on cygwin32. + + * appl/telnet/telnet/utilities.c: needed by + cygwin32 + + * doc/Makefile.in: always run $(MAKEINFO). + + * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap + correctly. + + * include/sys/bitypes.H: Added #ifndef for types + + * configure.in: test for types + + * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal + + + * appl/ftp/ftp/ftp.c: Fix passive mode. + +Sat Apr 5 1997 + + * appl/kauth/ksrvtgt.in: New ksrvtgt script. + +Fri Apr 4 1997 + + * lib/krb/kdc_reply.c: Add some range checking. + + + * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'. + Passes verification examples from appendix C. + + * admin/kdb_util.c: All usage strings are now consistent (and even + with the code)! + +Thu Apr 3 1997 + + * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and + kerberos convenience routines into afssys.c and afskrb.c. This to + make it possible to use k_pioctl() without linking in all + libraries in the world. + +Tue Apr 1 1997 + + * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend, + since Unicos has one of its own. + +Sun Mar 30 1997 + + * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0]. + + + * man/tenletxr.1: new file + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in: + Support `-k' + + * appl/kx/tenletxr.in: new script for running kx in backwards + mode. + + * appl/kx: New version of protocol. + + * appl/kauth: Use err & c:o + + * appl/kauth/encdata.c (read_encrypted): Give better return code + for EOF + + + * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines + to many strings. + + * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove + bell. + + * lib/roken/warnerr.c: New function set_progname. + * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to + AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks + for a variable, including a declaration. + + * lib/roken/roken.h: Add optional declaration for __progname. + + * lib/roken/*{err,warn}.c: Restructure err and warn functions. + +Sat Mar 29 1997 + + * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef + SO_OOBINLINE, don't even select for exceptional conditions. + + * lib/otp/otp_md.c: always downcase the seed. + byte-swap the SHA result. + +Thu Mar 27 1997 + + * appl/otp/otp.c: removed bad free of global data + +Sun Mar 23 1997 + + * configure.in: moved version.h and config.h to include + + + * acconfig.h: Fix utmp/utmpx stuff on OSF/1. + + + * appl/bsd/rlogind.c (control): Rewritten to handle the case of + there being no `ws_xpixel' and `ws_ypixel' + + * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of + there being no `ws_xpixel' and `ws_ypixel' + + * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel' + and `ws_ypixel' + + * lib/otp/otp.h: Change default global timeout + + * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst' + + * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do + gettimeofday and then copy the data for the sake of those systems + like SGI that can have different timevals in file and memory. + + * configure.in: Allow `--with-readline' + + * lib/editline/edit_compat.c (readline): strdup data before + returning it. + + + * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k. + +Thu Mar 20 1997 + + * lib/krb/decomp_ticket.c: Add some range checking. + + * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write. + + * appl/ftp/ftp/ftp.c: Fix hash mark printing. + +Wed Mar 19 1997 + + * appl/kauth/kauthd.c: more logging + + * man/kx.1, man/kxd.8: Updated. + + * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx + -> kxd + + + * lib/editline/edit_compat.c: BSD libedit comatibility. + +Wed Mar 12 1997 + + * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap. + Log foreign IP address together with hostname. + +Mon Mar 10 1997 + + * server/kerberos.c: Fix log file muddle. + +Sun Mar 9 1997 + + * appl/bsd/kcmd.c (kcmd): check malloc for failure. + +Tue Feb 25 1997 + + * man/ftpd.8: Documented the `-g' option. + + * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the + umask for anonymous users. + + * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG + + * appl/otp/otp.c: More fixes from Fabien COELHO + . Check for current OTP before allowing the + update. + +Wed Feb 19 1997 + + * appl/otp/otp.c: updated help string + + * appl/bsd/Makefile.in: Fixed installation of suid programs. + + * appl/telnet/libtelnet/kerberos.c: fix some stuff to get + forwarding code to compile + + * lib/otp/otp_db.c: fix for signed char overflow. + + + * lib/krb/resolve.c: Patch from Jörgen Wahlsten + : Zero out resource record, and send + correct length to dn_expand. + +Mon Feb 17 1997 + + * lib/roken/roken.h: Check for `_setsid' + + * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/ + + * include/Makefile.in: Generete krb_err.h and kadm_err.h before + linking/copying them + + * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of + the list. + + * configure.in: Use AC_PROG_RANLIB + Always use EMXOMF under OS/2 + Check for sys/termio.h and _setsid + + + * configure.in: A preliminary fix for editline. + + * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding + stuff. + + * lib/krb/krb_get_in_tkt.c: Use tf_setup. + + * lib/krb/krb_get_in_tkt.c: New function tf_setup. + +Sat Feb 15 1997 + + * man/otp.1: updated + + * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO + + + * lib/otp/otp.h: Changed default from md4 to md5 + * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions. + +Thu Feb 13 1997 + + * appl/kx/rxtelnet.in: allow specification of port number + + * appl/otp/otp.c: Add `-u' option + +Sun Feb 9 1997 + + * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid + collision with symbol in sys/ioctl.h + +Fri Feb 7 1997 + + * man/kpropd.8: updated + + * appl/bsd/rcmd_util.c: warning needs to know what program is + used. + + * slave/kpropd.c: New explicit flag `-i' for interactive. Don't + use AI to figure out if we have been started by inetd or not. + +Thu Feb 6 1997 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to + kx. From + + * kuser/klist.c: corrected alignment of `expired' + + * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n + +Mon Feb 3 1997 + + * configure.in (socket, gethostbyname, getsockopt, setsockopt): + Better tests. + (HAVE_H_ERRNO): New test + + * lib/roken/herror.c (herror): Check HAVE_H_ERRNO + lots of other files as well. + +Sat Feb 1 1997 + + * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32 + + * lib/krb/logging.c: Init function for `std_log´ + + * appl/telnet/telnet/utilities.c: Remove `upcase´ + Check HAVE_SETSOCKOPT + + * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´ + + * appl/telnet/telnet/commands.c, appl/movemail/pop.c, + appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c, + appl/sample/sample_client.c: Ifdef around for the non-existence of + `h_errno' in cygwin32. + + * lib/des/read_pwd.c: work-around for cygwin32 + + * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32 + +Fri Jan 31 1997 + + * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY. + +Sun Jan 26 1997 + + * configure.in: removed duplicate of initgroups and lstat + Use AC_KRB_STRUCT_WINSIZE + + * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test + + * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR + + * appl/bsd/rlogin.c: conditional on SIGWINCH + + * appl/bsd/rcmd_util.c et al: conditional getsockopt + + * configure.in (cygwin32): New target + (getsockopt, getsockopt): Test for + (herror, hstrerror): Better tests + + * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to + AC_FIND_FUNC + +Thu Jan 23 1997 + + * configure.in: Add EXECSUFFIX + + * appl/kx/rxterm.in: rsh -n + + * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function + + + * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs + support. + + * lib/krb/get_host.c: Use KRB_SERVICE. + +Wed Jan 22 1997 + + * lib/auth/sia/Makefile.in: Add linker magic fix for broken, + conflicting kerberos code in xdm. + +Tue Jan 21 1997 + + * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to + be manageable as X-resource XNlock*logoutPasswd. The password is + stored in UNIX crypt format so that it can be stored in a global + resource file for sites that whish to keep it a secret. + + + * configure.in: Check for winsize in sys/ioctl.h also. + +Sat Jan 18 1997 + + * lib/krb/get_default_principal.c: Use principal from + KRB4PRINCIPAL before using uid. + +Wed Jan 15 1997 + + * appl/telnet/telnet/sys_bsd.c: Use `get_window_size' + + * lib/roken/get_window_size.c: New file + + * appl/bsd/rlogin.c: Use `get_window_size' + + * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on + TIOCSWINSZ + + * configure.in: Check for `_scrsize' and `struct winsize' + +Tue Jan 14 1997 + + * Makefile.in (install-strip, travelkit-strip): New targets. + +Thu Jan 9 1997 + + * */Makefile.in: Use @foo_prefix@ and @program_transform_name@ + Add code to uninstall target + +Thu Dec 19 1996 + + * configure.in: Set LIBPREFIX + + * config.sub: Add os2 as a system + + * config.guess: Try to recognize i386-pc-os2_emx + + * configure.in: case for *-*-os2_emx + NEED_PROTO for `strtok_r' + + * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2 + (AC_KRB_PROG_LN_S): New test that uses cp if ln fails + +Wed Dec 18 1996 + + * appl/bsd/login.c (main): First try to verify password using + standard UNIX method and if it fails try kerberos authentication. + +Sat Dec 14 1996 + + * appl/bsd/rcp.c: consider case of no fchmod + + * appl/kpopper/pop_init.c: Use k_getsockinst. + + * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown, + fchown,rcmd}.c: new files + + * appl/kpopper/pop_lower.c: Removed. + + * Makefile.in (travelkit): New target. + +Tue Dec 10 1996 + + * lib/krb/parse_name.c (kname_parse): Only copy realm if it is + specified. + + * lib/krb/get_host.c (krb_get_host): Treat no realm as local + realm. + +Mon Dec 9 1996 + + * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with + password. + + + * slave/kprop.c: flock with K_LOCK_SH + +Wed Dec 4 1996 + + * appl/telnet/telnet/commands.c: Also export XAUTHORITY + +Sun Dec 1 1996 + + * kadmin/ksrvutil.c: If realm is not specified, use the local one. + +Sat Nov 30 1996 + + * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct + error messages back to kauth. + + * config.sub, config.guess: Merged in changes from autoconf 2.12 + + * appl/bsd/rsh.c: quick hack to make `-n' to the right thing. + + * kadmin/kadm_locl.h: Add prototype for FascistCheck. + +Thu Nov 28 1996 + + * man/afslog.1: Documented `-createuser' + + * appl/afsutil/aklog.c: removed `cell_of_file' Added option + `-createuser' to run pts to create a foreign principal. + +Tue Nov 26 1996 + + * lib/otp/otp_challenge.c: Initialize error string and check for + NULL from strdup. + + * lib/roken/mini_inetd.c: Initialize `sin_family' + + * appl/kpopper/pop_init.c: Add `-p' option and make `-a' + auth-style + + * appl/bsd/rshd.c: Add `-p' option. + + * appl/bsd/rlogind.c: Handle `-p' correctly. + + * appl/bsd/login.c: Removed confusing initialization of + `login_timeout' + + * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning + of UIDL-string. + +Sun Nov 24 1996 + + * Release 0.9.3 + +Sat Nov 23 1996 + + * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better + defaults. + + * lib/krb/krb.h: Added *_to_key + + * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public + + * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u' + (do_init): more logical defaults + (help): removed old code + better error messages + + * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export + and remove functionality for reading passwords. + + * lib/sl/sl.c: Nicer help output. + + * lib/otp/otp_challenge.c: Initialize `challengep' + + * lib/krb/Makefile.in: Removed get_pw_tkt.c + +Fri Nov 22 1996 + + * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0. + +Wed Nov 20 1996 + + * lib/auth/pam/pam.c: Chown ticketfile to correct GID. + +Tue Nov 19 1996 + + * appl/kx/rxtelnet.in: Try to set the screen number as well. + + * Be careful not to thrust `h_length' from gethostby{name,addr} + + * appl/bsd/rcmd_util.c (ip_options_and_die): New function. + + * configure.in: moved headers before functions. + call AC_PATH_XTRA_XTRA. + Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS. + remove strchr and strrchr, add strtok_r from/to AC_BROKEN. + + * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro. + + * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new + arguments: includes and arguments) + + * configure.in: Need to supply arguments and includes to test for + `res_search' and `dn_expand' + + * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3 + + * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}. + + * Replace lots of `strtok' with `strtok_r'. + + * lib/sl/sl.c: Allow unlimited number of arguments. Use + `strtok_r' to divide up string into arguments. + + * lib/roken/roken.h: Added `strtok_r' + + * configure.in: Test for `strtok_r' + + * include/Makefile.in: Don't build in ss + + * Makefile.export: Fixed ChangeLog-generation + + * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty + lines. Don't store empty lines in the history. + +Mon Nov 18 1996 + + * lib/sl/sl.c: Use readline compatible i/o. + + + * lib/otp/otp_locl.h: Changed location of otp database to /etc + + * appl/otp/Makefile.in: Install otp setuid root. + + * util/Makefile.in: don't build SS + + * lib/sl: New directory. + + * kadmin/kadmin.c: Replaced SS by SL. + +Sun Nov 17 1996 + + * kadmin/kadm_funcs.c: Improved log messages. + + + * Use KRB_TICKET_GRANTING_TICKET. + + + * server/kerberos.c: Don't do any special logging when running as + slave. + + + * Lots of files: remove unnecessary `(void)' + + * Lots of files: remove unnecessary `register' declaration. + + + * lib/krb/get_host.c: Only keep list of hosts from requested + realm. + + + * man/otpprint.1, otp.1: New files. + + * appl/otp/otp.c: `-s' is now default. + + * appl/otp/otp.c: removed count + + * lib/des/destest.c: more general quad_cksum test. + + * lib/otp/otp_print.c (otp_print_stddict_extended, + otp_print_hex_extended): New functions. + + * lib/otp/otptest.c: New file. + + + * appl/ftp/ftpd/ftpd.c: Change default auth level to what was + formerly known as `user'. + + * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a + + + * appl/kip/kip.c: Try all addresses we get back from the name + server. + + * kadmin/kpasswd.c: updated to new functions. + + * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in + case this file cannot be opened. + + * doc/kth-krb.texi: New chapter about OTPs. + + * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT. + Consistent language Check return value from des_read_pw_string. + + * lib/otp/otp.h: Add OTP_ALG_DEFAULT + + + * lib/krb/parse_name.c: New function krb_parse_name + +Sat Nov 16 1996 + + * appl/bsd/login.c: removed S/Key. + Added OTP with option `-a otp' + Reorganized verification loop. + + * appl/bsd/Makefile.in (login): Remove skey and add OTP + + * configure.in: Test for `uid_t' and `off_t' + + * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and + added `-a otp' for OTP. + + * appl/kpopper: removed s/key and added OTP support. Updated + man-page. + + * lib/otp/otp.h: more fields in the struct and a new function. + + * appl/ftp/ftpd/ftpd.c: Full OTP support. + + * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and + -x args_to_xterm + + * appl/kx/rxtelnet.in: Add options: -l username, -t + args_to_telnet, and -x args_to_xterm + + * man/kx.cat1: regenerated + + * man/kx.1: Added `-l' option. + + * appl/kx/kxd.c: Accept username from `kx' + + * appl/kx/kx.c: Introduced option `-l user' to be able to login as + some other user. + +Fri Nov 15 1996 + + * appl/kx/kx.c: Print out display and not display_nr + + * lib/auth/Makefile.in: Fix the case with empty SUBDIRS. + + * */Makefile.in: Use $(LN_S) instead of ln -s + + * */Makefile.in: Add @SET_MAKE@ + + * doc/latin1.tex: New file. + + * doc/kth-krb.texi: Use latin1.tex to be able to use one letter + that some bear seem to think is important. + + * doc/kth-krb.texi: Added acknowledgements. + + * lib/auth/Makefile.in: Only build relevant subdirectories. + + * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of + lib/auth that should be built. + + + * lib/kafs/afssys.c: Only get tokens for each cell once. + +Thu Nov 14 1996 + + * man: Added man pages for movemail(1) and kerberos(8). + + + * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd' + for change_password. + + + * lib/krb/logging.c: Now actually compiles! + + + * config.{guess,sub}: Merge changes from Autoconf + + + * lib/krb/{recv,send}auth.c: Don't return errno if there is a + system error. + +Wed Nov 13 1996 + + * util/ss/Makefile.in: Now even compiles with BSD make! + + * appl/kx: Now send the complete display from `kxd' to `kx'. This + should enable it to work better with Xlibraries that don't support + unix sockets. + + * kuser/klist.c: conditionally include and + before + + * lib/krb/resolve.h: Add fallback for `T_TXT'. + + * appl/otp/otp.c: removed print-functionality. + + * appl/otp/otpprint.c: New file. + + * appl/otp/Makefile.in: New program `otpprint' + + * lots of Makefile.in: Now should be possible to build with makes + that have broken VPATH-handling. + + * configure.in: Always replace REAL_SHARED & c:o so that some + libraries may be built as shared. + Removed unused AC_SUBST. + Only build afskauthlib on irix. + + * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in, + lib/auth/pam/Makefile.in: Always build as a shared library. + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from + ). + + + * lib/krb/{pkt_cipher,fgetst}.c: Removed + + * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name + +Mon Nov 11 1996 + + * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from + environment. + +Fri Nov 8 1996 + + * appl/bsd/rlogind.c (main): `portnum' should be int. + + * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT + + * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new + + * lib/krb/get_host.c (srv_find_realm): New parameter `service' + + + * lib/krb/unparse_name.c: New function. + +Tue Nov 5 1996 + + * lib/auth/pam/pam.c: Add PAM Kerberos module. + +Mon Nov 4 1996 + + * configure.in: configure in lib/auth/afskauthlib + + * lib/kafs/afssys.c: New function `k_afsklog_uid'. + + * lib/auth/afskauthlib: New library that works like + `afskauthlib.so' from Transarc. + + + *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use + dns_lookup(). + + * lib/krb/resolve.c (dns_lookup): Replaced several different + resolver functions with one more generalized. + +Sun Nov 3 1996 + + * Add check target in lib/krb. + + * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so + that there is a chance of reading the error message. + + * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change + to real uid before execing rlogin. + +Sat Nov 2 1996 + + * appl/bsd/utmp_login.c: Do the right thing on systems where + UTMPX_DOES_UTMP_LOGGING is defined. + + + * lib/krb/krb.h: names for `krb_kuserok' prototype + + * lib/krb/get_host.c: Add tcp/kerberos.REALM as well. + + * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'. + + * lib/otp/otp_parse.c: Add support for parsing extended responses + (draft-ietf-otp-ext-01). + + * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX. + + * appl/otp/otp.c: Add option `-e' for printing responses in + extended mode (according to draft-ietf-otp-ext-01.txt). + + + * lib/krb/kuserok.c: Function krb_kuserok now takes name, + instance, realm rather than an AUTH_DAT. + +Fri Nov 1 1996 + + * lib/auth/sia: Add SIA Kerberos module. + + + * lib/roken/roken.h: Need to include signal.h prior to defining + SIG_ERR. + + * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for + simplified maintainability. + + * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx + files on this system we should also log to the utmp files. If + there are no utmp files we of course don't have to log to them. + + + * Makefile.export: now generate PROBLEMS and COPYRIGHT as well. + + * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed + + * doc/kth-krb.texi: Put copyrights in marketing order. + + * appl/kpopper/popper.h: client and ipaddr should be char [] so + that we can store the names there. + + * appl/kpopper/pop_init.c: save copies of addresses that otherwise + get overwritten. + +Mon Oct 28 1996 + + * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom' + to make winsock happy. Also don't care anymore about from which + address we got the answer since we do a `connect'. + + * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h, + lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do + not use #if, use #ifdef. + + * configure.in: Test for `rand' and `getuid' + + + * slave/kprop.c: Don't terminate on trivial errors in slaves-file. + +Sun Oct 27 1996 + + * doc/Makefile.in: Install from source directory if necessary. + + * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb. + + * configure.in: You can't even use `unset', Ultrix sh does not + have it. + + + * several files: Check status from des_read_pw_string. + + + * server/kerberos.c: Make sure all data is recieved on a tcp + socket before trying to reply. + + + * lib/krb/krb.h: Add for `struct tm' + + * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@ + + * configure.in: Fix test for `XauReadAuth' + +Fri Oct 25 1996 + + * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on + machines running backwards. + + * More consistent use of CRLF in telnet and telnetd. + + * Removed redundant -I$(srcsdir)/../../include from compiler args. + + + * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no + ordinary passwords in cleartext. + + * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp + + * lib/Makefile.in: Add otp + + * include/Makefile.in: Add otp.h + + * configure.in: Test for ndbm.h + Generate Makefiles in lib/otp and appl/otp + + * appl/otp: New program to set up and generate OTPs. + + * lib/otp: New library for one-time passwords (RFC1938). + + * lib/krb/get_host.c (srv_find_realm): Added parameter `proto' + + * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check. + + * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h, + lib/des/mdtest.c: New files. + + * appl/kauth/Makefile.in: Make $(libexedir) as well. + +Thu Oct 24 1996 + + * appl/bsd/rlogind.c (setup_term): Actually set the speed of the + terminal. + + * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the + speed in the TERM variable. + + * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and + `int2speed_t'. + + * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and + `int2speed_t'. + +Sun Oct 20 1996 + + * appl/bsd/login.c: Do `getspnam' before change the UID. Also call + `endspent' + + * appl/krbmanager: New program used on PCs by kclient. + + * lib/kclient: New library. + + * lib/des, lib/krb: Added some PC-specific files. + + * doc/kth-krb.info: Regenerated. + + * doc/Makefile.in (kth-krb.info): Some stupid makes don't + understand $< + (kth-krb.html): New rule. + + * doc/kth-krb.texi (Compiling from source): Added some references + about Socks. + +Sat Oct 19 1996 + + * doc/kth-krb.texi: Added text about ``--with-socks''. + + * configure.in: Use `AC_TEST_PACKAGE' for skey and socks. + + * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the + more general `AC_TEST_PACKAGE'. + +Fri Oct 18 1996 + + * configure.in: call AC_TEST_SOCKS + + * acconfig.h: SOCKS + + * aclocal.m4: Added AC_TEST_SOCKS + + * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and + close. + +Thu Oct 17 1996 + + * man/popper.8: Option `-i' + + * appl/kpopper/pop_send.c: clean-up + + * appl/kpopper/popper.h: Removed old garbage and added SKEY. + + * appl/kpopper/pop_xmit.c: clean up + + * appl/kpopper/pop_user.c: SKEY-support + + * appl/kpopper/pop_pass.c: Added support for spaces in passwords + and S/Key. + + * appl/kpopper/pop_init.c: Moved some variables into struct pop + (main): Added support for `-i' + + * appl/kpopper/pop_get_command.c: New command "HELP". + + * appl/kpopper/Makefile.in: Add SKEY-stuff. + + * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a + default instead of KRB_PORT + + * lib/krb/getaddrs.c (k_get_all_addrs): Add + gethostbyname(k_gethostname()) as a fallback. + + * lib/krb/k_getport.c (k_getportbyname): proto can be NULL + + * lib/krb/krb.h: Only include if HAVE_SYS_TYPES_H + + * lib/krb/prot.h: KRB_SERVICE: Added + + + * server/kerberos.c: Replaced linked list with a vector. + +Wed Oct 16 1996 + + * server/kerberos.c: Add support for TCP connections. + + * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read + rather than recvfrom. + +Mon Oct 14 1996 + + * doc/kth-krb.texi: Only use `kdb_edit' to add the initial + `nisse.admin'. Add all other users with `kadmin'. + + * doc/kth-krb.info: new file. + + * doc/kth-krb.texi: Added some text about kx and ftp. + + * appl/ftp/ftpd/ftpcmd.y, + util/ss/ct.y, + util/et/error_table.y : + Added code for handling the case of using `bison' and having no + `alloca'. Alloca is usually never called anyway, so we just use + `malloc'. + + * appl/kx/kxd.c: All static variables are now global and in + common.c. + (doit_conn, doit): Turn on TCP_NODELAY. + (create_and_write_cookie, suspicious_address): Moved to common.c + + * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn + on TCP_NODELAY. + (doit): prepare for TCP-only hosts. + (usage,main): add `-t' + (main): Passive mode is possible again. + + * appl/kx/kx.h: More #ifdefs for include files. Declarations for + global variables. + + * appl/kx/common.c (get_xsockets): Try to chmod + dirname(`X_UNIX_PATH') + (get_xsockets): Turn on TCP_NODELAY on TCP connections. + + * doc/Makefile.in: New file + + * Makefile.in: Added `doc' to `SUBDIRS' + + * configure.in: Generate `doc/Makefile' + +Sun Oct 13 1996 + + * appl/bsd/rcp.c (main): Made rcp AFS aware. + + * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is + always an entry of .klogin. + +Sat Oct 12 1996 + + * appl/kx/rxtelnet.in: Start the `xterm' process correctly. + + * lib/des/rnd_keys.c (sumFile): consider the case that `res' is + not longword-aligned. + + * lib/krb/get_host.c (parse_address): `getservbyname' should + really get proto = NULL + + * lib/krb/send_to_kdc.c (krb_udp_port): removed + (send_to_kdc): removed `addrlist' + + * lib/krb/send_to_kdc.c: Support not only UDP. + + * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host + if that's what we want. + +Thu Oct 10 1996 + + * lib/krb/get_host.c: Simplified some code. Added stub-support for + SRV-records. + +Wed Oct 9 1996 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give + correct instructions to their users and therefore we have to add + strange directories to the PATH. + + * appl/kx/rxtelnet.in: Support sending arguments to telnet. + + * appl/kx/rxterm.in: rsh can reside in path or %bindir% support + extra arguments to xterm (from ). + + * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator + for X. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and + %bindir%. + + * appl/kx/common.c (get_xsockets): `mkdir' the correct directory. + From + + + * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750 + connections. + + * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst. + +Sun Oct 6 1996 + + * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'. + + * configure.in: Fix order for x libs. From . + Check for `fcntl', `alloca', `winsock.h', and `io.h'. + + * lib/krb/krb_locl.h: Check for and + + * lib/krb/krb.h: Check for winsock.h + + * lib/krb/k_flock.c: Better test for `fcntl' with locking. + + * lib/krb/et_list.c: Hopefully correct pragma this time. From + + +Thu Oct 3 1996 + + * lib/krb/klog.c (klog): Do not forget to print the text. + + * lib/krb/log.c (krb_log): Print space after time in log. + +Wed Oct 2 1996 + + * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for + UIDL command. + + * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL + command. Saves Message-Id to be used as unique id. Everything is + #ifdef:ed UIDL. + + * appl/kpopper/pop_get_command.c: Recognize UIDL command. + + * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command + implementation. + + * appl/kpopper/Makefile.in: New file pop_uidl.c. + + + * configure.in: Made some of the tests into macros defined in + aclocal.m4 + + * appl/telnet/libtelnet/kerberos.c: Given better error message + when user is not authorized to login. + + * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'. + If we are using a BSD-kind of system we should not leave the + shadow password database open. + + * appl/xnlock/xnlock.c: Got rid of all `register' declarations. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --' + +Mon Sep 30 1996 + + * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent' + to try to close the shadow password file. + + * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command + and the first character of the extension. + + * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't + use that here. We are only printing debug messages anyway, so + just print errno for now. + + * appl/kx/rxtelnet.in: Now using SIGUSR2. + + * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of + children goes down to zero'. SIGUSR2 is `exit when number of + children is equal to zero'. + + * appl/xnlock/xnlock.c: More fixup of old code. + + * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest + users. + + * configure.in: Added tests for more header files. Also added + more ifdefs when actually including those files. + + * appl/kx/Makefile.in: Do not build programs if we have no X11. + +Sun Sep 29 1996 + + * appl/xnlock/xnlock.c (main): Support for shadow passwords. + + * lib/roken/k_getpwuid.c: New file, better support for shadow + passwords. + + + * appl/telnet/Makefile.in: Use SET_MAKE + + + * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for + anonymous users. + + * lib/krb/get_krbhst.c: Look for kerberos-#.realm. + + * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible. + + * appl/ftp/ftpd/ftpd.c: Add find site command. + + * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files + with extensions {,.tar}{,.gz,Z}. + +Sat Sep 28 1996 + + * configure.in: Check for sys/times.h, sys/param.h, and + sys/timeb.h + + * lib/des: autoconfed a little to make it compile. + + * lib/roken/roken.h: Add `max', `min', and definitions for broken + syslogs. + + * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max. + + * appl/kx/kx.h: Remove prototype of childhandler. + + * appl/kx/common.c: Remove childhandler. Not common any more. + + * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm. + + * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment. + + * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of + children goes to zero. + + * lib/roken/roken.h: Add STDERR_FILENO + + * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr. + + * lib/kafs/Makefile.in (afslib.so): Change argument so they work + with `ld' instead of `cc' + + * appl/kx/kxd.c: writeauth.c as separate file. + + * appl/kx/kx.c: `-d' option to disable forking. + + * appl/kx/Makefile.in: Compile and link writeauth.c if necessary. + For some stupid reason $< does not work correctly in BSD make. + Use $(srcdir) instead. + + * appl/ftp/ftp/ftp_locl.h: Only include once. + + * configure.in: Use strange X flags when looking for XauReadAuth. + Add XauWriteAuth if we need to include it. + +Fri Sep 27 1996 + + * appl/sample: Sample programs work again. + + + * appl/kx/kxd.c (main): use `mini_inetd' + + * appl/kx/kx.c: Use KX_PORT + + * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT + + * appl/kauth/kauthd.c (main): use `mini_inetd' + + * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd' + instead. + + * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and + `get_login_port' + + * appl/bsd/rcmd_util.c: New file. + + * appl/bsd/Makefile.in: Added rcmd_util.c + + * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c + + * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c + + * appl/bsd/rlogind.c (main): Use `mini_inetd' + + * appl/bsd/rshd.c (main): Add support for interactive mode with + `-i'. + + * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd' + + * lib/roken/roken.h: Added prototype for `mini_inetd', and + fallback definitions for SOMAXCONN, STDIN_FILENO, and + STDOUT_FILENO. + + * lib/roken/Makefile.in: Added mini_inetd.o + + * lib/roken/mini_inetd.c: New file. + +Thu Sep 26 1996 + + * appl/kx/kxd.c (doit): read port number in ascii. + + * appl/kx/kx.c (doit): write port number in ascii. + + * appl/kauth/rkinit.c (doit_host): Check return value from + `read_encrypted'. + + * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before + syslog. + + * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code + from `tf_create' and not always INTK_ERR. + + * lib/krb/tf_util.c (tf_create): Correct check for return value + from `open'. + + * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well. + +Wed Sep 25 1996 + + * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this + time. + + * configure.in: Add test for + + * kadmin/Makefile.in: Add back $(CRACKLIB) + +Mon Sep 16 1996 + + * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time. + + * kstring2key moved to appl/afsutil. + +Sun Sep 15 1996 + + * appl/kx/kx.c (main): For now always use passive mode. That's + the only thing that has been tested and not a lot of people are + going to use non-passive anyways. + + * appl/kx/kx.c (connect_host): write display_number in ascii. + + * appl/kx/kxd.c (doit): read display_number in ascii. + + * appl/kx/common.c (get_local_xsocket): Generate the + /tmp/.X11-unix directory with the sticky bit set. + + * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet. + + * appl/kx/Makefile.in: Install rxterm and rxtelnet. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files. + + * appl/kx/common.c (get_local_xsocket): try to bind the socket + instead of checking for existence with lstat. + + + * appl/kx/kxd.c: Detect remote termination and cleanup on exit. + +Sat Sep 14 1996 + + * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like + crays). + + + * appl/kx/kxd.c (doit): Send over the display number and the + authority file actually used to kx. + + (create_and_write_cookie): New function to generate and write into a + file a local cookie used between this pseudo-server and the + clients on this host. + + (start_session): New function to check and remove the local cookie + before the data is sent over to `kx'. + + * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx' + prints out the values of those two variables and then goes to the + background to enable some script to set these on the other host. + + (start_session): New function that adds a local cookie before sending + the rest of the connection to the local X-server. + + (main): Also recognize "unix" as a local DISPLAY. + + * appl/kx/kx.h: used. + (get_local_xsocket): Changed parameter. + + * appl/kx/common.c (get_local_xsocket): Now try to allocate the + first free socket in /tmp/.X11-unix. Also `mkdir' this directory + first. Return the number of the display opened. + + * appl/kx/Makefile.in: Added X libraries. + + * lib/des/des.h: Added prototype for `des_rand_data'. + + * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This + function is useful and now even used. + +Wed Sep 11 1996 + + * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the + cell of the home catalog rather than the local cell. + + * lib/kafs/afssys.c: Add k_afs_cell_of_file. + +Tue Sep 10 1996 + + * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: + Removed all convex code. + +Mon Sep 9 1996 + + * appl/telnet/telnetd/termstat.c: UNICOS5: removed + + * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: + NEWINIT, UNICOS7x, UNICOS5: removed + + STREAMSPTY: added variable `really_stream' Now able to handle the + case where the OS supports stream ptys but we run out of them and + start using ordinary BSD ones. + + * appl/telnet/telnetd/state.c: UNICOS5: removed + + * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed + + * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c: + BFTPDAEMON: removed. + UNICOS5: removed. + + * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable + `really_stream'. + + * lib/krb/stime.c (krb_stime): argument should be `time_t'. + lib/krb/krb_locl.h: changed prototype. + +Sun Sep 8 1996 + + * configure.in: Also generate `appl/sample/Makefile' + + * appl/Makefile.in: Use @SET_MAKE@. + Include sample + + * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and + krb_check_auth. + + * util/et/compile_et.c (main): Include in foo.c + + * slave/kprop.c: exit with return code == 1 to indicate failure. + + * server/kerberos.c (usage): Fixed usage string. + + * lib/krb/tkt_string.c (tkt_string): Removed bogus extern + declaration of `getuid'. + + * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern + declaration of `lseek'. + + * lib/krb/stime.c (stime): Renamed to `krb_stime' + + * lib/krb/sendauth.c (krb_sendauth): reimplemented using + `krb_mk_auth' and `krb_check_auth'. + + * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast. + + * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS + + * lib/krb/prot.h: create_auth_reply: correct prototype. + krb_create_death_packet: ditto. + KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c + + * lib/krb/month_sname.c: Made `month_sname' const. + + * lib/krb/mk_req.c: Remove stupid `register' + + * lib/krb/log.c (krb_log): Use `krb_stime' + + * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return + ESTALE. Treat it the same way as ENOENT. + + * lib/krb/krb_locl.h: Added prototype for `krb_stime' + + * lib/krb/krb_check_auth.c: New file with `krb_check_auth', + implemented for compatibility with CNS. + lib/krb/krb_mk_auth.c: Ditto. + + * lib/krb/krb.h: Removed duplicate declarations of `get_request' + and `krb_get_admhst'. + Added declarations for `krb_mk_auth' and `krb_check_auth'. + + * lib/krb/kparse.h: removed prototype for `strsave' + + * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of + `strsave'. + (strsave): Removed. + + * lib/krb/kname_parse.c: Removed stupid `register' declarations. + + * lib/krb/klog.c (klog): Use `krb_stime' + + * lib/krb/get_phost.c: Handle the case where the name has no dots + in it by just returning it as-is. + + * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c, + lib/knet/sendkdata.c: removed unused files. + + * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname' + + * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if + something goes wrong. Include realm in the message when writing a + key. + (parseinput): New function that removes quotes and backslashes + from input. + (ksrvutil_get): Use `parseinput' to read input. + + * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf. + Removed bogus casts and fflush of stdin. + (main): Use `return' instead of `exit'. + + * kadmin/kpasswd.c (main): Use `return' instead of `exit'. + + * kadmin/admin_server.c: exit with return code == 1 to indicate + failure. + + * appl/sample/sample_server.c: Rewrote to use all new functions. + + * appl/sample/sample_client.c: Rewrote to use all new functions. + + * appl/sample/sample.h: new file. + + * appl/sample/Makefile.in: new file. + + * appl/movemail/pop.c (socket_connection): use `k_getportbyname' + + * appl/kpopper/pop_init.c: exit with return code == 1 to indicate + failure. + + * appl/kauth/kauth.c (doexec): new-style definition. ret should + be a `pid_t'. + (main): new-style definition. Use `prog' instead of `argv[0]' + + * appl/ftp/ftp/extern.h: Removed unused `abortsend' + + * appl/ftp/Makefile.in: Use @SET_MAKE@ + + * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname' + + * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname' + + * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t' + + * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots + of `exit(-1)' by `return 1' + + * admin/kdb_util.c: Removed unused variable `aprinc'. + Removed bogus flushing of stderr. + Replaced lots of `exit(-1)' by `return 1'. + + * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of + calling `exit' and use 1, not -1, for failure. + + * Makefile.in: Use @SET_MAKE@ + + * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to + define a prototype for a function. + + * configure.in: Reordered. Removed unused stuff. Start using + AC_NEED_PROTO. + + * config.guess: merged in FSF version from 960908. + +Tue Sep 3 1996 + + * include/protos.H: Added optarg, opterr, optind, optopt and + (fclose under Sunos 4). Removed these declarations from lots of + other files. + + * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind, + opterr, and optopt. + + * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist, + optarg, optind, opterr, and optopt. + + * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we + need to have an external declaration of a variable. + +Mon Sep 2 1996 + + * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'. + Changed all callers. + + * lib/krb/krb.h: Removed definition of `MAX_HSTNM'. + + * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'. + + * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one + args bug. + +Sat Aug 31 1996 + + * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c, + appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed + code. + + * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles + with NOENCRYPTION. + + * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION. + + * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use. + + * appl/ftp/ftpd/ftpd.c: Fixed old comment. + + * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len. + + * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to + cast it before adding to it. + + * configure.in: Old test for `sa_len' in `struct sockaddr' fails + on IRIX 6.2. Try to compile a program refering to that field + instead of grepping for it in . + + * appl/bsd/kcmd.c: Removed old and broken code. + + * configure.in: Check for `gethostname', `uname', and + + + * lib/krb/k_gethostname.c: Try to use `uname' if we have no + `gethostname'. + + * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced + by correct use of `k_gethostname'. + + + * lib/roken/verify.c: Change name verify_unix_user -> + unix_verify_user in analogy with krb_verify_user. + +Fri Aug 30 1996 + + * appl/xnlock/Makefile.in: Install man-page. + + * configure.in, */Makefile.in: Replace `-shared' with some other + option when not using gcc. + + * lib/kafs/afssys.c: Do not start by checking if we have AFS in + `k_afsklog'. + + * appl/bsd/rlogin.c: More kludges to make it work with rlogin on + linux: Do not select for an exceptional condition on `rem' after + having received EINVAL. + + Also rewrote ifndef NOENCRYPTION stuff. + + * appl/bsd/rlogind.c: More kludges to make it work with rlogin on + linux: Only send oob data just after having sent normal data to + make sure we never send two consecutive bytes of oob data. + + Also rewrote ifndef NOENCRYPTION stuff. + +Thu Aug 29 1996 + + * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking + afslib.so. Not everybody has cc. + +Wed Aug 28 1996 + + * Release 0.9.2a + +Mon Aug 26 1996 + + * appl/bsd/login.c: Clean-up. Made static a lot of functions and + variables. Rewrote some function definitions to ANSI-style. + + * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a + trailing slash. We need to be very careful to make sure the + contents of $MAIL does not contain two, because RMAIL in emacs + uses it and emacs is no friend with double slashing. + + + * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return + correct value. + +Sun Aug 25 1996 + + * Release 0.9.2. + +Sat Aug 24 1996 + + * lib/roken/hstrerror.c: Check for h_errlist prototype. + +Thu Aug 22 1996 + + * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c: + Changed `kerberos' to `kerberos-iv' now that it has been + registered with IANA. + + * man/rshd.8, man/rlogind.8: updated documentation of `-a' + + * lib/roken/roken.h: Added declaration of `h_errno' + + * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB + + * appl/kauth/kauth.h: Stupid declarations for syslog. + + * appl/kauth/kauthd.c: syslog errors and success. + + * include/protos.H: Removed `h_errno', now in roken.h Declare + `getusershell' under solaris. + + * configure.in, acconfig.h: Figure out if we have to declare + `h_errno'. + + * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key. + +Wed Aug 21 1996 + + * lib/kafs/afssys.c: Look for AFS database servers in dns also. + + * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file. + +Sun Aug 18 1996 + + * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use + `inaddr2str'. + + * appl/bsd/rshd.c: Use `inaddr2str'. + + * appl/bsd/iruserok.c: Removed potential buffer overrun after + `gethostbyaddr'. + + * lib/roken/inet_aton.c: Some const-ness. + + * lib/roken/Makefile.in: Add `inaddr2str.o'. + + * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'. + + * lib/roken/inaddr2str.c, lib/roken/roken.h: New function + `inaddr2str' to convert an IP address into a verified hostname or + a string of the form x.y.z.a + + * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c, + getrealm.c}: Some const-ness. + + * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'. + + * appl/kpopper/popper.h: Some const-ness to get rid of a warning. + + * appl/bsd/rshd.c: Always check reverse mapping. Removed + `local_domain' and `top_domain'. Added some const-ness. + +Sat Aug 17 1996 + + * include/Makefile.in: Removed VPATH. With it this makefile does + not work correctly. + + * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to + `krb_{get,put}'-functions to void *. + + * include/protos.H: Add `getusershell' in solaris. + + * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less + warnings because of arguments to `setsockopt'. + + * lib/roken/roken.h: Fixed prototype of `inet_aton' + +Wed Aug 14 1996 + + * lib/roken/verify.c: Use if there is one. + + * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called + `afslib.so'. Otherwise some makes get upset when there is no such + library to be made. + + * appl/telnet/telnetd/telnetd.h: are needed to get + prototype for `ptsname'. + + * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c, + appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c}, + appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c, + telnetd.h, kadmin/admin_server.c, kuser/klist.c, + lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c, + log.c, tf_util.c}: Include type `int' on all definitions and + remove unnecessary `register'. + + * appl/bsd/login_access.c: Fix parameter declaration to + `netgroup_match'. + + * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g + + * admin/kdb_util.c: Use `errno' for error message instead of + uninitialized variable. + +Tue Aug 13 1996 + + * appl/kauth/rkinit.c: Default port should be the same in kauth + and kauthd. + +Sun Aug 11 1996 + + * configure.in: Added `AC_REVISION' + + * slave/kpropd.c: Cleaned up structure. Now returns useful value. + + * lib/roken/verify.c: Broken OSes need declartion of `crypt'. + + * lib/roken/roken.h: Added prototype for `verify_unix_user'. + + * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'. + + * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c, + get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer + overwrite correctly. + + * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int', + `put_int', `get_address', `put_address', `put_string', + `get_string', `get_nir', and `put_nir'. Changed all callers. + + * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal' + and `kerb_db_delete_principal'. + + * lib/kadm/kadm_cli_wrap.c: Removed unused variable. + + * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to + `strcpy'. + + * appl/bsd/su.c: Fixed error messages from execv. + + * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading + "TERM". + +Thu Aug 8 1996 + + * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced + `herror' by `hstrerror'. + + * appl/bsd/login.c: chmod the tty so that it is writable for group + tty. + + * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and + hstrerror. + + * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN' + + * config.guess: Add 686 + +Tue Aug 6 1996 + + * lib/krb/getrealm.c: Fallback for `T_TXT' + + * configure.in: Look for `res_search' and `dn_expand' in + libresolv. + +Mon Aug 5 1996 + + * */Makefile.in: Add Id to those missing it. + + * configure.in: Small fix in comment. + + + * Release 0.9.1. + + + * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/ + + * appl/kstring2key/kstring2key.c: `usage' changed to void. + + * lib/krb/mk_req.c: `build_request' changed to void. + + * appl/ftp/ftp/ftp_locl.h: Changed order of includes. + + * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/ + + * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it. + +Sun Aug 4 1996 + + * lib/kafs/afssys.c: AIX systems will now correctly (I hope) + detect whether AFS is loaded or not. This is currently a bit + kludgy, and involves loading an external shared library, + afslib.so, which can be put in athena/lib or pointed to with + environment variable AFSLIBPATH. This is only tested on AIX 4 + (due to lack of an AIX 3 system). + + + * lib/krb/getrealm.c: Range-check the result from the DNS. + + * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm + this host belongs to. + + * kadmin/ksrvutil_get.c: Fixed error message. + + + * lib/kafs/*: Fix aix/afs brokenness. + + * lib/kadm/kadm_stream.c (stv_string): Range check. + +Fri Jul 26 1996 + + * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name + handling. + +Mon Jul 22 1996 + + * lib/krb/mk_req.c: Use encrypt_ktext() + + * configure.in, lib/kafs/afssys.c: Add option to exclude AFS + support (this is useful only on AIX systems that doesn't have + AFS). + + * configure.in: Removed configuration from subdirectories. + +Sat Jul 13 1996 + + * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct + fd_set' with `fd_set'. + +Mon Jul 8 1996 + + * Makefile.in: install should depend on all. + +Sun Jul 7 1996 + + * appl/bsd/su.c: Allow root to set the uid without entering a + password. + +Fri Jul 5 1996 + + * lib/krb/getrealm.c: Add automatic dns realm search. + +Thu Jul 4 1996 + + * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for + compatibility with CNS. There is still a #define k_log krb_log. + + * util/et/et_list.c: Hack to resolve _et_list in shared libraries. + +Fri Jun 28 1996 + + * appl/bsd/rlogin.c (reader): If after a select rlogin fails to + read expected OOB data try to read ordinary data before continuing. + + * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge. + + * appl/bsd/rlogind.c: Cleanup oobdata stuff. + +Thu Jun 27 1996 + + * appl/bsd/login.c (main): Also check for complete tty name with + `rootterm'. + + * lib/krb/check_time.c: New function `krb_check_tm'. + + * lib/roken/tm2time.c: New function `tm2time', mktime generalized + to local timezone and UTC. + + * kadmin, admin: Use `tm2time' and `krb_check_time' instead of + `maketime'. + +Tue Jun 25 1996 + + * lib/krb/mk_priv.c (krb_mk_priv): Send correct address. + + * appl/kauth/kauthd.c: Set ticket file to some sane default, and + add -i debugging switch. + +Mon Jun 24 1996 + + * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not + `/usr/athena/bin'. + +Wed Jun 19 1996 + + * appl/bsd/rlogin.c: consistent usage of oob_real. + + * appl/bsd/rlogind.c: Do not send oob garbage when running + solaris? Seems that linux is unable to handle the duplicate + urgent data that is the result. + + * appl/bsd/rlogind.c: Fix usage. + + * appl/bsd/kcmd.c: Don't F_SETOWN. + +Mon Jun 17 1996 + + * lib/krb/rw.c: Add get_address() and put_address(). + + + * appl/telnet/telnetd/telnetd.c: updated usage + + * appl/bsd/su.c: Replaced getpass by des_read_pw_string + + * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'. + + * appl/bsd/rlogind.c: Removed unused functions and made others + static. + +Sun Jun 16 1996 + + * Release 0.9. + + + * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing + NLST. + + + * configure.in: test for setresgid. + + * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys. + +Sat Jun 15 1996 + + * lib/des/rnd_keys.c (des_rand_data): At least `srandom'. + + * appl/ftp/ftp/cmds.c: Support longer passwords when retrying + login. + + * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key + file from file is now the default. Use `-m' to enter it manually. + `-n' is currently a no-op. + + * appl/ftp/ftpd/ftpd.c: Add S/Key support. + + * appl/ftp/ftpd/Makefile.in: Link with S/Key. + + * appl/ftp/configure.in: Test for S/key. + + * configure.in, aclocal.m4: Moved skey test + to aclocal.m4. + + * appl/bsd/login.c: Correct argument to `skeyaccess'. + +Fri Jun 14 1996 + + * lib/krb/verify_user.c: New parameter to specify service key + instance, NULL means "rcmd". + + * lots of files: All ticket filenames uses `TKT_ROOT'. + + * appl/bsd/rlogind.c: Check for uid == 0 and user != "root". + +Tue Jun 11 1996 + + * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed + code. + + * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people + that are ndbm challenged. + +Mon Jun 10 1996 + + * lib/krb/kname_parse.c: Got rid of duplicate defintions. + + * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no + '.netrc' file. + + + * lib/kadm, lib/kdb, kadmin: Add database delete operation. + + * lib/krb/kname_parse.c: Allow dots in instances. + + + * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does + not exist. Log more garbage. + +Sun Jun 9 1996 + + * appl/telnet/configure.in: Check for `logwtmp'. + + * appl/ftp/configure.in: Use `AC_FUNC_MMAP' + + + * appl/bsd/forkpty.c: Removed all ugly pty search stuff from + ptym_open(). + + * configure.in: Modified the creation of version.h, now actually + shows up with ident.It is now also slightly more keen on creating + a new version.h. + +Sat Jun 8 1996 + + * lib/roken/verify.c: for NULL. + + * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise + screen saver changes are not updated before closing the X + connection. + + + * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field + is usually very short. + +Fri Jun 7 1996 + + * slave/kpropd.c: Add option -m to merge rather then load + database. + +Thu Jun 6 1996 + + * admin/kdb_util.c: Add a merge operation. (One day it might be + used to propagate only patches to the database) + +Wed Jun 5 1996 + + * appl/kpopper: Support both POP3 and KPOP3. + + * appl/xnlock/xnlock.c: Use `verify_unix_user' + + * lib/roken/verify.c: verify_unix_user: New function from xnlock + for checking passwd in `/etc/passwd'. + + * appl/telnet/telnetd/sys_term.c: gettimeofday buglet + + + * slave/kpropd.c: Rewrite of kpropd. + + * admin/kdb_util.c: Sanity check on input to load_db. + + * slave/kpropd.c: Use default value for fname. + + * slave/kprop.c: Use some sane default values for data_file and + slaves_file. + + * admin/kdb_util.c: If there isn't any database when loading, + create an empty one. + +Mon Jun 3 1996 + + * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx + entries are created. It should now work on both Solaris and IRIX, + without stale login information. + +Sat Jun 1 1996 + + * lib/krb/k_gethostname.c (k_gethostname): Fallback. + + * lib/krb/send_to_kdc.c (send_to_kdc), + kadmin/kadm_ser_wrap.c (kadm_ser_init), + slave/kprop.c (prop_to_slaves), + slave/kpropd.c (main): Use `k_getportbyname'. + +Fri May 31 1996 + + * Lots of files: more #includes ifdefad and cleaned up. + +Thu May 30 1996 + + * Lots of files: Replaced bcopy/bzero/bcmp with + memcpy/memset/memcmp. + + + * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD + variant that actually gives some information. + + * lib/krb/create_ticket.c: Write correct address byteorder. + + * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is + four bytes. + + * kadmin/kpasswd.c: Allow principal without -n. + + * kadmin/kadmin.c: Use krb_get_default_principal. + + * appl/ftp/ftpd/ftpd.c: Fix bare newline bug. + + * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from + command line (for debugging). + + * INSTALL: Rewritten. + +Wed May 29 1996 + + * appl/ftp/ftp/krb4.c: Handle different sizes of returned + checksum. + + + * appl/bsd/Makefile.in: Don't install login setuid. + +Fri May 24 1996 + + * appl/bsd/rsh.c: Don't run away yelling if someone calls you + `remsh'. + +Sun May 19 1996 + + * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity + check on decrypted ticket. + +Wed May 15 1996 + + * server/kerberos.c: Should work with the new libkrb + + * appl/kip: Support more than one tunnel device. + + + * lib/krb/*.c: All functions that create or decode kerberos + packets have been rewritten. Hopefully, everything still + works. This is to eliminate problems with wierd systems, like + Crays, that doesn't have any two or four byte integers. Some of + these changes could be a lot more pretty, and *many* assumptions + that sizeof(int32) == 4 still exist in the rest of the code, + though. + + As a side effect, all packets sent are now in network byte order. + +Mon May 13 1996 + + * configure.in: Shared libraries for Irix + + + * Several fixes for UNICOS. + + * appl/ftp/ftp/krb4.c: Allow default data protection level through + a "prot level" in .netrc. This really should be done in a more + useful manner. + +Sun May 12 1996 + + * appl/xnlock/xnlock.c: Cleaned up user verification code. Now + uses new function krb_verify_user. Also fixed a few problems with + the password prompt box. + + * lib/krb/verify_user.c: New function krb_verify_user to verify a + user with kerberos. + + + * appl/kip: New program for forwarding IP packets over kerberised + connections using tunnel devices. + + * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use + krb_get_default_principal + + * appl/bsd/rlogind.c: Do not change portnumber to host order if + using kerberos. This will cause the magic + `reverse-time-if-port-is-less-than' to fail. + + * lib/des/GNUmakefile: Removed file. This file causes problem + when building in the source directory and when using GNU make + which prefers this file to the generated Makefile. + + * appl/bsd/login.c: More careful when handling returned value from + `getspnam'. + +Sat May 11 1996 + + * lib/krb/realm_parse.c: New function to expand a non-complete + realm to its official name, e.g nada -> NADA.KTH.SE. + + * lib/krb/get_default_principal.c: New function to guess the + default principal to use. Looks at any existing ticket file first, + then at uid/logname etc. + + + * kadmin/kadmin.c: Use kname_parse and allow different instances + and realms. + + * lib/roken/k_getpwnam.c: New function k_getpwnam that should work + with and without shadow passwords. + + * Lots of files: s/getpwnam/k_&/g. + +Tue May 7 1996 + + * lib/des/des_locl.h: DES library updated to version 3.23, + des_locl.h now includes configure.h to get HAVE_TERMIOS etc. + + * lib/des/des.h: On the alpha define DES_LONG to unsigned int. + + + * kuser/kinit.c: Handle passwords longer than 16 characters. + + * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than + 16 characters. + +Sun May 5 1996 + + * Release 0.8. + + + * appl/ftp/ftpd/kauth.c: Klist command. + + + * appl/ftp/ftpd: Removed `-g' from calls to ls. + + * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second + connection to a specified port works. + + * appl/telnet/telnet: Default is binary. + + * appl: Now build under Ultrix. + + * appl/kx: Now even builds on AIX. + +Sat May 4 1996 + + * lib/des: Now merged in libdes 3.21 on main branch. + + + * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works + on systems that has more fields in struct utmp such as OSF/1. + Still some questions about Solaris. + + * lib/krb/lsb_addr_comp.c: Now byteorder independent. + + + * appl/kx: Rewrote kx & kxd to share more code. They are also now + able to talk both ways. + + * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when + using berkeley DB. + +Thu Apr 25 1996 + + * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for + SunOS5 compat. + + * When building shared libraries link libkrb with libdes to be + compatible with SunOS5. + + * Move lib/krb/krb_err.et to lib/kadm since it is only used there, + no longer need to link libkrb against libcom_err. + +Wed Apr 24 1996 + + * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp. + + * Some porting to UNICOS. + +Tue Apr 23 1996 + + * Moved some junk from appl/bsd to libroken. + + * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for + library libroken.a. + + + * Add kerberized ftp. + + * Add libroken. + +Mon Apr 22 1996 + + * appl/kauth/kauth.c: When commands are given to kauth, a new + ticket file is used. + +Sat Apr 20 1996 + + * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also + works with more than one screen, only fancy stuff on screen 0, + though. + +Fri Apr 19 1996 + + * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when + getpwnam returns uid == 0 but user is not root. This is usually + the result of an attack on NIS (former YP). + +Wed Apr 17 1996 + + * kadmin/ksrvutil.c (get_key_from_password): Support for + generating AFS keys. From + +Sun Apr 14 1996 + + * appl/kx: New program for forwarding a X connection. + +Mon Apr 8 1996 + + * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell + changed from 2106 to 545. + + * appl/bsd/login.c (doremotelogin): Remove terminal speed from the + value of $TERM in the case of an ancient rlogind being used. + +Thu Apr 4 1996 + + * lib/kafs/afssys.c (k_afsklog): Try to read from + /usr/vice/etc/TheseCells for list of cells we should try to obtain + tokens for. + + * appl/kauth/kauth.c (renew): Use cell even when renewing. + + * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog + with realm == NULL. + + + * lib/kafs/afssys.c: More thorough guessing of what realm a cell + belongs to. + +Wed Apr 3 1996 + + * appl/bsd/login.c: If setuid() failes and not logging in as root, + exit. + +Tue Apr 2 1996 + + * server/kerberos.c: Set name, inst, and realm to NULL in + APPL_REQUEST, error replies tend to look a bit funny otherwise. + +Thu Mar 28 1996 + + * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD. + +Tue Mar 26 1996 + + * lib/des/Makefile.in: Removed enc_read.c enc_writ.c. + + * appl/bsd/Makefile.in: New file with the old functions from + libdes. + + + * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in + Solaris. Only put entries in one of utmp/utmpx, since they both + get updated by putut*ent() anyway. + +Mon Mar 25 1996 + + * kuser/klist.c (main): Use verbose option (-v) to list key + version numbers. + + + * Release 0.7. + +Sun Mar 24 1996 + + * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible) + to doit(). + + + * configure.in: Check for getmsg with AC_TRY_RUN instead. + Otherwise it fails under AIx 3.2. Now rlogind works on this + so-called OS. Also cache value of berkeley db check. + + + * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation, + enabled with --enable-random-mkey. This makes kdb_init et al + generate random master keys, based on random input from the + user. This comes in a package with auto-kstash, and possibility to + enter lost master keys as base64. + + Moved default master key file from /.k to + /var/kerberos/master-key, override with --with-mkey=file. + + + * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin, + meaning do not get a new ticket file. (From CNS). + +Fri Mar 22 1996 + + * appl/xnlock/xnlock.c: Removed some dead code, and a few unused + header files. + + + * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check() + fails *pw_msg can't be 0! At the very least use the + empty string but a descriptive error-message is preferred. + + * libtelnet: add nonbroken signal() function. + +Wed Mar 20 1996 + + * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if + user is allowed to fetch mail. + + * appl/kpopper/*. Got rid of some ugly codes and some warnings. + + * appl/bsd/Makefile.in: signal.o was not included in OBJECTS, + which made strange makes not doing what they should. + + * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now + should work on systems that do not have mail spool files in + /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from + or . Defaults to /var/spool/mail. + +Mon Mar 18 1996 + + * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it. + +Fri Mar 15 1996 + + * lib/kafs/kafs.h: Use instead of + + * appl/bsd/rshd.c (doit): Don't set environ, send it as an + argument to execle instead. + + * lib/kafs/kafs.h: Find definition of _IOW. + + * configure.in: Check for random. + + * appl/bsd/bsd_locl.h: Including gives too many conflicts. + + * appl/afsutil/pagsh.c: Check for random. + +Thu Mar 14 1996 + + * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values + of `TIOCPKT_FLUSHWRITE' & c:o. + + * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of + linking in libraries. + + * configure.in: Check for interesting functions in libsocket and + libnsl and not strange soriasis inventions. + +Wed Mar 13 1996 + + * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if + the function does not exist. + +Mon Mar 11 1996 + + * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of + krb_err_msg to krb_get_err_text(int) to be compatible with the CNS + distribution. This function is used for instance by CVS-1.7. + +Sun Mar 10 1996 + + * configure.in, appl/Makefile.in: removed rkinit + + * etc/inetd.conf.changes, etc/services.append: Added kauth. + + * appl/kauth: Integrated rkinit into kauth. + + * appl/kauth/kauth.c (main): Only look for principal name if no -p + has been given. + + * lots of files: prototypes and other small fixes. + + * appl/bsd/sysv_shadow.h: spwd multiple defined. + + * appl/bsd/bsd_locl.h: include + + * configure.in: Added afsutil and rkinit. + + * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you + end up with an infinite recursion. + + * kuser/klist.c (display_tktfile): Another warning removed. + +Tue Mar 5 1996 + + * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now + works properly also under this system. + + + * appl/afsutil: New aklog and pagsh + + + * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'. + + * lib/des/rnd_keys.c: Include . + +Mon Mar 4 1996 + + * appl/kauth/kauth.c (main): Handle name when given after options. + +Sun Mar 3 1996 + + * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris + apparently does not have any. + (main): Use memset instead of bzero. + + * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy. + + * kuser/kinit.c (main): Corrected lifetime. + + * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines, + continuation lines and addresses of the form 193.10.156.0/24. + + + * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs. + +Wed Feb 28 1996 + + * Replaced all occurencies of krb_err_txt[] with new function + krb_err_msg(), that does some sanity checks before indexing + krb_err_txt. + +Mon Feb 26 1996 + + * appl/telnet/telnetd: Added flags -z to have telnetd log + unauthenticated logins, such as when using an old telnet + client. Unfortunately in most of these cases, the user name is not + known. + + There should also be a way to tell the difference between bad + authentication (such as with expired tickets) and no attempt to + provide authentication (such as with an old client). + +Sun Feb 25 1996 + + * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags + added to prevent this. + +Thu Feb 22 1996 + + * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work + correctly for multi-homed hosts. + + * appl/rkinit: New program with rkinit functionality. + + * lib/krb/k_getport.c: Function for finding port in /etc/services + with fallback. + + * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct + prototype with void * and size_t. + +Wed Feb 21 1996 + + * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to + seperate file. Now called both from kadmin and kpasswd. + + * kadmin/pw_check.c (kadm_pw_check): Handle the case of no + password provided. This is really a policy decision. The server + should be able to say `use a client that sends the password'. + + * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen. + +Sun Feb 18 1996 + + * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware. + + * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware. + + * appl/bsd/rshd.c (doit): Made rshd multihome aware. + + * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure + out the instance name of interfaces on multihomed hosts. Use this + function when making daemons multihome aware. + + * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd + multihome aware. + +Mon Feb 12 1996 + + * Release 0.6. + +Sun Feb 11 1996 + + * lots of files: hacks to make it all compile. + + * configure.in, appl/telnet/configure.in: More broken AIX. + + + * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix). + + + * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default. + + + * appl/telnet/libtelnet/kerberos.c: Show difference between + MUTUAL and ONE_WAY KERBEROS4. + + * appl/telnet/libtelnet/encrypt.c: + Print message about not encrypting when receiving WONT or DONT encrypt. + + + * configure.in: Automatic check for HAVE_NEW_DB. + + + * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with + SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based. + + * appl/telnet/telnetd/global.c: Removed some multiple defined + variables. + + * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP. + + * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef. + + * configure.in: Check if `struct sockaddr' has `sa_len'. + +Sat Feb 10 1996 + + * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty. + + * appl/bsd/bsd_locl.h: More include-files: and + + * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings. + + * lib/krb/log.c (new_log): Yet another year 2000. + + * appl/bsd/sysv_environ.c (read_etc_environment): Support setting + environment variables from /etc/environment. + + * appl/bsd/bsd_locl.h: + + * configure.in: check for setpcred, libs.a and . + + * appl/bsd/login.c (main): setpcred is used on AIX. + + * appl/bsd/rshd.c (doit): Added setpcred for AIX. + + * lib/krb/getaddrs.c: is sometimes needed. + + * admin/kdb_init.c (main): Now verifies master key. + + * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility + of asking for verfication. + + * appl/bsd/bsd_locl.h: Try to include + + * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments. + + * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and + accept an answer from anything we have sent to. + + * appl/kauth/kauth.c (renew): Use strange return types for strange + OSes. + (doexec): Remove tokens. + + * server/kerberos.c (main): Uses k_get_all_addrs and binds to each + of these addresses. + + * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for + specifying key to create on command line to get. + +Wed Feb 7 1996 + + * lib/krb/log.c (k_log): Now using YYYY for years. + + * lib/krb/klog.c (klog): Preparing for the year 2000. + + * kuser/kinit.c (main): Added option -p to get changepw-tickets. + + * lib/krb/getaddrs.c: New file to get all the addresses of all the + interfaces on this machine. + +Tue Feb 6 1996 + + * configure.in: Support for S/Key in login.c. Use --with-skeylib + switch to configure. The code assumes that the skeylib.a comes + from logdaemon. + + * General support for shadow password files if there is an + shadow.h. + + * appl/bsd/su.c: Arrange so that it supports shadow passords. + +Sun Feb 4 1996 + + * appl/telnet/*: Hacks to make it work on strange OSes. + + * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h + + * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h + + * configure.in: test for crypt.h and sys/ptyvar.h + + * appl/telnet/telnetd/*.c: pty -> ourpty. + + + * telnetd: Changes to make more systems work better, specifically + AIX 4. Hopefully this will work on both STREAM and BSD + systems. Not tested on some systems, like CRAY and Linux. + + + * util/ss/mk_cmds.c: Generating cleaner code. + + * lib/krb/krb_err_txt.c (krb_err_txt): Clarification. + + * kadmin/admin_server.c: Less varnings. + + * appl/xnlock/xnlock.c: Changed some types and added some casts. + + * appl/movemail/movemail.c: Not using syswait.h anymore. + + * appl/xnlock/xnlock.c: God rid of some warnings. + + * util/ss/*.[ch]: cleanup + + * util/et/*.[ch]: cleanup + + * appl/bsd/rcp.c: Less warnings. + + * kadmin/admin_server.c (kadm_listen): Get rid of another warning. + + * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib + check the quality of the password. + + * kadmin/pw_check.h (kadm_pw_check): New argument to + kadm_pw_check: list of useful strings to check for. + + * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings + to kadm_pw_check (name, instance, and realm). + + * kadmin/Makefile.in (kadmind): Linking with -lcrack. + + * configure.in: Support for --with-cracklib and --with-dictpath. + + * kadmin/ksrvutil_get.c: Now seems to be working. + + * kadmin/ksrvutil.h: Some new parameters. + + * kadmin/ksrvutil.c: Some reorganisation and uses a working + ksrvutil_get. + + * appl/movemail/movemail.c: Some more include-files. + + * appl/bsd/rlogind.c: Testing for the existence of vhangup. + +Wed Jan 31 1996 + + * configure.in: Massaged the configure files so that we can build + under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link + errors where also neccessary. + +Tue Jan 30 1996 + + * appl/xnlock/xnlock.c (main): Improved user feedback on password + input. + + * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that + enables C-u to erase the password field. + + * lib/krb/lifetime.c: configure now creates a version string which + is referenced here. Use what and grep version to figure out where, + when and by whom binaries where created. + + * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is + opened. Add revoke using vhangup for those system lacking revoke. + Also call vhangup when rlogind exits. + +Mon Jan 29 1996 + + * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS + 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to + operate correctly. + + * kadmin/kadmin.c (change_key): Add new subcommand change_key so + that it is possible to enter keys in the DB on binary form. Most + usefull for sites running AFS. + +Fri Jan 26 1996 + + * appl/bsd/su.c (koktologin): New option -i root-instance. If you + want a user.afs ticket in a root shell and user.afs is on root's + ACL then do a "su -i afs". + + * Makefile.in: Rearrange the order of object files to make shared + libraries slightly more efficient. + + * appl/kauth/kauth.c (main): Always up case realm. Better error + messages on failed exec. + +Mon Jan 22 1996 + + * appl/bsd/rshd.c (main): New option -P to prevent rshd from using + a new PAG. Expert use only! + + * appl/bsd/rlogind.c (doit): Avoid race when setting tty size. + + * appl/bsd/rlogin.c (reader): Use select rather than horrible + signal hacks to handle OOB data. + + * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does + now honor the -p switch when invoked by root. This is used by + telnetd to export environment variables. + +Fri Jan 5 1996 + + * appl/bsd/signal.c (signal): New BSD compatible signal + function. Most r* applications assume reliable signals. + + + * appl/bsd/login.c (main): Check HAVE_ULIMIT. + + * appl/bsd/bsd_locl.h: Include sys/ioctl.h. + + * configure.in: Check for ulimit. + + * admin/kdb_edit.c: Flush stdout after printing prompts. + + * appl/kpopper/pop_xmit.c: Remember to include config.h. + +Tue Jan 2 1996 + + * appl/bsd/login.c (main): New function stty_default to setup + default tty settings. + +Fri Dec 29 1995 + + * appl/kstring2key/kstring2key.c (main): New program that converts + passwords to DES keys, either using des_string_to_key or + afs_string_to_key. + + * server/kerberos.c: Kerberos server now listen on 2 ports, + kerberos/udp and kerberos-sec/udp. + +Wed Dec 27 1995 + + * appl/bsd/rcp.c (main): Integrated -x option to rcp. This + required some real horrible hacks in lib/des/enc_{read,write}.c + + * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h. + + * Add RCSID stuff to telnet files. + +Fri Dec 22 1995 + + * appl/bsd/login.c (main): The login program does now by default + read /etc/default/login, even on non Psoriasis systems. Unifdef + SYSV4, this was essentially only for prompting. + +Mon Dec 18 1995 + + * appl/kpopper/popper.c (main): Integrate default timeout of 120 + seconds from Qualcomm popper. Timeout is also set able with -T + seconds. + + + * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no + password, don't even send the empty string. + +Thu Dec 7 1995 + + * lots of files: all debug messages now printed to stderr (from + ) + + * lib/krb/tf_util.c (tf_create): New method for creating a new + ticket file. Remove the old old and then open with O_CREAT and + O_EXCL. + + * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings. + + * configure.in: Added checks for unistd.h, memmove and const. + + * appl/telnet/telnet/commands.c: Changed types of functions to + confirm with struct Command. + + * appl/telnet/configure.in: Check for setpgid. + + * appl/bsd/rlogin.c: Get rid of another warning. + + * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for + solaris. + +Wed Dec 6 1995 + + * (movemail): Now from emacs-19.30. If you have a newish emacs + there is no reason to use this movemail. + + * (kadm): Added support for server side password checks. Hopefully + this is compatible with kerberos 4.10. Old kpasswd:s will give + funny error messages. For examples of checks, see + kadmin/pw_check.c. Since this is mostly political matters, + kadm_pw_check() should probably return KADM_SUCCESS by default. + +Mon Nov 27 1995 + + * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption + problem with Mac NCSA telnet 2.6. + + + * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here). + + * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number + (added missing ntohs). + +Sun Nov 12 1995 + + * (many files): More ANSI/ISO 9899-1990 to the people! + Now actually builds (not including util) with DEC "cc -std1" and + Sun "acc -Xc". There are still major prototype conflicts, but + there isn't much to do about this. + +Sat Oct 28 1995 + + * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and + kerberos_master services. + +Fri Oct 27 1995 + + * Released version 0.5 + + + * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the + same code is used both for posix termios and others. + + * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when + set to "yes" make warnings about "rlogin: warning, using standard + rlogin: remote host doesn't support Kerberos." go away. + +Tue Oct 24 1995 + + * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): + Optimized so that it can handle large databases, previously a + 10000 entry DB would take *many* minutes, this can now be done in + under a minute. + +Sat Oct 21 1995 + + * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 + bit machines. Source should now be free of 64 bit assumptions. + + * admin/copykey.c (copy_from_key): New functions for copying to + and from keys. Neccessary to solve som problems with longs on 64 + bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. + + * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems + with longs on 64 bit machines. + +Mon Oct 16 1995 + + * appl/bsd/login.c (main): Lots of stuff to support Psoriasis + login. Courtesy of gertz@lysator.liu.se. + + * configure.in, all Makefile.in's: Support for Linux shared + libraries. Courtesy of svedja@lysator.liu.se. + + * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno + = KRB_PROT_VERSION; from server kode to libkrb where it really + belongs. + + * appl/bsd/forkpty.c (forkpty): New function that allocates master + and slave ptys in a portable way. Used by rlogind. + + * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the + same utmpx slot got used by sevral sessions. Courtesy of + gertz@lysator.liu.se. + +Wed Oct 4 1995 + + * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of + svedja@lysator.liu.se. + + * Fix the above Makefiles to work around bugs in Solaris and OSF/1 + make rules that was triggered by VPATH functionality in the yacc + and lex rules. + +Mon Oct 2 1995 + + * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): + Use stdarg instead of varargs. The code is still broken though, + you'll realize that on a machine with 64 bit pointers and 32 bit + int:s and no vsprintf, let's hope there will be no such beasts ;-). + + * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems + have (or need) modules ttcompat and pckt so don't flag it as a + fatal error if they don't exist. + +Mon Sep 25 1995 + + * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c + (kadm_listen): Add kludge for kadmind running on a multihomed + server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h + if you need this feature. + + * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper + and xnlock. + +Wed Sep 20 1995 + + * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not + implemented yet though. + +Wed Sep 13 1995 + + * appl/xnlock/Makefile.in: Some stubs for X11 programs in + configure.in as well as a kerberized version of xnlock. + + * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback + port numbers if they can not be found using getservbyname. + +Tue Sep 12 1995 + + * appl/bsd/klogin.c (klogin): Use differnet ticket files for each + login so that a malicous user won't be able to destroy our tickets + with a failed login attempt. + + * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if + there is no such thing try afs@CELL instead. There is now two + arguments to k_afslog(char *cell, char *realm). + +Mon Sep 11 1995 + + * kadmin/admin_server.c (kadm_listen): If we are multihomed we + need to figure out which local address that is used this time + since it is used in "direction" comparison. + +Wed Sep 6 1995 + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default + port number. + + * lib/krb/send_to_kdc.c (send_to_kdc): Default port number + (KRB_PORT) was not in network byte order. + +Tue Sep 5 1995 + + * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct + when selecting. + + +Mon Sep 4 1995 + + * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: + Now does fallback if there isn't any entries in /etc/services for + klogin/kshell. This also made the code a bit more pretty. + + + * appl/bsd/login.c: Added support for lots of more struct utmp fields. + If there is no ttyslot() use setutent and friends. + + * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: + Added extern iruserok(). + + * appl/bsd/iruserok.c: Initial revision + + * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. + + * appl/bsd/Makefile.in: New install + + * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. + + * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. + + + * appl/bsd/login.c (login): If there is no ttyslot use setutent + and friends. Added support for lots of more struct utmp fields. + + * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: + Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. + + * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than + _PATH_DEF. + + * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if + running as root. + + * appl/bsd/su.c (main): Update usage message to reflect that '-' + option must come after the ordinary options and before login-id. + +Sat Sep 2 1995 + + * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to + long to fit into utmp try to remove domain part if it does match + our local domain. + + (main): Add new option -L /bin/login so that it is possible to + specify an alternate login program. + + * appl/telnet/telnet/commands.c (env_init): When exporting + variable DISPLAY and if hostname is not the full name, try to get + the full name from DNS. + + * appl/telnet/telnet/main.c (main): Option -k realm was broken due + to a bogous external declaration. + +Fri Sep 1 1995 + + * kadmin/kadmin.c (add_new_key): Kadmin now properly sets + lifetime, expiration date and attributes in add_new_key command. + +Wed Aug 30 1995 + + * appl/bsd/su.c (main): Don't handle '-' option with getopt. + + * appl/telnet/telnet/externs.h: Removed protection for multiple + inclusions of termio(s).h since it broke definition of termio + macro on POSIX systems. + +Tue Aug 29 1995 + + * lib/krb/lifetime.c (krb_life_to_time): If you want to disable + AFS compatible long lifetimes set krb_no_long_lifetimes = 1. + + Please note that the long lifetimes are 100% compatible up to + 10h so this should rarely be necessary. + + * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use + ipaddress protection of tickets set krb_ignore_ip_address. This + makes it possible for an intruder to steal a ticket and then use + it from som other machine anywhere on the net. + +Mon Aug 28 1995 + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one + local address. Accept request on all interfaces. + + * admin/kdb_edit.c (change_principal): Don't accept illegal + dates. Courtesy of gertz@lysator.liu.se. + +Sat Aug 26 1995 + + * configure.in: AIX specific libraries needed when using standard + libc routine getttyent, IBM should be ashamed! + + * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t + problem. + + * Added strdup for su and rlogin. + + * Fix for old syslog macros in appl/bsd/bsd_locl. + +Fri Aug 25 1995 + + * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New + ifdef HAVE_NEW_DB for new databases residing in one file only. + + * appl/bsd/rlogin.c (oob): Add workaround for Linux. + +Mon Aug 21 1995 + + * appl/bsd/getpass.c: New routine that reads up to 127 char + passwords. Used in su.c and login.c. + +Tue Aug 15 1995 + + * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY + should not be used on HP-UX. + +Mon Aug 14 1995 + + * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to + rather use telnet. + +Thu Aug 10 1995 + + * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c, + get_krbrlm.c, get_admhst.c: + + Use multiple configuration directories for krb.conf and + krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with + KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and + /etc/kerberosIV are searched. Directory specified by envioronment + variable KRBCONFDIR is searched first if set. No hardcoded + realmname or kerberos server. Instead use domainname for deafult + realm and kerberos.domain as kerberos server if they are not + listed in krb.conf and/or krb.realms. In the normal case there + should be no need for configuration files if administrators add a + CNAME pointing to the kerberos server. + + * appl/bsd/Makefile.in and friends: GNU make should no longer be + neccessary unless building with VPATH. + +Wed Aug 9 1995 + + * appl/bsd/klogin.c (klogin): Old ticket file need to be removed + before we call krb_get_pw_in_tkt or we might get a Kerberos intkt + error because the wrong user owns the file. + +Tue Aug 8 1995 + + * configure.in : Telnet.beta2 is now official and has been moved + to appl/telnet. + + * appl/bsd/su.c (main): Reenable -K flag, won't work if not + PASSWD_FALLBACK is enabled. Cosmetics for Password prompt. + +Fri Aug 4 1995 + + * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous + kerberos server. Controlled by #ifdef KLOGIN_PARANOID. + + * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on + SYSV. + +Mon Jul 24 1995 + + * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument. + + * appl/bsd/rlogin.c, login.c: New programs. + +Fri Jul 21 1995 + + * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals. + + * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to + IRIX. + +Tue Jul 11 1995 + + * admin/kdb_init.c (main): Use new random generator. Dito in + admin/kdb_edit.c. Use master key to initialize random sequence. + +Mon Jul 10 1995 + + * kadmin/kadmin.c (get_password): Fix for random passwords. + Dito for admin/kdb_edit.c + + * appl/kauth/kauth.c (main): Updated for krb distribution, now + uses new library libkafs. + + * appl/telnet.beta/telnet/main.c (main): New telnet with + encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0. + Encryption does not currently work though. + +Tue Jun 20 1995 + + * New library to support AFS. Routines: + + int k_hasafs(void); + int k_afsklog(...); + int k_setpag(void); + int k_unlog(void); + int k_pioctl(char *, int, struct ViceIoctl *, int); + + Modified it to support more than one single entry point AFS + syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely + on transarc headers or library code. + + This has not been tested and will most probably need some + serious violence to get working under AIX. (AIX has since been + fixed to. /bg) + +Fri Jun 16 1995 + + * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using + krb_equiv() to allow for hosts with more than one address in files + rd_priv.c rd_req.c and rd_safe.c. + + * slave/kpropd.c (main): Fix uninitialized variables and rewind + file in kprop.c. + +Thu Jun 15 1995 + + * appl/bsd/rcp.c (allocbuf): Fix various bugs. + + * slave/kpropd.c (main): Responder uses + KPROP_SERVICE_NAME.`hostname' and requestor always uses + KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd + protocol. + +Wed Jun 14 1995 + + * appl/bsd/rshd.c (doit): Encryption should now work both ways. + +Tue Jun 13 1995 + + * appl/bsd/pathnames.h: Fixup paths. + + * server/Makefile.in and friends (install): Install daemons in in + libexec and administrator programs in sbin. + + + * Makefile.in: Joda (d91-jda) added install target + +Wed Jun 7 1995 + + * lib/krb/k_strerror.c: New function k_strerror() to use instead + of the non portable sys_errlist[]. diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in new file mode 100644 index 0000000..afa77fb --- /dev/null +++ b/crypto/kerberosIV/Makefile.in @@ -0,0 +1,70 @@ +# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $ + +srcdir = @srcdir@ +prefix = @prefix@ +VPATH = @srcdir@ + +SHELL = /bin/sh +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \ + appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet + +@SET_MAKE@ + +SUBDIRS = util include lib kuser server slave admin kadmin appl man doc + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +check: + cd lib && $(MAKE) $(MFLAGS) check + +install: + $(MKINSTALLDIRS) $(prefix) + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +install-strip: + $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +travelkit: all + $(MKINSTALLDIRS) tmp + for i in $(TRAVELKIT); \ + do $(INSTALL_PROGRAM) $$i tmp; done + (cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`) + rm -rf tmp + +travelkit-strip: + $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit + +TAGS: + find . -name '*.[chyl]' -print | etags - + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + $(MAKE) clean + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS new file mode 100644 index 0000000..cddbb22 --- /dev/null +++ b/crypto/kerberosIV/NEWS @@ -0,0 +1,563 @@ +Minor changes in release 0.9.6: + +* utmp(x) works correctly on systems with utmpx. + +* A security-related bug in ftpd fixed. + +* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18. + +* New option `-w' to rxtelnet, rxterm. + +Major changes in release 0.9.5: + +* We made some changes to be compatible with the other kerberised ftp + implementations and this means that an old kerberised ftp client will + not be able to talk to a new ftp server. So try to upgrade your ftp + clients and servers at the same time. The reason for this change is + described in more detail below. + +* The interpretation of /etc/ftpusers has changed slightly, see + ftpusers(5). These changes come from NetBSD. + +* The function `des_quad_cksum', which is used by `krb_rd_safe', and + `krb_mk_safe', has never been compatible with MIT's DES + library. This has now been fixed. + + This fix will however break some programs that used those functions, + for instance `ftp'. In this version `krb_rd_safe' is modified to + accept checksums of both the new and the old format; `krb_mk_safe' + will always emit checksums of the new type *unless* `krb_rd_safe' + has detected that the client is using the old checksum (this feature + may be removed in some future release). + + If you have programs that use `krb_mk_safe' and `krb_rd_safe' you + should upgrade all clients before upgrading your servers. Client is + here defined as the program that first calls `krb_rd_safe'. + + If you are using some protocol that talks to more than one client or + server in one session, the heuristics to detect which kind of + checksum to use might fail. + + The problem with `des_quad_cksum' was just a byte-order problem, so + there are no security problems with using the old versions. Thanks + to Derrick J Brashear for pointing in the + right general direction. + +* Rewrote kx to work always open TCP connections in the same + direction. This was needed to make it work through NATs and is + generally a cleaner way of doing it. Also added `tenletxr'. + Unfortunately the new protocol is not compatible with the old one. + The new kx and kxd programs try to figure out if they are talking to + old versions. + +* Quite a bit of new functionality in otp. Changed default hash + function to `md5'. Fixed implementation of SHA and added downcasing + of seed to conform with `draft-ietf-otp-01.txt'. All verification + examples in the draft now work. + +* Fixed buffer overflows. + +* Add history/line editing in kadmin and ftp. + +* utmp/utmpx and wtmp/wtmpx might work better on strange machines. + +* Bug fixes for `rsh -n' and `rcp -x'. + +* reget now works in ftp and ftpd. Passive mode works. Other minor + bug fixes as well. + +* New option `-g umask' to ftpd for specifying the umask for anonymous users. + +* Fix for `-l' option in rxtelnet and rxterm. + +* XOVER support in popper. + +* Better support for building shared libraries. + +* Better support for talking to the KDC over TCP. This could make it + easier to use brain-damaged firewalls. + +* Support FreeBSD-style MD5 /etc/passwd. + +* New option `-createuser' to afslog. + +* Upgraded to work with socks5-v1.0r1. + +* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32. + +* Merged in win32-telnet, see README-WIN32 for more details. + +* Possibly fixed telnet bug on HP-UX 10. + +* Updated man-pages. + +* Support for NetBSD/OpenBSD manual page circus. + +* Bug fixes. + +Major changes in release 0.9.3: + +* kx has been rewritten and is now a lot easier to use. Two new + scripts: rxtelnet and rxterm. It also works on machines such as + Cray where the X-libraries cannot talk unix sockets. + +* experimental OTP (RFC1938). Included in login, ftpd, and popper. + +* authentication modules: PAM for linux, SIA for OSF/1, and + afskauthlib for Irix. + +* popper now has the UIDL command. + +* ftpd can now tar and compress files and directories on the fly, also + added a find site command. + +* updated documentation and man pages. + +* Change kuserok so that it acts as if luser@LOCALREALM is always an + entry of .klogin, even when it's not possible to verify that there + is no such file or the file is unreadable. + +* Support for SRV-records. + +* Socks v5 support. + +* rcp is AFS-aware. + +* allow for other transport mechanisms than udp (useful for firewall + tormented souls); as a side effect the format of krb.conf had to + become more flexible + +* sample programs included. + +* work arounds for Linux networking bugs in rlogind and rlogin. + +* more portable + +* quite a number of improvments/bugfixes + +* New platforms: HP-UX 10, Irix 6.2 + +Major changes in release 0.9.2a: + +* fix annoying bug with kauth (et al) returning incorrect error + +Major changes in release 0.9.2: + +* service `kerberos-iv' and port 750 has been registered with IANA. + +* Bugfixes. + + - Compiles with gcc on AIX. + + - Compiles with really old resolvers. + + - ftp works with afs string-to-key. + + - shared libraries should work on Linux/ELF. + + - some potential buffer overruns. + + - general code clean-up. + +* Better Cray/UNICOS support. + +* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0 + +Major changes in release 0.9.1: + +* Mostly bugfixes. + + - No hardcoded references to /usr/athena + + - Better Linux support with rlogin + + - Fix for broken handling of NULL password in kadmind (such as with + `ksrvutil change') + + - AFS-aware programs should work on AIX systems without AFS + +* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V + +* New mechanism to determine realm from hostname based on DNS. To find + the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then + krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record + with the realm name. + + krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" + +Major changes in release 0.9: + +* Tested platforms: + +Dec Alpha OSF/1 3.2 with cc -std1 +HP 9000/735 HP/UX 9.05 with gcc +DEC Pmax Ultrix 4.4 with gcc (cc does not work) +IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not) +SGI IRIX 5.3 with cc +Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work) +Sun SunOS 5.5 with gcc +Intel i386 NetBSD 1.2 with gcc +Intel i386 Linux 1.3.95 with gcc +Cray J90 Unicos 9 with cc + +* Mostly ported to Crays running Unicos 9. + +* S/Key-support in ftpd. + +* Delete operation supported in kerberos database. + +* Cleaner and more portable code. + +* Even less bugs than before. + +* kpopper now supports the old pop3 protocol and has been renamed to popper. + +* rsh can be renamed remsh. + +* Experimental program for forwarding IP over a kerberos tunnel. + +* Updated to libdes 3.23. + +Major changes in release 0.8: + +* New programs: ftp & ftpd. + +* New programs: kx & kxd. These programs forward X connections over + kerberos-encrypted connections. + +* Incorporated version 3.21 of libdes. + +* login: No double utmp-entries on Solaris. + +* kafs + + * Better guessing of what realm a cell belongs to. + + * Support for authenticating to several cells. Reads + /usr/vice/etc/TheseCells, if present. + +* ksrvutil: Support for generating AFS keys. + +* login, su, rshd, rlogind: tries to counter possible NIS-attack. + +* xnlock: several bug fixes and support for more than one screen. + +* Default port number for ekshell changed from 2106 to 545. kauth + port changed from 4711 to 2120. + +* Rumored to work on Fujitsu UXP/V and Cray UNICOS. + +Major changes in release 0.7: + +* New experimental masterkey generation. Enable with + --enable-random-mkey. Also the default place for the master key has + moved from /.k to /var/kerberos/master-key. This is customizable + with --with-mkey=file. If you don't want you master key to be on the + same backup medium as your database, remember to use this flag. All + relevant programs still checks for /.k. + +* `-t' option to kadmin. + +* Kpopper uses kuserok to verify if user is allowed to pop mail. + +* Kpopper tries to locate the mail spool directory: /var/mail or + /var/spool/mail. + +* kauth has ability to get ticket on a remove host with the `-h' option. + +* afslog (aklog clone) and pagsh included. + +* New format for /etc/krb.equiv. + +* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind, + rshd, telnet, telnetd. + +* rlogind works on ultrix and aix 3.2. + +* lots of bug fixes. + +Major changes in release 0.6: + +* Tested platforms: + +DEC/Alpha OSF3.2 +HP700 HPux 9.x +Dec/Pmax Ultrix 4.4 (rlogind not working) +IBM RS/6000 AIX 3.2 (rlogind not working) +IBM RS/6000 AIX 4.1 +SGI Irix 5.3 +Sun Sunos 4.1.x +Sun Sunos 5.4 +386 BSD/OS 2.0.1 +386 NetBSD 1.1 +386 Linux 1.2.13 + +It is rumored to work to some extent on NextStep 3.3. + +* ksrvutil get to create new keys and put them in the database at the +same time. + +* Support for S/Key in login. + +* kstring2key: new program to show string to key conversion. + +* Kerberos server should now listen on all available network +interfaces and on both port 88 and 750. + +* Timeout in kpopper. + +* Support password quality checks in kadmind. Use --with-crack-lib to +link kadmind with cracklib. The patches in cracklib.patch are needed. + +* Movemail from emacs 19.30. + +* Logging format uses four digits for years. + +* Fallback if port numbers are not listed in /etc/services. + + + * Relesed version 0.5 + + * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the + same code is used both for posix termios and others. + + * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when + set to "yes" make warnings about "rlogin: warning, using standard + rlogin: remote host doesn't support Kerberos." go away. + + * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): + Optimized so that it can handle large databases, previously a + 10000 entry DB would take *many* minutes, this can now be done in + under a minute. + + * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 + bit machines. Source should now be free of 64 bit assumptions. + + * admin/copykey.c (copy_from_key): New functions for copying to + and from keys. Neccessary to solve som problems with longs on 64 + bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. + + * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems + with longs on 64 bit machines. + + * appl/bsd/login.c (main): Lots of stuff to support Psoriasis + login. Courtesy of gertz@lysator.liu.se. + + * configure.in, all Makefile.in's: Support for Linux shared + libraries. Courtesy of svedja@lysator.liu.se. + + * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno + = KRB_PROT_VERSION; from server kode to libkrb where it really + belongs. + + * appl/bsd/forkpty.c (forkpty): New function that allocates master + and slave ptys in a portable way. Used by rlogind. + + * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the + same utmpx slot got used by sevral sessions. Courtesy of + gertz@lysator.liu.se. + + * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of + svedja@lysator.liu.se. + + * Fix the above Makefiles to work around bugs in Solaris and OSF/1 + make rules that was triggered by VPATH functionality in the yacc + and lex rules. + + * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): + Use stdarg instead of varargs. The code is still broken though, + you'll realize that on a machine with 64 bit pointers and 32 bit + int:s and no vsprintf, let's hope there will be no such beasts ;-). + + * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems + have (or need) modules ttcompat and pckt so don't flag it as a + fatal error if they don't exist. + + * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c + (kadm_listen): Add kludge for kadmind running on a multihomed + server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h + if you need this feature. + + * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper + and xnlock. + + * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not + implemented yet though. + + * appl/xnlock/Makefile.in: Some stubs for X11 programs in + configure.in as well as a kerberized version of xnlock. + + * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback + port numbers if they can not be found using getservbyname. + + * appl/bsd/klogin.c (klogin): Use differnet ticket files for each + login so that a malicous user won't be able to destroy our tickets + with a failed login attempt. + + * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if + there is no such thing try afs@CELL instead. There is now two + arguments to k_afslog(char *cell, char *realm). + + * kadmin/admin_server.c (kadm_listen): If we are multihomed we + need to figure out which local address that is used this time + since it is used in "direction" comparison. + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default + port number. + + * lib/krb/send_to_kdc.c (send_to_kdc): Default port number + (KRB_PORT) was not in network byte order. + + * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct + when selecting. + + * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: + Now does fallback if there isn't any entries in /etc/services for + klogin/kshell. This also made the code a bit more pretty. + + * appl/bsd/login.c: Added support for lots of more struct utmp fields. + If there is no ttyslot() use setutent and friends. + + * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: + Added extern iruserok(). + + * appl/bsd/iruserok.c: Initial revision + + * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. + + * appl/bsd/Makefile.in: New install + + * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. + + * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. + + * appl/bsd/login.c (login): If there is no ttyslot use setutent + and friends. Added support for lots of more struct utmp fields. + + * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: + Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. + + * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than + _PATH_DEF. + + * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if + running as root. + + * appl/bsd/su.c (main): Update usage message to reflect that '-' + option must come after the ordinary options and before login-id. + + * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to + long to fit into utmp try to remove domain part if it does match + our local domain. + + (main): Add new option -L /bin/login so that it is possible to + specify an alternate login program. + + * appl/telnet/telnet/commands.c (env_init): When exporting + variable DISPLAY and if hostname is not the full name, try to get + the full name from DNS. + + * appl/telnet/telnet/main.c (main): Option -k realm was broken due + to a bogous external declaration. + + * kadmin/kadmin.c (add_new_key): Kadmin now properly sets + lifetime, expiration date and attributes in add_new_key command. + + * appl/bsd/su.c (main): Don't handle '-' option with getopt. + + * appl/telnet/telnet/externs.h: Removed protection for multiple + inclusions of termio(s).h since it broke definition of termio + macro on POSIX systems. + + * lib/krb/lifetime.c (krb_life_to_time): If you want to disable + AFS compatible long lifetimes set krb_no_long_lifetimes = 1. + + Please note that the long lifetimes are 100% compatible up to + 10h so this should rarely be necessary. + + * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use + ipaddress protection of tickets set krb_ignore_ip_address. This + makes it possible for an intruder to steal a ticket and then use + it from som other machine anywhere on the net. + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one + local address. Accept request on all interfaces. + + * admin/kdb_edit.c (change_principal): Don't accept illegal + dates. Courtesy of gertz@lysator.liu.se. + + * configure.in: AIX specific libraries needed when using standard + libc routine getttyent, IBM should be ashamed! + + * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t + problem. + + * Added strdup for su and rlogin. + + * Fix for old syslog macros in appl/bsd/bsd_locl. + + * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New + ifdef HAVE_NEW_DB for new databases residing in one file only. + + * appl/bsd/rlogin.c (oob): Add workaround for Linux. + + * appl/bsd/getpass.c: New routine that reads up to 127 char + passwords. Used in su.c and login.c. + + * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY + should not be used on HP-UX. + +==========================*** Released 0.2? ***============================= + +ksrvutil + If there is a dot in the about to be added principals name there is + no need to ask for instance name. + +kerberos & kadmind + Logfiles are created with small permissions (600). + +krb.conf and krb.realms + Use domain part as realm name if there is no match in krb.realms. + Use kerberos.REALMNAME if there is no match in krb.realms. + +rlogin + The rlogin client is supported both with and without encryption, + there is no rlogind yet though. + +login + There is login program that supports the -f option. Both kerberos + and /etc/passwd authentication is enabled. + + Vendors login programs typically have no -f option (needed by + telnetd) and also does not know how to verify passwords againts + kerberos. + +appl/bsd/* + Now uses POSIX signals. + +kdb_edit, kadmin + Generate random passwords if administrator enters empty password. + +lib/kafs + New library to support AFS. Routines: + int k_hasafs(void); + int k_afsklog(...); or some other name + int k_setpag(void); + int k_unlog(void); + int k_pioctl(char *, int, struct ViceIoctl *, int); + + Library supports more than one single entry point AFS syscalls + (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on + transarc headers or library code. Same binaries can be used both on + machines running AFS and others. + + This library is used in telnetd, login and the r* programs. + +telnet & telnetd + Based on telnet.95.05.31.NE but with the encryption hacks from + ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption + stuff needed some more modifications (done by joda@nada.kth.se) + before it was usable. Telnet has also been modified to use GNU + autoconf. + +Numerous other changes that are long since forgotten. diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS new file mode 100644 index 0000000..f6eeeef --- /dev/null +++ b/crypto/kerberosIV/PROBLEMS @@ -0,0 +1,74 @@ + +Problems compiling Kerberos +=========================== + +Many compilers require a switch to become ANSI compliant. Since kth-krb +is written in ANSI C it is necessary to specify the name of the compiler +to be used and the required switch to make it ANSI compliant. This is +most easily done when running configure using the `env' command. For +instance to build under HP-UX using the native compiler do: + + datan$ env CC="cc -Ae" ./configure + +In general `gcc' works. The following combinations have also been +verified to successfully compile the distribution: + +`HP-UX' + `cc -Ae' + +`Digital UNIX' + `cc -std1' + +`AIX' + `xlc' + +`Solaris 2.x' + `cc' (unbundled one) + +`IRIX' + `cc' + +Linux problems +-------------- + +Some systems have lost `/usr/include/ndbm.h' which is necessary to +build kth-krb correctly. There is a `ndbm.h.Linux' right next to the +source distribution. + +There has been reports of non-working `libdb' on some Linux +distributions. If that happens, use the `--without-berkeley-db' when +configuring. + +HP-UX problems +-------------- + +The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems. +To make problems even worse, there is never an archive version for +static linking either. Therefore, when building "truly portable" +binaries first install GNU gdbm or Berkeley DB, and make sure that you +are linking against that library. + +Cray problems +------------- + +`rlogind' won't work on Crays until `forkpty()' has been ported, in the +mean time use `telnetd'. + +AIX problems +------------ + +`gcc' version 2.7.2.1 has a bug which makes it miscompile +`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'), +if used with too much optimization. + +C2 problems +----------- + +The programs that checks passwords works with `passwd', OTP, and +Kerberos paswords. This is problem if you use C2 security (or use some +other password database), that normally keeps passwords in some obscure +place. If you want to use Kerberos with C2 security you will have to +think about what kind of changes are necessary. See also the discussion +about Digital's SIA and C2 security, see *Note Digital SIA::. + + diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README new file mode 100644 index 0000000..0647614 --- /dev/null +++ b/crypto/kerberosIV/README @@ -0,0 +1,44 @@ +This is a severly hacked up version of Eric Young's eBones-p9 kerberos +version. The DES library has been updated with his 3.23 version and +numerous patches collected over the years have been applied to both +the kerberos and DES sources, most notably the CMU patches for extended +lifetimes that AFS uses. There is also support for AFS built into most +programs. + +The source has been changed to use ANSI C and POSIX to the largest +possible extent. The code in util/et and appl/bsd have not been +updated in this way though (they really need it). + +Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos +authentication is the default and warnings are issued by telnetd if +the telnet client does not turn on encryption. + +The r* programs in appl/bsd have been updated with newer sources from +NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of +rlogin which is a temporary hack and not an Internet standard (and has +only been documented quite recently). Telnet uses kerberos +authentication to prevent the passing of cleartext passwords and is +thus superior to rlogin. + +The distribution has been configured to primarily use kerberos +authentication with a fallback to /etc/passwd passwords. This should +make it easy to do a slow migration to kerberos. OTP support is also +included in login, popper, and ftpd. + +All programs in this distribution follow these conventions: + +/usr/athena/bin: User programs +/usr/athena/sbin: Administrator programs +/usr/athena/libexec: Daemons +/etc: Configuration files +/var/log: Logfiles +/var/kerberos: Kerberos database and ACL files + +A W3-page is at http://www.pdc.kth.se/kth-krb/ + +You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc. + +Please report bugs and problems to kth-krb-bugs@nada.kth.se + +There is a mailing list discussing kerberos at krb4@sics.se, send a +message to majordomo@sics.se to subscribe. diff --git a/crypto/kerberosIV/README-WIN32 b/crypto/kerberosIV/README-WIN32 new file mode 100644 index 0000000..ba74c46 --- /dev/null +++ b/crypto/kerberosIV/README-WIN32 @@ -0,0 +1,30 @@ +It should be possible to build several of the libraries and the GUI +telnet ``voodoo'' on Win95/NT. In case you don't want to try there +are binaries available at +ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0. + +In case you want to build from source and possibly hack some on them +yourself here's a short guide: + +You need to build the libraries (DLLs) first and in this order: + +lib/roken +lib/des +lib/krb +lib/kclient + +And then the two applications: + +appl/krbmanager +appl/voodoo + +In each case there is a Visual-C++ generated makefile with the name +*.mak in the corresponding directory. You might be able to load that +into Microsoft whatever Studio and you might be able to just run nmake +on them. + +Once you have ended up with 4 DLLs and 2 EXEs you only have to place +them in a directory in your PATH and start voodoo. + +In case it doesn't work, you have discovered bugs or added some more +features the mail address to use is diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO new file mode 100644 index 0000000..66aa1f1 --- /dev/null +++ b/crypto/kerberosIV/TODO @@ -0,0 +1,42 @@ +-*- indented-text -*- +rlogind, rshd, popper, ftpd (telnetd uses nonce?) + Add a replay cache. + +telnet, rlogin, rsh, rcp + Some form of support for ticket forwarding, perhaps only for AFS tickets. + +telnet, telnetd + Add negotiation for keep-alives. + +rlogind + Fix utmp logging. + +documentation + Write more info on: + * how to use + +rshd + Read default environment from /etc/default/login and other files. + Encryption without secondary port is bugged, it currently does no + encryption. But, nobody uses it anyway. + +autoconf + +libraries + generate archive and shared libraries in some portable way. + +k_get_all_addrs + for Cray UNICOS + +ftpd + +kx + Compress and recode X protocol? + +kip + Other kinds of encapsulations? + Tunnel device as loadable kernel module. + Speed? + +BUGS + Where? diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h new file mode 100644 index 0000000..bb7b7aa --- /dev/null +++ b/crypto/kerberosIV/acconfig.h @@ -0,0 +1,282 @@ +/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */ + +/* Define this if RETSIGTYPE == void */ +#undef VOID_RETSIGTYPE + +/* Define this if struct utmp have ut_user */ +#undef HAVE_UT_USER + +/* Define this if struct utmp have ut_host */ +#undef HAVE_UT_HOST + +/* Define this if struct utmp have ut_addr */ +#undef HAVE_UT_ADDR + +/* Define this if struct utmp have ut_type */ +#undef HAVE_UT_TYPE + +/* Define this if struct utmp have ut_pid */ +#undef HAVE_UT_PID + +/* Define this if struct utmp have ut_id */ +#undef HAVE_UT_ID + +/* Define this if struct utmpx have ut_syslen */ +#undef HAVE_UT_SYSLEN + +/* Define this if struct winsize is declared in sys/termios.h */ +#undef HAVE_STRUCT_WINSIZE + +/* Define this if struct winsize have ws_xpixel */ +#undef HAVE_WS_XPIXEL + +/* Define this if struct winsize have ws_ypixel */ +#undef HAVE_WS_YPIXEL + +/* Define this to be the directory where the dictionary for cracklib */ +/* resides */ +#undef DICTPATH + +/* Define this if you want to use SOCKS v5 */ +#undef SOCKS + +/* Define this to the path of the mail spool directory */ +#undef KRB4_MAILDIR + +/* Define this if `struct sockaddr' includes sa_len */ +#undef SOCKADDR_HAS_SA_LEN + +/* Define this if `struct siaentity' includes ouid */ +#undef SIAENTITY_HAS_OUID + +/* Define if getlogin has POSIX flavour, as opposed to BSD */ +#undef POSIX_GETLOGIN + +/* Define if getpwnam_r has POSIX flavour */ +#undef POSIX_GETPWNAM_R + +/* define if getcwd() is broken (such as in SunOS) */ +#undef BROKEN_GETCWD + +/* define if the system is missing a prototype for crypt() */ +#undef NEED_CRYPT_PROTO + +/* define if the system is missing a prototype for strtok_r() */ +#undef NEED_STRTOK_R_PROTO + +/* define if /bin/ls takes -A */ +#undef HAVE_LS_A + +/* define if you have h_errno */ +#undef HAVE_H_ERRNO + +/* define if you have h_errlist but not hstrerror */ +#undef HAVE_H_ERRLIST + +/* define if you have h_nerr but not hstrerror */ +#undef HAVE_H_NERR + +/* define if your system doesn't declare h_errlist */ +#undef HAVE_H_ERRLIST_DECLARATION + +/* define if your system doesn't declare h_nerr */ +#undef HAVE_H_NERR_DECLARATION + +/* define this if you need a declaration for h_errno */ +#undef HAVE_H_ERRNO_DECLARATION + +/* define if you need a declaration for optarg */ +#undef HAVE_OPTARG_DECLARATION + +/* define if you need a declaration for optind */ +#undef HAVE_OPTIND_DECLARATION + +/* define if you need a declaration for opterr */ +#undef HAVE_OPTERR_DECLARATION + +/* define if you need a declaration for optopt */ +#undef HAVE_OPTOPT_DECLARATION + +/* define if you need a declaration for __progname */ +#undef HAVE___PROGNAME_DECLARATION + +@BOTTOM@ + +#undef HAVE_INT8_T +#undef HAVE_INT16_T +#undef HAVE_INT32_T +#undef HAVE_INT64_T +#undef HAVE_U_INT8_T +#undef HAVE_U_INT16_T +#undef HAVE_U_INT32_T +#undef HAVE_U_INT64_T + +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } + +/* + * Set ORGANIZATION to be the desired organization string printed + * by the 'kinit' program. It may have spaces. + */ +#define ORGANIZATION "eBones International" + +#if 0 +#undef BINDIR +#undef LIBDIR +#undef LIBEXECDIR +#undef SBINDIR +#endif + +#if 0 +#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} +#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} +#define KRB_EQUIV "/etc/krb.equiv" + +#define KEYFILE "/etc/srvtab" + +#define KRBDIR "/var/kerberos" +#define DBM_FILE KRBDIR "/principal" +#define DEFAULT_ACL_DIR KRBDIR + +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +/* + * Define NDBM if you are using the 4.3 ndbm library (which is part of + * libc). If not defined, 4.2 dbm will be assumed. + */ +#if defined(HAVE_DBM_FIRSTKEY) +#define NDBM +#endif + +/* ftp stuff -------------------------------------------------- */ + +#define KERBEROS + +/* telnet stuff ----------------------------------------------- */ + +/* define this if you have kerberos 4 */ +#undef KRB4 + +/* define this if you want encryption */ +#undef ENCRYPTION + +/* define this if you want authentication */ +#undef AUTHENTICATION + +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 +#endif + +/* Set this if you want des encryption */ +#undef DES_ENCRYPTION + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +#undef USE_IM + +/* define this if you want diagnostics in telnetd */ +#undef DIAGNOSTICS + +/* define this if you want support for broken ENV_{VALUE,VAR} systems */ +#undef ENV_HACK + +/* */ +#undef OLD_ENVIRON + +/* Used with login -p */ +#undef LOGIN_ARGS + +/* Define if there are working stream ptys */ +#undef STREAMSPTY + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif + + +/* ------------------------------------------------------------ */ + +/* + * Define this if your ndbm-library really is berkeley db and creates + * files that ends in .db. + */ +#undef HAVE_NEW_DB + +/* Define this if you have a working getmsg */ +#undef HAVE_GETMSG + +/* Define to enable new master key code */ +#undef RANDOM_MKEY + +/* Location of the master key file, default value lives in */ +#undef MKEYFILE + +/* Define if you don't want support for afs, might be a good idea on + AIX if you don't have afs */ +#undef NO_AFS + +/* Define if you have a readline compatible library */ +#undef HAVE_READLINE + +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +/* Define this if your compiler supports '#pragma weak' */ +#undef HAVE_PRAGMA_WEAK + +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +/* Set this to one of the constants above to specify default checksum + type to emit */ +#undef DES_QUAD_DEFAULT + +/* + * AIX braindamage! + */ +#if _AIX +#define _ALL_SOURCE +#define _POSIX_SOURCE +/* this is left for hysteric reasons :-) */ +#define unix /* well, ok... */ +#endif + +/* + * SunOS braindamage! (Sun include files are generally braindead) + */ +#if (defined(sun) || defined(__sun)) +#if defined(__svr4__) || defined(__SVR4) +#define SunOS 5 +#else +#define SunOS 4 +#endif +#endif + +#if defined(__sgi) || defined(sgi) +#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) +#define IRIX 5 +#else +#define IRIX 4 +#endif +#endif + +/* IRIX 4 braindamage */ +#if IRIX == 4 && !defined(__STDC__) +#define __STDC__ 0 +#endif diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4 new file mode 100644 index 0000000..133e19d --- /dev/null +++ b/crypto/kerberosIV/aclocal.m4 @@ -0,0 +1,543 @@ +dnl +dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $ +dnl + +dnl +dnl General tests +dnl + +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [ + +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_funclib_$1, +[ +if eval "test \"\$ac_cv_func_$1\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $2; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" +fi +]) + +eval "ac_res=\$ac_cv_funclib_$1" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs $1"@@@ +@@@libs="$libs $2"@@@ +END + +changequote(, )dnl +eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_$1=$ac_res" +changequote([, ])dnl + +case "$ac_res" in + yes) + eval "ac_cv_func_$1=yes" + eval "LIB_$1=" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_MSG_RESULT([yes]) + ;; + no) + eval "ac_cv_func_$1=no" + eval "LIB_$1=" + AC_MSG_RESULT([no]) + ;; + *) + eval "ac_cv_func_$1=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_DEFINE_UNQUOTED($ac_tr_lib) + AC_MSG_RESULT([yes, in $ac_res]) + ;; +esac +AC_SUBST(LIB_$1) +]) + +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC, [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) + +dnl +dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal +dnl libraries + +AC_DEFUN(AC_BROKEN, +[for ac_func in $1 +do +AC_CHECK_FUNC($ac_func, [ +changequote(, )dnl +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +changequote([, ])dnl +AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"]) +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs $1"@@@ +END +done +AC_SUBST(LIBOBJS)dnl +]) + +dnl +dnl Mix between AC_FIND_FUNC and AC_BROKEN +dnl + +AC_DEFUN(AC_FIND_IF_NOT_BROKEN, +[AC_FIND_FUNC([$1], [$2], [$3], [$4]) +if eval "test \"$ac_cv_func_$1\" != yes"; then +LIBOBJS="$LIBOBJS $1.o" +fi +AC_SUBST(LIBOBJS)dnl +]) + +dnl +dnl +dnl + +dnl AC_TEST_PACKAGE(package,header,lib,linkline) +AC_DEFUN(AC_TEST_PACKAGE, +[ +AC_MSG_CHECKING(for $1) +AC_ARG_WITH($1, +[ --with-$1=dir use $1 in dir], +[if test "$with_$1" = "no"; then + with_$1= +fi] +) +AC_ARG_WITH($1-lib, +[ --with-$1-lib=dir use $1-lib in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi] +) +AC_ARG_WITH($1-include, +[ --with-$1-include=dir use $1-include in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi] +) + +define([foo], translit($1, [a-z], [A-Z])) +: << END +@@@syms="$syms foo"@@@ +END + +if test -n "$with_$1"; then + AC_DEFINE([foo]) + if test "$with_$1" != "yes"; then + $1_dir=$with_$1 + fi +dnl Try to find include + if test -n "$with_$1_include"; then + trydir=$with_$1_include + elif test "$with_$1" != "yes"; then + trydir="$with_$1 $with_$1/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/$2; then + found=yes; res=$i; break + fi + else + AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break]) + fi + done + if test -n "$found"; then + $1_include=$res + else + AC_MSG_ERROR(Cannot find $2) + fi +dnl Try to find lib + if test -n "$with_$1_lib"; then + trydir=$with_$1_lib + elif test "$with_$1" != "yes"; then + trydir="$with_$1 $with_$1/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/$3; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="$4 $LIBS" + AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break]) + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + $1_lib=$res + else + AC_MSG_ERROR(Cannot find $3) + fi + AC_MSG_RESULT([headers $$1_include, libraries $$1_lib]) + AC_DEFINE_UNQUOTED(foo) + if test -n "$$1_include"; then + foo[INCLUDE]="-I$$1_include" + fi + AC_SUBST(foo[INCLUDE]) + if test -n "$$1_lib"; then + foo[LIB]="-L$$1_lib" + fi + foo[LIB]="$foo[LIB] $4" + AC_SUBST(foo[LIB]) +else + AC_MSG_RESULT(no) +fi +undefine([foo]) +]) + +dnl +dnl Check if we need the declaration of a variable +dnl + +dnl AC_HAVE_DECLARATION(includes, variable) +AC_DEFUN(AC_CHECK_DECLARATION, [ +AC_MSG_CHECKING([if $2 is properly declared]) +AC_CACHE_VAL(ac_cv_var_$2_declaration, [ +AC_TRY_COMPILE([$1 +extern struct { int foo; } $2;], +[$2.foo = 1;], +eval "ac_cv_var_$2_declaration=no", +eval "ac_cv_var_$2_declaration=yes") +]) + +ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION] + +define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]) +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) + +AC_MSG_RESULT($ac_cv_var_$2_declaration) +if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then + AC_DEFINE_UNQUOTED($ac_tr_var) +fi +]) + +dnl +dnl +dnl + +dnl AC_CHECK_VAR(includes, variable) +AC_DEFUN(AC_CHECK_VAR, [ +AC_MSG_CHECKING(for $2) +AC_CACHE_VAL(ac_cv_var_$2, [ +AC_TRY_LINK([extern int $2; +int foo() { return $2; }], + [foo()], + ac_cv_var_$2=yes, ac_cv_var_$2=no) +]) +eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])" + +define([foo], [HAVE_]translit($2, [a-z], [A-Z])) +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) + +AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`) +if test `eval echo \\$ac_cv_var_$2` = yes; then + AC_DEFINE_UNQUOTED($ac_tr_var) + AC_CHECK_DECLARATION([$1],[$2]) +fi +]) + +dnl +dnl Check if we need the prototype for a function +dnl + +dnl AC_NEED_PROTO(includes, function) + +AC_DEFUN(AC_NEED_PROTO, [ +AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto, +AC_TRY_COMPILE([$1], +[struct foo { int foo; } xx; +extern int $2 (struct foo*); +$2(&xx); +], +eval "ac_cv_func_$2_noproto=yes", +eval "ac_cv_func_$2_noproto=no")) +define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO]) +if test "$ac_cv_func_$2_noproto" = yes; then + AC_DEFINE(foo) +fi +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) +]) + +dnl AC_MSG_RESULT($ac_cv_func_$3_proto) +dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then +dnl AC_DEFINE_UNQUOTED($ac_tr_func) +dnl fi +dnl ]) +dnl +dnl AC_DEFUN(AC_NEED_PROTO, [ +dnl AC_MSG_CHECKING([if $3 needs a proto]) +dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [ +dnl AC_TRY_COMPILE([$1], +dnl [$2], +dnl eval "ac_cv_func_$3_proto=no", +dnl eval "ac_cv_func_$3_proto=yes") +dnl ]) +dnl changequote(, )dnl +dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO" +dnl changequote([, ])dnl +dnl +dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO]) +dnl : << END +dnl @@@syms="$syms foo"@@@ +dnl END +dnl undefine([foo]) +dnl +dnl AC_MSG_RESULT($ac_cv_func_$3_proto) +dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then +dnl AC_DEFINE_UNQUOTED($ac_tr_func) +dnl fi +dnl ]) + +AC_DEFUN(AC_GROK_TYPE, [ +AC_CACHE_VAL(ac_cv_type_$1, +AC_TRY_COMPILE([ +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif +], +$i x; +, +eval ac_cv_type_$1=yes, +eval ac_cv_type_$1=no))]) + + +AC_DEFUN(AC_GROK_TYPES, [ +for i in $1; do + AC_MSG_CHECKING(for $i) + AC_GROK_TYPE($i) + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'` + AC_DEFINE_UNQUOTED($type) + fi + AC_MSG_RESULT($ac_res) +done +]) + +dnl +dnl Specific tests +dnl + +dnl +dnl We prefer byacc or yacc because they do not use `alloca' +dnl + +AC_DEFUN(AC_KRB_PROG_YACC, +[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')]) + +dnl +dnl Also look for EMXOMF for OS/2 +dnl + +AC_DEFUN(AC_KRB_PROG_RANLIB, +[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)]) + +dnl +dnl Better test for ln -s, ln or cp +dnl + +AC_DEFUN(AC_KRB_PROG_LN_S, +[AC_MSG_CHECKING(for ln -s or something else) +AC_CACHE_VAL(ac_cv_prog_LN_S, +[rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi])dnl +LN_S="$ac_cv_prog_LN_S" +AC_MSG_RESULT($ac_cv_prog_LN_S) +AC_SUBST(LN_S)dnl +]) + +dnl +dnl NEXTSTEP is not posix compliant by default, +dnl you need a switch -posix to the compiler +dnl + +AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [ +AC_MSG_CHECKING(for NEXTSTEP) +AC_CACHE_VAL(krb_cv_sys_nextstep, +AC_EGREP_CPP(yes, +[#ifdef NeXT + yes +#endif +], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) ) +if test "$krb_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +AC_MSG_RESULT($krb_cv_sys_nextstep) +]) + +dnl +dnl AIX have a very different syscall convention +dnl +AC_DEFUN(AC_KRB_SYS_AIX, [ +AC_MSG_CHECKING(for AIX) +AC_CACHE_VAL(krb_cv_sys_aix, +AC_EGREP_CPP(yes, +[#ifdef _AIX + yes +#endif +], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) +AC_MSG_RESULT($krb_cv_sys_aix) +]) + +dnl +dnl test for broken getcwd in (SunOS braindamage) +dnl + +AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [ +if test "$ac_cv_func_getcwd" = yes; then +AC_MSG_CHECKING(if getcwd is broken) +AC_CACHE_VAL(ac_cv_func_getcwd_broken, [ +ac_cv_func_getcwd_broken=no + +AC_TRY_RUN([ +#include +char *getcwd(char*, int); + +void *popen(char *cmd, char *mode) +{ + errno = ENOTTY; + return 0; +} + +int main() +{ + char *ret; + ret = getcwd(0, 1024); + if(ret == 0 && errno == ENOTTY) + return 0; + return 1; +} +], ac_cv_func_getcwd_broken=yes,:,:) +]) +if test "$ac_cv_func_getcwd_broken" = yes; then + AC_DEFINE(BROKEN_GETCWD, 1)dnl + LIBOBJS="$LIBOBJS getcwd.o" + AC_SUBST(LIBOBJS)dnl + AC_MSG_RESULT($ac_cv_func_getcwd_broken) +else + AC_MSG_RESULT([seems ok]) +fi +fi +]) + + +AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [ +if test "${with_shared}" = "yes"; then +AC_MSG_CHECKING(for pragma weak) +AC_CACHE_VAL(ac_have_pragma_weak, [ +ac_have_pragma_weak=no +cat > conftest_foo.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +#pragma weak foo = _foo +int _foo = 17; +EOF +cat > conftest_bar.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +extern int foo; + +int t() { + return foo; +} + +int main() { + return t(); +} +EOF +if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then +ac_have_pragma_weak=yes +fi +rm -rf conftest* +]) +if test "$ac_have_pragma_weak" = "yes"; then + AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl +fi +AC_MSG_RESULT($ac_have_pragma_weak) +fi +]) + +dnl +dnl Search for struct winsize +dnl + +AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [ +AC_MSG_CHECKING(for struct winsize) +AC_CACHE_VAL(ac_cv_struct_winsize, [ +ac_cv_struct_winsize=no +for i in sys/termios.h sys/ioctl.h; do +AC_EGREP_HEADER( +changequote(, )dnl +struct[ ]*winsize,dnl +changequote([,])dnl +$i, ac_cv_struct_winsize=yes; break)dnl +done +]) +if test "$ac_cv_struct_winsize" = "yes"; then + AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl +fi +AC_MSG_RESULT($ac_cv_struct_winsize) +AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL)) +AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL)) +]) diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in new file mode 100644 index 0000000..d0b68b1 --- /dev/null +++ b/crypto/kerberosIV/admin/Makefile.in @@ -0,0 +1,104 @@ +# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = ext_srvtab$(EXECSUFFIX) \ + kdb_destroy$(EXECSUFFIX) \ + kdb_edit$(EXECSUFFIX) \ + kdb_init$(EXECSUFFIX) \ + kdb_util$(EXECSUFFIX) \ + kstash$(EXECSUFFIX) + +SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \ + kdb_init.c kdb_util.c kstash.c + +OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \ + kdb_init.o kdb_util.o kstash.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(sbindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes +LIBROKEN= -L../lib/roken -lroken + +ext_srvtab$(EXECSUFFIX): ext_srvtab.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_destroy$(EXECSUFFIX): kdb_destroy.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_edit$(EXECSUFFIX): kdb_edit.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_init$(EXECSUFFIX): kdb_init.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_util$(EXECSUFFIX): kdb_util.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kstash$(EXECSUFFIX): kstash.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h new file mode 100644 index 0000000..6cbd20d --- /dev/null +++ b/crypto/kerberosIV/admin/adm_locl.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */ + +#ifndef __adm_locl_h +#define __adm_locl_h + +#include "config.h" +#include "protos.h" + +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif /* !TIME_WITH_SYS_TIME */ + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include + +#include + +#include +#include +#include +#include +#include + +#endif /* __adm_locl_h */ diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c new file mode 100644 index 0000000..9c02921 --- /dev/null +++ b/crypto/kerberosIV/admin/ext_srvtab.c @@ -0,0 +1,143 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Description + */ + +#include "adm_locl.h" + +RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $"); + +static des_cblock master_key; +static des_cblock session_key; +static des_key_schedule master_key_schedule; +static char realm[REALM_SZ]; + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [-n] [-r realm] instance [instance ...]\n", + __progname); + exit(1); +} + +static void +StampOutSecrets(void) +{ + memset(master_key, 0, sizeof master_key); + memset(session_key, 0, sizeof session_key); + memset(master_key_schedule, 0, sizeof master_key_schedule); +} + +static void +Die(void) +{ + StampOutSecrets(); + exit(1); +} + +static void +FWrite(void *p, int size, int n, FILE *f) +{ + if (fwrite(p, size, n, f) != n) { + printf("Error writing output file. Terminating.\n"); + Die(); + } +} + +int +main(int argc, char **argv) +{ + FILE *fout; + char fname[1024]; + int fopen_errs = 0; + int arg; + Principal princs[40]; + int more; + int prompt = KDB_GET_PROMPT; + int n, i; + + set_progname (argv[0]); + memset(realm, 0, sizeof(realm)); + + /* Parse commandline arguments */ + if (argc < 2) + usage(); + else { + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-n") == 0) + prompt = FALSE; + else if (strcmp(argv[i], "-r") == 0) { + if (++i >= argc) + usage(); + else { + strcpy(realm, argv[i]); + /* + * This is to humor the broken way commandline + * argument parsing is done. Later, this + * program ignores everything that starts with -. + */ + argv[i][0] = '-'; + } + } + else if (argv[i][0] == '-') + usage(); + else + if (!k_isinst(argv[i])) { + warnx("bad instance name: %s", argv[i]); + usage(); + } + } + } + + if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + exit(1); + } + + /* For each arg, search for instances of arg, and produce */ + /* srvtab file */ + if (!realm[0]) + if (krb_get_lrealm(realm, 1) != KSUCCESS) + errx (1, "couldn't get local realm"); + umask(077); + + for (arg = 1; arg < argc; arg++) { + if (argv[arg][0] == '-') + continue; + snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]); + if ((fout = fopen(fname, "w")) == NULL) { + warn("Couldn't create file '%s'.", fname); + fopen_errs++; + continue; + } + printf("Generating '%s'....\n", fname); + n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); + if (more) + fprintf(stderr, "More than 40 found...\n"); + for (i = 0; i < n; i++) { + FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); + FWrite(princs[i].instance, strlen(princs[i].instance) + 1, + 1, fout); + FWrite(realm, strlen(realm) + 1, 1, fout); + FWrite(&princs[i].key_version, + sizeof(princs[i].key_version), 1, fout); + copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key); + kdb_encrypt_key (&session_key, &session_key, + &master_key, master_key_schedule, DES_DECRYPT); + FWrite(session_key, sizeof session_key, 1, fout); + } + fclose(fout); + } + + StampOutSecrets(); + + return fopen_errs; /* 0 errors if successful */ + +} diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c new file mode 100644 index 0000000..fca339f --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_destroy.c @@ -0,0 +1,57 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Description. + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $"); + +int +main(int argc, char **argv) +{ + char answer[10]; /* user input */ + char dbm[256]; /* database path and name */ + char dbm1[256]; /* database path and name */ +#ifdef HAVE_NEW_DB + char *file; /* database file names */ +#else + char *file1, *file2; /* database file names */ +#endif + + set_progname (argv[0]); + + strcpy(dbm, DBM_FILE); +#ifdef HAVE_NEW_DB + file = strcat(dbm, ".db"); +#else + strcpy(dbm1, DBM_FILE); + file1 = strcat(dbm, ".dir"); + file2 = strcat(dbm1, ".pag"); +#endif + + printf("You are about to destroy the Kerberos database "); + printf("on this machine.\n"); + printf("Are you sure you want to do this (y/n)? "); + fgets(answer, sizeof(answer), stdin); + + if (answer[0] == 'y' || answer[0] == 'Y') { +#ifdef HAVE_NEW_DB + if (unlink(file) == 0) +#else + if (unlink(file1) == 0 && unlink(file2) == 0) +#endif + { + warnx ("Database deleted at %s", DBM_FILE); + return 0; + } + else + warn ("Database cannot be deleted at %s", DBM_FILE); + } else + warnx ("Database not deleted at %s", DBM_FILE); + return 1; +} diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c new file mode 100644 index 0000000..5d07135 --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_edit.c @@ -0,0 +1,404 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * . + * + * This routine changes the Kerberos encryption keys for principals, + * i.e., users or services. + */ + +/* + * exit returns 0 ==> success -1 ==> error + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $"); + +#ifdef DEBUG +extern kerb_debug; +#endif + +#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) + +static int nflag = 0; +static int debug; + +static des_cblock new_key; + +static int i, j; +static int more; + +static char input_name[ANAME_SZ]; +static char input_instance[INST_SZ]; + +#define MAX_PRINCIPAL 10 +static Principal principal_data[MAX_PRINCIPAL]; + +static Principal old_principal; +static Principal default_princ; + +static des_cblock master_key; +static des_cblock session_key; +static des_key_schedule master_key_schedule; +static char pw_str[255]; +static long master_key_version; + +static void +Usage(void) +{ + fprintf(stderr, "Usage: %s [-n]\n", __progname); + exit(1); +} + +static char * +n_gets(char *buf, int size) +{ + char *p; + char *ret; + ret = fgets(buf, size, stdin); + + if (ret && (p = strchr(buf, '\n'))) + *p = 0; + return ret; +} + + +static int +change_principal(void) +{ + static char temp[255]; + int creating = 0; + int editpw = 0; + int changed = 0; + long temp_long; /* Don't change to int32_t, used by scanf */ + int n; + struct tm *tp, edate; + + fprintf(stdout, "\nPrincipal name: "); + fflush(stdout); + if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0') + return 0; + fprintf(stdout, "Instance: "); + fflush(stdout); + /* instance can be null */ + n_gets(input_instance, sizeof(input_instance)); + j = kerb_get_principal(input_name, input_instance, principal_data, + MAX_PRINCIPAL, &more); + if (!j) { + fprintf(stdout, "\n\07\07, Create [y] ? "); + fflush(stdout); + n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */ + if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') + return -1; + /* make a new principal, fill in defaults */ + j = 1; + creating = 1; + strcpy(principal_data[0].name, input_name); + strcpy(principal_data[0].instance, input_instance); + principal_data[0].old = NULL; + principal_data[0].exp_date = default_princ.exp_date; + if (strcmp(input_instance, "admin") == 0) + principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/ + else if (strcmp(input_instance, "root") == 0) + principal_data[0].max_life = 96; /* 8 hours */ + else + principal_data[0].max_life = default_princ.max_life; + principal_data[0].attributes = default_princ.attributes; + principal_data[0].kdc_key_ver = (unsigned char) master_key_version; + principal_data[0].key_version = 0; /* bumped up later */ + } + tp = k_localtime(&principal_data[0].exp_date); + snprintf(principal_data[0].exp_date_txt, + sizeof(principal_data[0].exp_date_txt), + "%4d-%02d-%02d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ + for (i = 0; i < j; i++) { + for (;;) { + fprintf(stdout, + "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", + principal_data[i].name, principal_data[i].instance, + principal_data[i].kdc_key_ver); + fflush(stdout); + editpw = 1; + changed = 0; + if (!creating) { + /* + * copy the existing data so we can use the old values + * for the qualifier clause of the replace + */ + principal_data[i].old = (char *) &old_principal; + memcpy(&old_principal, &principal_data[i], + sizeof(old_principal)); + printf("\nChange password [n] ? "); + n_gets(temp, sizeof(temp)); + if (strcmp("y", temp) && strcmp("Y", temp)) + editpw = 0; + } + /* password */ + if (editpw) { +#ifdef NOENCRYPTION + placebo_read_pw_string(pw_str, sizeof pw_str, + "\nNew Password: ", TRUE); +#else + if(des_read_pw_string(pw_str, sizeof pw_str, + "\nNew Password: ", TRUE)) + continue; +#endif + if ( strcmp(pw_str, "RANDOM") == 0 + || strcmp(pw_str, "") == 0) { + printf("\nRandom password [y] ? "); + n_gets(temp, sizeof(temp)); + if (!strcmp("n", temp) || !strcmp("N", temp)) { + /* no, use literal */ +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */ + } else { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_new_random_key(&new_key); +#endif + memset(pw_str, 0, sizeof pw_str); + } + } else if (!strcmp(pw_str, "NULL")) { + printf("\nNull Key [y] ? "); + n_gets(temp, sizeof(temp)); + if (!strcmp("n", temp) || !strcmp("N", temp)) { + /* no, use literal */ +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); /* "NULL" */ + } else { + + principal_data[i].key_low = 0; + principal_data[i].key_high = 0; + goto null_key; + } + } else { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); + } + + /* seal it under the kerberos master key */ + kdb_encrypt_key (&new_key, &new_key, + &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, + &principal_data[i].key_low, + &principal_data[i].key_high); + memset(new_key, 0, sizeof(new_key)); + null_key: + /* set master key version */ + principal_data[i].kdc_key_ver = + (unsigned char) master_key_version; + /* bump key version # */ + principal_data[i].key_version++; + fprintf(stdout, + "\nPrincipal's new key version = %d\n", + principal_data[i].key_version); + fflush(stdout); + changed = 1; + } + /* expiration date */ + fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", + principal_data[i].exp_date_txt); + fflush(stdout); + zaptime(&edate); + while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) > + sizeof(principal_data[0].exp_date_txt))) { + bad_date: + fprintf(stdout, "\07\07Date Invalid\n"); + fprintf(stdout, + "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", + principal_data[i].exp_date_txt); + fflush(stdout); + zaptime(&edate); + } + + if (*temp) { + if (sscanf(temp, "%d-%d-%d", &edate.tm_year, + &edate.tm_mon, &edate.tm_mday) != 3) + goto bad_date; + edate.tm_mon--; /* January is 0, not 1 */ + edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_min = 59; /* specified day */ + if (krb_check_tm (edate)) + goto bad_date; + edate.tm_year -= 1900; + temp_long = tm2time (edate, 1); + strcpy(principal_data[i].exp_date_txt, temp); + principal_data[i].exp_date = temp_long; + changed = 1; + } + + /* maximum lifetime */ + fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", + principal_data[i].max_life); + fflush(stdout); + while (n_gets(temp, sizeof(temp)) && *temp) { + if (sscanf(temp, "%ld", &temp_long) != 1) + goto bad_life; + if (temp_long > 255 || (temp_long < 0)) { + bad_life: + fprintf(stdout, "\07\07Invalid, choose 0-255\n"); + fprintf(stdout, + "Max ticket lifetime (*5 minutes) [ %d ] ? ", + principal_data[i].max_life); + fflush(stdout); + continue; + } + changed = 1; + /* dont clobber */ + principal_data[i].max_life = (unsigned short) temp_long; + break; + } + + /* attributes */ + fprintf(stdout, "Attributes [ %d ] ? ", + principal_data[i].attributes); + fflush(stdout); + while (n_gets(temp, sizeof(temp)) && *temp) { + if (sscanf(temp, "%ld", &temp_long) != 1) + goto bad_att; + if (temp_long > 65535 || (temp_long < 0)) { + bad_att: + fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); + fprintf(stdout, "Attributes [ %d ] ? ", + principal_data[i].attributes); + fflush(stdout); + continue; + } + changed = 1; + /* dont clobber */ + principal_data[i].attributes = + (unsigned short) temp_long; + break; + } + + /* + * remaining fields -- key versions and mod info, should + * not be directly manipulated + */ + if (changed) { + if (kerb_put_principal(&principal_data[i], 1)) { + fprintf(stdout, + "\nError updating Kerberos database"); + } else { + fprintf(stdout, "Edit O.K."); + } + } else { + fprintf(stdout, "Unchanged"); + } + + + memset(&principal_data[i].key_low, 0, 4); + memset(&principal_data[i].key_high, 0, 4); + fflush(stdout); + break; + } + } + if (more) { + fprintf(stdout, "\nThere were more tuples found "); + fprintf(stdout, "than there were space for"); + } + return 1; +} + +static void +cleanup(void) +{ + + memset(master_key, 0, sizeof(master_key)); + memset(session_key, 0, sizeof(session_key)); + memset(master_key_schedule, 0, sizeof(master_key_schedule)); + memset(principal_data, 0, sizeof(principal_data)); + memset(new_key, 0, sizeof(new_key)); + memset(pw_str, 0, sizeof(pw_str)); +} + +int +main(int argc, char **argv) +{ + /* Local Declarations */ + + long n; + + set_progname (argv[0]); + + while (--argc > 0 && (*++argv)[0] == '-') + for (i = 1; argv[0][i] != '\0'; i++) { + switch (argv[0][i]) { + + /* debug flag */ + case 'd': + debug = 1; + continue; + + /* debug flag */ +#ifdef DEBUG + case 'l': + kerb_debug |= 1; + continue; +#endif + case 'n': /* read MKEYFILE for master key */ + nflag = 1; + continue; + + default: + warnx ("illegal flag \"%c\"", argv[0][i]); + Usage(); /* Give message and die */ + } + } + + fprintf(stdout, "Opening database...\n"); + fflush(stdout); + kerb_init(); + if (argc > 0) + if (kerb_db_set_name(*argv) != 0) + errx (1, "Could not open altername database name"); + + if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0, + &master_key, master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + + if ((master_key_version = kdb_verify_master_key(&master_key, + master_key_schedule, + stdout)) < 0) + return 1; + + /* Initialize non shared random sequence */ + des_init_random_number_generator(&master_key); + + /* lookup the default values */ + n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (n != 1) + errx (1, "Kerberos error on default value lookup, %ld found.", n); + fprintf(stdout, "Previous or default values are in [brackets] ,\n"); + fprintf(stdout, "enter return to leave the same, or new value.\n"); + + while (change_principal()) { + } + + cleanup(); + return 0; +} diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c new file mode 100644 index 0000000..b9ea009 --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_init.c @@ -0,0 +1,174 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * program to initialize the database, reports error if database file + * already exists. + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $"); + +enum ap_op { + NULL_KEY, /* setup null keys */ + MASTER_KEY, /* use master key as new key */ + RANDOM_KEY /* choose a random key */ +}; + +static des_cblock master_key; +static des_key_schedule master_key_schedule; + +/* use a return code to indicate success or failure. check the return */ +/* values of the routines called by this routine. */ + +static int +add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) +{ + Principal principal; + struct tm *tm; + des_cblock new_key; + + memset(&principal, 0, sizeof(principal)); + strncpy(principal.name, name, ANAME_SZ); + strncpy(principal.instance, instance, INST_SZ); + switch (aap_op) { + case NULL_KEY: + principal.key_low = 0; + principal.key_high = 0; + break; + case RANDOM_KEY: +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_new_random_key(&new_key); +#endif + kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, &principal.key_low, &principal.key_high); + memset(new_key, 0, sizeof(new_key)); + break; + case MASTER_KEY: + memcpy(new_key, master_key, sizeof (des_cblock)); + kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, &principal.key_low, &principal.key_high); + break; + } + principal.exp_date = 946702799; /* Happy new century */ + strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); + principal.mod_date = time(0); + + tm = k_localtime(&principal.mod_date); + principal.attributes = 0; + principal.max_life = maxlife; + + principal.kdc_key_ver = 1; + principal.key_version = 1; + + strncpy(principal.mod_name, "db_creation", ANAME_SZ); + strncpy(principal.mod_instance, "", INST_SZ); + principal.old = 0; + + if (kerb_db_put_principal(&principal, 1) != 1) + return -1; /* FAIL */ + + /* let's play it safe */ + memset(new_key, 0, sizeof (des_cblock)); + memset(&principal.key_low, 0, 4); + memset(&principal.key_high, 0, 4); + return 0; +} + +int +main(int argc, char **argv) +{ + char realm[REALM_SZ]; + char *cp; + int code; + char *database; + + set_progname (argv[0]); + + if (argc > 3) { + fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); + return 1; + } + if (argc == 3) { + database = argv[2]; + --argc; + } else + database = DBM_FILE; + + /* Do this first, it'll fail if the database exists */ + if ((code = kerb_db_create(database)) != 0) + err (1, "Couldn't create database %s", database); + kerb_db_set_name(database); + + if (argc == 2) + strncpy(realm, argv[1], REALM_SZ); + else { + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + fprintf(stderr, "Realm name [default %s ]: ", realm); + if (fgets(realm, sizeof(realm), stdin) == NULL) + errx (1, "\nEOF reading realm"); + if ((cp = strchr(realm, '\n'))) + *cp = '\0'; + if (!*realm) /* no realm given */ + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + } + if (!k_isrealm(realm)) + errx (1, "Bad kerberos realm name \"%s\"", realm); +#ifndef RANDOM_MKEY + printf("You will be prompted for the database Master Password.\n"); + printf("It is important that you NOT FORGET this password.\n"); +#else + printf("To generate a master key, please enter some random data.\n"); + printf("You do not have to remember this.\n"); +#endif + fflush(stdout); + + if (kdb_get_master_key (KDB_GET_TWICE, &master_key, + master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + +#ifdef RANDOM_MKEY + if(kdb_kstash(&master_key, MKEYFILE) < 0) + err (1, "Error writing master key"); + fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); +#endif + + /* Initialize non shared random sequence */ + des_init_random_number_generator(&master_key); + + /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ +#define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) + + /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */ +#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255) + + /* This means that default lifetimes have not been initialized */ +#define DEFLIFE 255 + +#define NOLIFE 0 + + if ( + add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) || + add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)|| + add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)|| + add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE) + ) { + putc ('\n', stderr); + errx (1, "couldn't initialize database."); + } + + /* play it safe */ + memset(master_key, 0, sizeof (des_cblock)); + memset(master_key_schedule, 0, sizeof (des_key_schedule)); + return 0; +} diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c new file mode 100644 index 0000000..b221fdd --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_util.c @@ -0,0 +1,496 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Kerberos database manipulation utility. This program allows you to + * dump a kerberos database to an ascii readable file and load this + * file into the database. Read locking of the database is done during a + * dump operation. NO LOCKING is done during a load operation. Loads + * should happen with other processes shutdown. + * + * Written July 9, 1987 by Jeffrey I. Schiller + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $"); + +static des_cblock master_key, new_master_key; +static des_key_schedule master_key_schedule, new_master_key_schedule; + +#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) + +/* cv_key is a procedure which takes a principle and changes its key, + either for a new method of encrypting the keys, or a new master key. + if cv_key is null no transformation of key is done (other than net byte + order). */ + +struct callback_args { + void (*cv_key)(Principal *); + FILE *output_file; +}; + +static void +print_time(FILE *file, time_t timeval) +{ + struct tm *tm; + tm = gmtime(&timeval); + fprintf(file, " %04d%02d%02d%02d%02d", + tm->tm_year + 1900, + tm->tm_mon + 1, + tm->tm_mday, + tm->tm_hour, + tm->tm_min); +} + +static long +time_explode(char *cp) +{ + char wbuf[5]; + struct tm tp; + int local; + + zaptime(&tp); /* clear out the struct */ + + if (strlen(cp) > 10) { /* new format */ + strncpy(wbuf, cp, 4); + wbuf[4] = 0; + tp.tm_year = atoi(wbuf) - 1900; + cp += 4; /* step over the year */ + local = 0; /* GMT */ + } else { /* old format: local time, + year is 2 digits, assuming 19xx */ + wbuf[0] = *cp++; + wbuf[1] = *cp++; + wbuf[2] = 0; + tp.tm_year = atoi(wbuf); + local = 1; /* local */ + } + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + wbuf[2] = 0; + tp.tm_mon = atoi(wbuf)-1; + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_mday = atoi(wbuf); + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_hour = atoi(wbuf); + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_min = atoi(wbuf); + + + return(tm2time(tp, local)); +} + +static int +dump_db_1(void *arg, Principal *principal) +{ /* replace null strings with "*" */ + struct callback_args *a = (struct callback_args *)arg; + + if (principal->instance[0] == '\0') { + principal->instance[0] = '*'; + principal->instance[1] = '\0'; + } + if (principal->mod_name[0] == '\0') { + principal->mod_name[0] = '*'; + principal->mod_name[1] = '\0'; + } + if (principal->mod_instance[0] == '\0') { + principal->mod_instance[0] = '*'; + principal->mod_instance[1] = '\0'; + } + if (a->cv_key != NULL) { + (*a->cv_key) (principal); + } + fprintf(a->output_file, "%s %s %d %d %d %d %x %x", + principal->name, + principal->instance, + principal->max_life, + principal->kdc_key_ver, + principal->key_version, + principal->attributes, + (int)htonl (principal->key_low), + (int)htonl (principal->key_high)); + print_time(a->output_file, principal->exp_date); + print_time(a->output_file, principal->mod_date); + fprintf(a->output_file, " %s %s\n", + principal->mod_name, + principal->mod_instance); + return 0; +} + +static int +dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *)) +{ + struct callback_args a; + + a.cv_key = cv_key; + a.output_file = output_file; + + kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a); + return fflush(output_file); +} + +static int +add_file(void *db, FILE *file) +{ + int ret; + int lineno = 0; + char line[1024]; + unsigned long key[2]; /* yes, long */ + Principal pr; + + char exp_date[64], mod_date[64]; + + int life, kkvno, kvno; + + while(1){ + memset(&pr, 0, sizeof(pr)); + errno = 0; + if(fgets(line, sizeof(line), file) == NULL){ + if(errno != 0) + err (1, "fgets"); + break; + } + lineno++; + ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s", + pr.name, pr.instance, + &life, &kkvno, &kvno, + &pr.attributes, + &key[0], &key[1], + exp_date, mod_date, + pr.mod_name, pr.mod_instance); + if(ret != 12){ + warnx("Line %d malformed (ignored)", lineno); + continue; + } + pr.key_low = ntohl (key[0]); + pr.key_high = ntohl (key[1]); + pr.max_life = life; + pr.kdc_key_ver = kkvno; + pr.key_version = kvno; + pr.exp_date = time_explode(exp_date); + pr.mod_date = time_explode(mod_date); + if (pr.instance[0] == '*') + pr.instance[0] = 0; + if (pr.mod_name[0] == '*') + pr.mod_name[0] = 0; + if (pr.mod_instance[0] == '*') + pr.mod_instance[0] = 0; + if (kerb_db_update(db, &pr, 1) != 1) { + warn ("store %s.%s aborted", + pr.name, pr.instance); + return 1; + } + } + return 0; +} + +static void +load_db (char *db_file, FILE *input_file) +{ + long *db; + int temp1; + int code; + char *temp_db_file; + + temp1 = strlen(db_file)+2; + temp_db_file = malloc (temp1); + strcpy(temp_db_file, db_file); + strcat(temp_db_file, "~"); + + /* Create the database */ + if ((code = kerb_db_create(temp_db_file)) != 0) + err (1, "creating temp database %s", temp_db_file); + kerb_db_set_name(temp_db_file); + db = kerb_db_begin_update(); + if (db == NULL) + err (1, "opening temp database %s", temp_db_file); + + if(add_file(db, input_file)) + errx (1, "Load aborted"); + + kerb_db_end_update(db); + if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) + warn("database rename failed"); + fclose(input_file); + free(temp_db_file); +} + +static void +merge_db(char *db_file, FILE *input_file) +{ + void *db; + + db = kerb_db_begin_update(); + if(db == NULL) + err (1, "Couldn't open database"); + if(add_file(db, input_file)) + errx (1, "Merge aborted"); + kerb_db_end_update(db); +} + +static void +update_ok_file (char *file_name) +{ + /* handle slave locking/failure stuff */ + char *file_ok; + int fd; + static char ok[]=".dump_ok"; + + asprintf (&file_ok, "%s%s", file_name, ok); + if (file_ok == NULL) + errx (1, "out of memory"); + if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) + err (1, "Error creating %s", file_ok); + free(file_ok); + close(fd); +} + +static void +convert_key_new_master (Principal *p) +{ + des_cblock key; + + /* leave null keys alone */ + if ((p->key_low == 0) && (p->key_high == 0)) return; + + /* move current key to des_cblock for encryption, special case master key + since that's changing */ + if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && + (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { + memcpy (key, new_master_key, sizeof(des_cblock)); + (p->key_version)++; + } else { + copy_to_key(&p->key_low, &p->key_high, key); + kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT); + } + + kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT); + + copy_from_key(key, &(p->key_low), &(p->key_high)); + memset(key, 0, sizeof (key)); /* a little paranoia ... */ + + (p->kdc_key_ver)++; +} + +static void +clear_secrets (void) +{ + memset(master_key, 0, sizeof (des_cblock)); + memset(master_key_schedule, 0, sizeof (des_key_schedule)); + memset(new_master_key, 0, sizeof (des_cblock)); + memset(new_master_key_schedule, 0, sizeof (des_key_schedule)); +} + +static void +convert_new_master_key (char *db_file, FILE *out) +{ +#ifdef RANDOM_MKEY + errx (1, "Sorry, this function is not available with " + "the new master key scheme."); +#else + printf ("\n\nEnter the CURRENT master key."); + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0) { + clear_secrets (); + errx (1, "Couldn't get master key."); + } + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + clear_secrets (); + exit (1); + } + + printf ("\n\nNow enter the NEW master key. Do not forget it!!"); + if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key, + new_master_key_schedule) != 0) { + clear_secrets (); + errx (1, "Couldn't get new master key."); + } + + dump_db (db_file, out, convert_key_new_master); + { + char fname[128]; + snprintf(fname, sizeof(fname), "%s.new", MKEYFILE); + kdb_kstash(&new_master_key, fname); + } +#endif /* RANDOM_MKEY */ +} + +static void +convert_key_old_db (Principal *p) +{ + des_cblock key; + + /* leave null keys alone */ + if ((p->key_low == 0) && (p->key_high == 0)) return; + + copy_to_key(&p->key_low, &p->key_high, key); + +#ifndef NOENCRYPTION + des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, + (long)sizeof(des_cblock),master_key_schedule, + (des_cblock *)master_key_schedule, DES_DECRYPT); +#endif + + /* make new key, new style */ + kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT); + + copy_from_key(key, &(p->key_low), &(p->key_high)); + memset(key, 0, sizeof (key)); /* a little paranoia ... */ +} + +static void +convert_old_format_db (char *db_file, FILE *out) +{ + des_cblock key_from_db; + Principal principal_data[1]; + int n, more; + + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0L) { + clear_secrets(); + errx (1, "Couldn't get master key."); + } + + /* can't call kdb_verify_master_key because this is an old style db */ + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) + errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n); + + /* set up the master key */ + fprintf(stderr, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt (old style) the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); +#ifndef NOENCRYPTION + des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db), + master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT); +#endif + /* the decrypted database key had better equal the master key */ + + n = memcmp(master_key, key_from_db, sizeof(master_key)); + memset(key_from_db, 0, sizeof(key_from_db)); + + if (n) { + fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); + fprintf(stderr, "does not match database.\n"); + exit (1); + } + + fprintf(stderr, "Master key verified.\n"); + + dump_db (db_file, out, convert_key_old_db); +} + +int +main(int argc, char **argv) +{ + int ret; + FILE *file; + enum { + OP_LOAD, + OP_MERGE, + OP_DUMP, + OP_SLAVE_DUMP, + OP_NEW_MASTER, + OP_CONVERT_OLD_DB + } op; + char *file_name; + char *db_name; + + set_progname (argv[0]); + + if (argc != 3 && argc != 4) { + fprintf(stderr, "Usage: %s operation file [database name].\n", + argv[0]); + fprintf(stderr, "Operation is one of: " + "load, merge, dump, slave_dump, new_master_key, " + "convert_old_db\n"); + exit(1); + } + if (argc == 3) + db_name = DBM_FILE; + else + db_name = argv[3]; + + ret = kerb_db_set_name (db_name); + + /* this makes starting slave servers ~14.3 times easier */ + if(ret && strcmp(argv[1], "load") == 0) + ret = kerb_db_create (db_name); + + if(ret) + err (1, "Can't open database"); + + if (!strcmp(argv[1], "load")) + op = OP_LOAD; + else if (!strcmp(argv[1], "merge")) + op = OP_MERGE; + else if (!strcmp(argv[1], "dump")) + op = OP_DUMP; + else if (!strcmp(argv[1], "slave_dump")) + op = OP_SLAVE_DUMP; + else if (!strcmp(argv[1], "new_master_key")) + op = OP_NEW_MASTER; + else if (!strcmp(argv[1], "convert_old_db")) + op = OP_CONVERT_OLD_DB; + else { + warnx ("%s is an invalid operation.", argv[1]); + warnx ("Valid operations are \"load\", \"merge\", " + "\"dump\", \"slave_dump\", \"new_master_key\", " + "and \"convert_old_db\""); + return 1; + } + + file_name = argv[2]; + file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w"); + if (file == NULL) + err (1, "open %s", argv[2]); + + switch (op) { + case OP_DUMP: + if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || + (fclose(file) == EOF)) + err (1, "%s", file_name); + break; + case OP_SLAVE_DUMP: + if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || + (fclose(file) == EOF)) + err (1, "%s", file_name); + update_ok_file (file_name); + break; + case OP_LOAD: + load_db (db_name, file); + break; + case OP_MERGE: + merge_db (db_name, file); + break; + case OP_NEW_MASTER: + convert_new_master_key (db_name, file); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + break; + case OP_CONVERT_OLD_DB: + convert_old_format_db (db_name, file); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + break; + } + return 0; +} diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c new file mode 100644 index 0000000..4595de5 --- /dev/null +++ b/crypto/kerberosIV/admin/kstash.c @@ -0,0 +1,56 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology + * + * For copying and distribution information, please see the file + * . + * + * Description. + */ + +#include "adm_locl.h" + +RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $"); + +/* change this later, but krblib_dbm needs it for now */ + +static des_cblock master_key; +static des_key_schedule master_key_schedule; + +static void +clear_secrets(void) +{ + memset(master_key_schedule, 0, sizeof(master_key_schedule)); + memset(master_key, 0, sizeof(master_key)); +} + +int +main(int argc, char **argv) +{ + long n; + int ret = 0; + set_progname (argv[0]); + + if ((n = kerb_init())) + errx(1, "Kerberos db and cache init failed = %ld\n", n); + + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0) { + clear_secrets(); + errx(1, "Couldn't read master key."); + } + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + clear_secrets(); + return 1; + } + + ret = kdb_kstash(&master_key, MKEYFILE); + if(ret < 0) + warn("writing master key"); + else + fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); + + clear_secrets(); + return ret; +} diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in new file mode 100644 index 0000000..c951258 --- /dev/null +++ b/crypto/kerberosIV/appl/Makefile.in @@ -0,0 +1,43 @@ +# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +SUBDIRS = sample kauth bsd movemail afsutil \ + kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + for i in $(SUBDIRS);\ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +.PHONY: all install uninstall clean distclean realclean mostlyclean diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in new file mode 100644 index 0000000..57a8108 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/Makefile.in @@ -0,0 +1,135 @@ +# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DBINDIR='"$(bindir)"' +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +# Beware, these are all setuid root programs +PROG_SUIDBIN = rsh$(EXECSUFFIX) \ + rcp$(EXECSUFFIX) \ + rlogin$(EXECSUFFIX) \ + su$(EXECSUFFIX) +PROG_BIN = login$(EXECSUFFIX) +PROG_LIBEXEC = rshd$(EXECSUFFIX) \ + rlogind$(EXECSUFFIX) +PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \ + login.c klogin.c login_access.c su.c rlogind.c iruserok.c \ + login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \ + utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c + +rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o +rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o +rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o +login_OBJS = login.o klogin.o login_fbtab.o login_access.o \ + sysv_default.o sysv_environ.o sysv_shadow.o \ + utmp_login.o utmpx_login.o stty_default.o tty.o +su_OBJS = su.o +rshd_OBJS = rshd.o iruserok.o encrypt.o rcmd_util.o +rlogind_OBJS = rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o + + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(bindir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + -for x in $(PROG_SUIDBIN); do \ + $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_SUIDBIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB) +OTPLIB=-L../../lib/otp -lotp +LIBROKEN=-L../../lib/roken -lroken + +rcp$(EXECSUFFIX): $(rcp_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rsh$(EXECSUFFIX): $(rsh_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rshd$(EXECSUFFIX): $(rshd_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rlogin$(EXECSUFFIX): $(rlogin_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rlogind$(EXECSUFFIX): $(rlogind_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +login$(EXECSUFFIX): $(login_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +su$(EXECSUFFIX): $(su_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login new file mode 100644 index 0000000..c072969 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/README.login @@ -0,0 +1,20 @@ +This login has additional functionalities. They are all based on (part of) +Wietse Venema's logdaemon package. + + +The following defines can be used: +1) LOGIN_ACCESS to allow access control on a per tty/user combination +2) LOGALL to log all logins + +-Guido + +This login has some of Berkeley's paranoid/broken (depending on your point +of view) Kerberos code conditionalized out, so that by default it works like +klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code. +This define also controls whether a warning message is printed when logging +into a system with no krb.conf file, which usually means that Kerberos is +not configured. + +-GAWollman + +(removed S/Key, /assar) diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h new file mode 100644 index 0000000..d0b37aa --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h @@ -0,0 +1,380 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */ + +#define LOGALL +#define KERBEROS +#define KLOGIN_PARANOID +#define LOGIN_ACCESS +#define PASSWD_FALLBACK + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +/* Any better way to test NO_MOTD? */ +#if (SunOS == 5) || defined(__hpux) +#define NO_MOTD +#endif + +#ifdef HAVE_SHADOW_H +#define SYSV_SHADOW +#endif + +#include +#include +#include +#include +#include + +#include + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#ifndef S_ISTXT +#ifdef S_ISVTX +#define S_ISTXT S_ISVTX +#else +#define S_ISTXT 0 +#endif +#endif + +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +#ifndef NCARGS +#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */ +#endif +#ifdef HAVE_PWD_H +#include +#endif + +#ifdef HAVE_GRP_H +#include +#endif +#ifdef HAVE_UTIME_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_SYS_IOCCOM_H +#include +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifdef HAVE_SYS_FILIO_H +#include +#endif + +#ifdef HAVE_SYS_STREAM_H +#ifdef HAVE_SYS_UIO_H +#include +#endif /* HAVE_SYS_UIO_H */ +#include +#endif /* HAVE_SYS_STREAM_H */ + +#ifdef HAVE_SYS_PTYVAR_H +#ifdef HAVE_SYS_PROC_H +#include +#endif +#ifdef HAVE_SYS_TTY_H +#include +#endif +#ifdef HAVE_SYS_PTYIO_H +#include +#endif +#include +#endif /* HAVE_SYS_PTYVAR_H */ + +/* Cray stuff */ +#ifdef HAVE_UDB_H +#include +#endif +#ifdef HAVE_SYS_CATEGORY_H +#include +#endif + +/* Strange ioctls that are not always defined */ + +#ifndef TIOCPKT_FLUSHWRITE +#define TIOCPKT_FLUSHWRITE 0x02 +#endif + +#ifndef TIOCPKT_NOSTOP +#define TIOCPKT_NOSTOP 0x10 +#endif + +#ifndef TIOCPKT_DOSTOP +#define TIOCPKT_DOSTOP 0x20 +#endif + +#ifndef TIOCPKT +#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */ +#endif + +#ifdef HAVE_LASTLOG_H +#include +#endif + +#ifdef HAVE_LOGIN_H +#include +#endif + +#ifdef HAVE_TTYENT_H +#include +#endif + +#ifdef HAVE_STROPTS_H +#include +#endif + +#ifdef HAVE_UTMP_H +#include +#endif +#ifndef UT_NAMESIZE +#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name) +#endif + +#ifdef HAVE_UTMPX_H +#include +#endif + +#ifdef HAVE_USERPW_H +#include +#endif /* HAVE_USERPW_H */ + +#ifdef HAVE_USERSEC_H +#include +#endif /* HAVE_USERSEC_H */ + +#ifndef PRIO_PROCESS +#define PRIO_PROCESS 0 +#endif + +#include + +#include + +#ifdef SOCKS +#include +#endif + +#include +#include +#include + +int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser, + char *remuser, char *cmd, int *fd2p, KTEXT ticket, + char *service, char *realm, CREDENTIALS *cred, + Key_schedule schedule, MSG_DAT *msg_data, + struct sockaddr_in *laddr, struct sockaddr_in *faddr, + int32_t authopts); + +int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd, + int *fd2p, char *realm); + +int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser, + char *cmd,int *fd2p, char *realm, + CREDENTIALS *cred, Key_schedule sched); + +int klogin(struct passwd *pw, char *instance, char *localhost, char *password); + +typedef struct { + int cnt; + char *buf; +} BUF; + +char *colon(char *cp); +int okname(char *cp0); +int susystem(char *s, int userid); + +int forkpty(int *amaster, char *name, + struct termios *termp, struct winsize *winp); + +#ifndef MODEMASK +#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) +#endif + +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_MAILLOCK_H +#include +#endif +#include "pathnames.h" + +void stty_default (void); + +int utmpx_login(char *line, char *user, char *host); + +extern char **environ; + +void sysv_newenv(int argc, char **argv, struct passwd *pwd, + char *term, int pflag); + +int login_access(char *user, char *from); +#ifndef HAVE_IRUSEROK +int iruserok(u_int32_t raddr, int superuser, const char *ruser, + const char *luser); +#endif +void fatal(int f, const char *msg, int syserr); + +extern int LEFT_JUSTIFIED; +int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, + des_cblock *iv); +int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, + des_cblock *iv); + +void sysv_defaults(void); +void utmp_login(char *tty, char *username, char *hostname); +void sleepexit (int); + +#ifndef HAVE_SETPRIORITY +#define setpriority(which, who, niceval) 0 +#endif + +#ifndef HAVE_GETPRIORITY +#define getpriority(which, who) 0 +#endif + +#ifdef HAVE_TERMIOS_H +#include +#endif + +#ifndef _POSIX_VDISABLE +#define _POSIX_VDISABLE 0 +#endif /* _POSIX_VDISABLE */ +#if SunOS == 4 +#include +#endif + +#if defined(_AIX) +#include +#endif + +#ifndef CEOF +#define CEOF 04 +#endif + +/* concession to Sun */ +#ifndef SIGUSR1 +#define SIGUSR1 30 +#endif + +#ifndef TIOCPKT_WINDOW +#define TIOCPKT_WINDOW 0x80 +#endif + +int get_shell_port(int kerberos, int encryption); +int get_login_port(int kerberos, int encryption); +int speed_t2int (speed_t); +speed_t int2speed_t (int); +void ip_options_and_die (int sock, struct sockaddr_in *); +void warning(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +char *clean_ttyname (char *tty); +char *make_id (char *tty); +void prepare_utmp (struct utmp *utmp, char *tty, char *username, + char *hostname); diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c new file mode 100644 index 0000000..b74f329 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/encrypt.c @@ -0,0 +1,311 @@ +/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) + * All rights reserved. + * + * This file is part of an SSL implementation written + * by Eric Young (eay@mincom.oz.au). + * The implementation was written so as to conform with Netscapes SSL + * specification. This library and applications are + * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE + * as long as the following conditions are aheared to. + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. If this code is used in a product, + * Eric Young should be given attribution as the author of the parts used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Eric Young (eay@mincom.oz.au) + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "bsd_locl.h" + +RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $"); + +#undef BSIZE + +/* used in des_read and des_write */ +#define MAXWRITE (1024*16) +#define BSIZE (MAXWRITE+4) + +/* replacements for htonl and ntohl since I have no idea what to do + * when faced with machines with 8 byte longs. */ +#define HDRSIZE 4 + +#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \ + l|=((u_int32_t)(*((c)++)))<<16, \ + l|=((u_int32_t)(*((c)++)))<< 8, \ + l|=((u_int32_t)(*((c)++)))) + +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* This has some uglies in it but it works - even over sockets. */ +extern int errno; +int des_rw_mode=DES_PCBC_MODE; +int LEFT_JUSTIFIED = 0; + +int +des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) +{ + /* data to be unencrypted */ + int net_num=0; + unsigned char net[BSIZE]; + /* extra unencrypted data + * for when a block of 100 comes in but is des_read one byte at + * a time. */ + static char unnet[BSIZE]; + static int unnet_start=0; + static int unnet_left=0; + int i; + long num=0,rnum; + unsigned char *p; + + /* left over data from last decrypt */ + if (unnet_left != 0) + { + if (unnet_left < len) + { + /* we still still need more data but will return + * with the number of bytes we have - should always + * check the return value */ + memcpy(buf,&(unnet[unnet_start]),unnet_left); + /* eay 26/08/92 I had the next 2 lines + * reversed :-( */ + i=unnet_left; + unnet_start=unnet_left=0; + } + else + { + memcpy(buf,&(unnet[unnet_start]),len); + unnet_start+=len; + unnet_left-=len; + i=len; + } + return(i); + } + + /* We need to get more data. */ + if (len > MAXWRITE) len=MAXWRITE; + + /* first - get the length */ + net_num=0; + while (net_num < HDRSIZE) + { + i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); + if ((i == -1) && (errno == EINTR)) continue; + if (i <= 0) return(0); + net_num+=i; + } + + /* we now have at net_num bytes in net */ + p=net; + num=0; + n2l(p,num); + /* num should be rounded up to the next group of eight + * we make sure that we have read a multiple of 8 bytes from the net. + */ + if ((num > MAXWRITE) || (num < 0)) /* error */ + return(-1); + rnum=(num < 8)?8:((num+7)/8*8); + + net_num=0; + while (net_num < rnum) + { + i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); + if ((i == -1) && (errno == EINTR)) continue; + if (i <= 0) return(0); + net_num+=i; + } + + /* Check if there will be data left over. */ + if (len < num) + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, + num,sched,iv,DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, + num,sched,iv,DES_DECRYPT); + memcpy(buf,unnet,len); + unnet_start=len; + unnet_left=num-len; + + /* The following line is done because we return num + * as the number of bytes read. */ + num=len; + } + else + { + /* >output is a multiple of 8 byes, if len < rnum + * >we must be careful. The user must be aware that this + * >routine will write more bytes than he asked for. + * >The length of the buffer must be correct. + * FIXED - Should be ok now 18-9-90 - eay */ + if (len < rnum) + { + char tmpbuf[BSIZE]; + + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)tmpbuf, + num,sched,iv,DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)tmpbuf, + num,sched,iv,DES_DECRYPT); + + /* eay 26/08/92 fix a bug that returned more + * bytes than you asked for (returned len bytes :-( */ + if (LEFT_JUSTIFIED || (len >= 8)) + memcpy(buf,tmpbuf,num); + else + memcpy(buf,tmpbuf+(8-num),num); /* Right justified */ + } + else if (num >= 8) + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)buf,num,sched,iv, + DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)buf,num,sched,iv, + DES_DECRYPT); + } + else + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)buf,8,sched,iv, + DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)buf,8,sched,iv, + DES_DECRYPT); + if (!LEFT_JUSTIFIED) + memcpy(buf, buf+(8-num), num); /* Right justified */ + } + } + return(num); +} + +int +des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) +{ + long rnum; + int i,j,k,outnum; + char outbuf[BSIZE+HDRSIZE]; + char shortbuf[8]; + char *p; + static int start=1; + + /* If we are sending less than 8 bytes, the same char will look + * the same if we don't pad it out with random bytes */ + if (start) + { + start=0; + srand(time(NULL)); + } + + /* lets recurse if we want to send the data in small chunks */ + if (len > MAXWRITE) + { + j=0; + for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv); + if (k < 0) + return(k); + else + j+=k; + } + return(j); + } + + /* write length first */ + p=outbuf; + l2n(len,p); + + /* pad short strings */ + if (len < 8) + { + if (LEFT_JUSTIFIED) + { + p=shortbuf; + memcpy(shortbuf,buf,(unsigned int)len); + for (i=len; i<8; i++) + shortbuf[i]=rand(); + rnum=8; + } + else + { + p=shortbuf; + for (i=0; i<8-len; i++) + shortbuf[i]=rand(); + memcpy(shortbuf + 8 - len, buf, len); + rnum=8; + } + } + else + { + p=buf; + rnum=((len+7)/8*8); /* round up to nearest eight */ + } + + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + else + des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + + /* output */ + outnum=rnum+HDRSIZE; + + for (j=0; j= sysconf(_SC_CRAY_NPTY)) + return -1; + snprintf(buf, sz, "/dev/pty/%03d", pty_major); +#else + if(++pty_major == strlen(bsd_1)){ + pty_major = 0; + if(++pty_minor == strlen(bsd_2)) + return -1; + } +#ifdef __hpux + snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#else + snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#endif /* __hpux */ +#endif /* CRAY */ + return 0; +} + +static void +pty_scan_tty(char *buf, size_t sz) +{ +#ifdef CRAY + snprintf(buf, sz, "/dev/ttyp%03d", pty_major); +#elif defined(__hpux) + snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#else + snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#endif +} + +static int +ptym_open_streams_flavor(char *pts_name, int *streams_pty) +{ + /* Try clone device master ptys */ + const char *const clone[] = { "/dev/ptc", "/dev/ptmx", + "/dev/ptm", "/dev/ptym/clone", 0 }; + int fdm; + const char *const *q; + + for (q = clone; *q; q++) { + fdm = open(*q, O_RDWR); + if (fdm >= 0) + break; + } + if (fdm >= 0) { + char *ptr1; + if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */ + strcpy(pts_name, ptr1); /* Return name of slave */ + else { + close(fdm); + return(-4); + } + if (grantpt(fdm) < 0) { /* Grant access to slave */ + close(fdm); + return(-2); + } + if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */ + close(fdm); + return(-3); + } + return(fdm); /* return fd of master */ + } + return -1; +} + +static int +ptym_open_bsd_flavor(char *pts_name, int *streams_pty) +{ + int fdm; + char ptm[MaxPathLen]; + + pty_scan_start(); + + while (pty_scan_next(ptm, sizeof(ptm)) != -1) { + fdm = open(ptm, O_RDWR); + if (fdm < 0) + continue; +#if SunOS == 4 + /* Avoid a bug in SunOS4 ttydriver */ + if (fdm > 0) { + int pgrp; + if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1) + && (errno == EIO)) + /* All fine */; + else { + close(fdm); + continue; + } + } +#endif + pty_scan_tty(pts_name, sizeof(ptm)); +#if CRAY + /* this is some magic from the telnet code */ + { + struct stat sb; + if(stat(pts_name, &sb) < 0) { + close(fdm); + continue; + } + if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) { + chown(pts_name, 0, 0); + chmod(pts_name, 0600); + close(fdm); + fdm = open(ptm, 2); + if (fdm < 0) + continue; + } + } + /* + * Now it should be safe...check for accessability. + */ + if (access(pts_name, 6) != 0){ + /* no tty side to pty so skip it */ + close(fdm); + continue; + } +#endif + return fdm; /* All done! */ + } + + /* We failed to find BSD style pty */ + errno = ENOENT; + return -1; +} + +/* + * + * Open a master pty either using the STREAM flavor or the BSD flavor. + * Depending on if there are any free ptys in the different classes we + * need to try both. Normally try STREAMS first and then BSD. + * + * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys + * doesn't get initialized properly so we try them in different order + * until the problem has been resolved. + * + */ +static int +ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty) +{ + int fdm; + +#ifdef HAVE__GETPTY + { + char *p = _getpty(&fdm, O_RDWR, 0600, 1); + if (p) { + *streams_pty = 1; + strcpy (pts_name, p); + return fdm; + } + } +#endif + +#ifdef STREAMSPTY + fdm = ptym_open_streams_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 1; + return fdm; + } +#endif + + fdm = ptym_open_bsd_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 0; + return fdm; + } + +#ifndef STREAMSPTY + fdm = ptym_open_streams_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 1; + return fdm; + } +#endif + + return -1; +} + +static int +maybe_push_modules(int fd, char **modules) +{ +#ifdef I_PUSH + char **p; + int err; + + for(p=modules; *p; p++){ + err=ioctl(fd, I_FIND, *p); + if(err == 1) + break; + if(err < 0 && errno != EINVAL) + return -17; + /* module not pushed or does not exist */ + } + /* p points to null or to an already pushed module, now push all + modules before this one */ + + for(p--; p >= modules; p--){ + err = ioctl(fd, I_PUSH, *p); + if(err < 0 && errno != EINVAL) + return -17; + } +#endif + return 0; +} + +static int +ptys_open(int fdm, char *pts_name, int streams_pty) +{ + int fds; + + if (streams_pty) { + /* Streams style slave ptys */ + if ( (fds = open(pts_name, O_RDWR)) < 0) { + close(fdm); + return(-5); + } + + { + char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL }; + char *ptymodules[] = { "pckt", NULL }; + + if(maybe_push_modules(fds, ttymodules)<0){ + close(fdm); + close(fds); + return -6; + } + if(maybe_push_modules(fdm, ptymodules)<0){ + close(fdm); + close(fds); + return -7; + } + } + } else { + /* BSD style slave ptys */ + struct group *grptr; + int gid; + if ( (grptr = getgrnam("tty")) != NULL) + gid = grptr->gr_gid; + else + gid = -1; /* group tty is not in the group file */ + + /* Grant access to slave */ + chown(pts_name, getuid(), gid); + chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP); + + if ( (fds = open(pts_name, O_RDWR)) < 0) { + close(fdm); + return(-1); + } + } + return(fds); +} + +int +forkpty(int *ptrfdm, + char *slave_name, + struct termios *slave_termios, + struct winsize *slave_winsize) +{ + int fdm, fds, streams_pty; + pid_t pid; + char pts_name[20]; + + if (!forkpty_ok) + fatal(0, "Protocol not yet supported, use telnet", 0); + + if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0) + return -1; + + if (slave_name != NULL) + strcpy(slave_name, pts_name); /* Return name of slave */ + + pid = fork(); + if (pid < 0) + return(-1); + else if (pid == 0) { /* Child */ + if (setsid() < 0) + fatal(0, "setsid() failure", errno); + + revoke(slave_name); + +#if defined(NeXT) || defined(ultrix) + /* The NeXT is severely broken, this makes things slightly + * better but we still doesn't get a working pty. If there + * where a TIOCSCTTY we could perhaps fix things but... The + * same problem also exists in xterm! */ + if (setpgrp(0, 0) < 0) + fatal(0, "NeXT kludge failed setpgrp", errno); +#endif + + /* SVR4 acquires controlling terminal on open() */ + if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0) + return -1; + close(fdm); /* All done with master in child */ + +#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux) + /* 44BSD way to acquire controlling terminal */ + /* !CIBAUD to avoid doing this under SunOS */ + if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0) + return -1; +#endif +#if defined(NeXT) + { + int t = open("/dev/tty", O_RDWR); + if (t < 0) + fatal(0, "Failed to open /dev/tty", errno); + close(fds); + fds = t; + } +#endif + /* Set slave's termios and window size */ + if (slave_termios != NULL) { + if (tcsetattr(fds, TCSANOW, slave_termios) < 0) + return -1; + } +#ifdef TIOCSWINSZ + if (slave_winsize != NULL) { + if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0) + return -1; + } +#endif + /* slave becomes stdin/stdout/stderr of child */ + if (dup2(fds, STDIN_FILENO) != STDIN_FILENO) + return -1; + if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO) + return -1; + if (dup2(fds, STDERR_FILENO) != STDERR_FILENO) + return -1; + if (fds > STDERR_FILENO) + close(fds); + return(0); /* child returns 0 just like fork() */ + } + else { /* Parent */ + *ptrfdm = fdm; /* Return fd of master */ + return(pid); /* Parent returns pid of child */ + } +} +#endif /* HAVE_FORKPTY */ diff --git a/crypto/kerberosIV/appl/bsd/iruserok.c b/crypto/kerberosIV/appl/bsd/iruserok.c new file mode 100644 index 0000000..8349d85 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/iruserok.c @@ -0,0 +1,279 @@ +/* + * Copyright (c) 1983, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: iruserok.c,v 1.15 1997/03/23 04:54:00 assar Exp $"); + +#ifndef HAVE_IRUSEROK + +int __check_rhosts_file = 1; +char *__rcmd_errstr = 0; + +/* + * Returns "true" if match, 0 if no match. + */ +static +int +__icheckhost(u_int32_t raddr, const char *lhost) +{ + struct hostent *hp; + u_long laddr; + char **pp; + + /* Try for raw ip address first. */ + if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) + return (raddr == laddr); + + /* Better be a hostname. */ + if ((hp = gethostbyname(lhost)) == NULL) + return (0); + + /* Spin through ip addresses. */ + for (pp = hp->h_addr_list; *pp; ++pp) + if (memcmp(&raddr, *pp, sizeof(u_long)) == 0) + return (1); + + /* No match. */ + return (0); +} + +#ifndef HAVE_INNETGR +static int +innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain) +{ + return 0; +} +#endif + +/* + * Returns 0 if ok, -1 if not ok. + */ +static +int +__ivaliduser(FILE *hostf, u_int32_t raddr, const char *luser, + const char *ruser) +{ + char *user, *p; + int ch; + char buf[MaxHostNameLen + 128]; /* host + login */ + char hname[MaxHostNameLen]; + struct hostent *hp; + /* Presumed guilty until proven innocent. */ + int userok = 0, hostok = 0; +#ifdef HAVE_YP_GET_DEFAULT_DOMAIN + char *ypdomain; + + if (yp_get_default_domain(&ypdomain)) + ypdomain = NULL; +#else +#define ypdomain NULL +#endif + /* We need to get the damn hostname back for netgroup matching. */ + if ((hp = gethostbyaddr((char *)&raddr, + sizeof(u_long), + AF_INET)) == NULL) + return (-1); + strncpy(hname, hp->h_name, sizeof(hname)); + hname[sizeof(hname) - 1] = '\0'; + + while (fgets(buf, sizeof(buf), hostf)) { + p = buf; + /* Skip lines that are too long. */ + if (strchr(p, '\n') == NULL) { + while ((ch = getc(hostf)) != '\n' && ch != EOF); + continue; + } + if (*p == '\n' || *p == '#') { + /* comment... */ + continue; + } + while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { + *p = isupper(*p) ? tolower(*p) : *p; + p++; + } + if (*p == ' ' || *p == '\t') { + *p++ = '\0'; + while (*p == ' ' || *p == '\t') + p++; + user = p; + while (*p != '\n' && *p != ' ' && + *p != '\t' && *p != '\0') + p++; + } else + user = p; + *p = '\0'; + /* + * Do +/- and +@/-@ checking. This looks really nasty, + * but it matches SunOS's behavior so far as I can tell. + */ + switch(buf[0]) { + case '+': + if (!buf[1]) { /* '+' matches all hosts */ + hostok = 1; + break; + } + if (buf[1] == '@') /* match a host by netgroup */ + hostok = innetgr((char *)&buf[2], + (char *)&hname, NULL, ypdomain); + else /* match a host by addr */ + hostok = __icheckhost(raddr,(char *)&buf[1]); + break; + case '-': /* reject '-' hosts and all their users */ + if (buf[1] == '@') { + if (innetgr((char *)&buf[2], + (char *)&hname, NULL, ypdomain)) + return(-1); + } else { + if (__icheckhost(raddr,(char *)&buf[1])) + return(-1); + } + break; + default: /* if no '+' or '-', do a simple match */ + hostok = __icheckhost(raddr, buf); + break; + } + switch(*user) { + case '+': + if (!*(user+1)) { /* '+' matches all users */ + userok = 1; + break; + } + if (*(user+1) == '@') /* match a user by netgroup */ + userok = innetgr(user+2, NULL, (char *)ruser, + ypdomain); + else /* match a user by direct specification */ + userok = !(strcmp(ruser, user+1)); + break; + case '-': /* if we matched a hostname, */ + if (hostok) { /* check for user field rejections */ + if (!*(user+1)) + return(-1); + if (*(user+1) == '@') { + if (innetgr(user+2, NULL, + (char *)ruser, ypdomain)) + return(-1); + } else { + if (!strcmp(ruser, user+1)) + return(-1); + } + } + break; + default: /* no rejections: try to match the user */ + if (hostok) + userok = !(strcmp(ruser,*user ? user : luser)); + break; + } + if (hostok && userok) + return(0); + } + return (-1); +} + +/* + * New .rhosts strategy: We are passed an ip address. We spin through + * hosts.equiv and .rhosts looking for a match. When the .rhosts only + * has ip addresses, we don't have to trust a nameserver. When it + * contains hostnames, we spin through the list of addresses the nameserver + * gives us and look for a match. + * + * Returns 0 if ok, -1 if not ok. + */ +int +iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser) +{ + char *cp; + struct stat sbuf; + struct passwd *pwd; + FILE *hostf; + uid_t uid; + int first; + char pbuf[MaxPathLen]; + + first = 1; + hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); +again: + if (hostf) { + if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { + fclose(hostf); + return (0); + } + fclose(hostf); + } + if (first == 1 && (__check_rhosts_file || superuser)) { + first = 0; + if ((pwd = k_getpwnam((char*)luser)) == NULL) + return (-1); + strcpy(pbuf, pwd->pw_dir); + strcat(pbuf, "/.rhosts"); + + /* + * Change effective uid while opening .rhosts. If root and + * reading an NFS mounted file system, can't read files that + * are protected read/write owner only. + */ + uid = geteuid(); + seteuid(pwd->pw_uid); + hostf = fopen(pbuf, "r"); + seteuid(uid); + + if (hostf == NULL) + return (-1); + /* + * If not a regular file, or is owned by someone other than + * user or root or if writeable by anyone but the owner, quit. + */ + cp = NULL; + if (lstat(pbuf, &sbuf) < 0) + cp = ".rhosts lstat failed"; + else if (!S_ISREG(sbuf.st_mode)) + cp = ".rhosts not regular file"; + else if (fstat(fileno(hostf), &sbuf) < 0) + cp = ".rhosts fstat failed"; + else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) + cp = "bad .rhosts owner"; + else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) + cp = ".rhosts writeable by other than owner"; + /* If there were any problems, quit. */ + if (cp) { + __rcmd_errstr = cp; + fclose(hostf); + return (-1); + } + goto again; + } + return (-1); +} + +#endif /* !HAVE_IRUSEROK */ diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c new file mode 100644 index 0000000..9fa7ab2 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/kcmd.c @@ -0,0 +1,270 @@ +/* + * Copyright (c) 1983, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $"); + +#define START_PORT 5120 /* arbitrary */ + +static int +getport(int *alport) +{ + struct sockaddr_in sin; + int s; + + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + return (-1); + for (;;) { + sin.sin_port = htons((u_short)*alport); + if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + return (s); + if (errno != EADDRINUSE) { + close(s); + return (-1); + } + (*alport)--; +#ifdef ATHENA_COMPAT + if (*alport == IPPORT_RESERVED/2) { +#else + if (*alport == IPPORT_RESERVED) { +#endif + close(s); + errno = EAGAIN; /* close */ + return (-1); + } + } +} + +int +kcmd(int *sock, + char **ahost, + u_int16_t rport, + char *locuser, + char *remuser, + char *cmd, + int *fd2p, + KTEXT ticket, + char *service, + char *realm, + CREDENTIALS *cred, + Key_schedule schedule, + MSG_DAT *msg_data, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr, + int32_t authopts) +{ + int s, timo = 1; + pid_t pid; + struct sockaddr_in sin, from; + char c; +#ifdef ATHENA_COMPAT + int lport = IPPORT_RESERVED - 1; +#else + int lport = START_PORT; +#endif + struct hostent *hp; + int rc; + char *host_save; + int status; + + pid = getpid(); + hp = gethostbyname(*ahost); + if (hp == NULL) { + /* fprintf(stderr, "%s: unknown host\n", *ahost); */ + return (-1); + } + + host_save = strdup(hp->h_name); + if (host_save == NULL) + return -1; + *ahost = host_save; + + /* If realm is null, look up from table */ + if (realm == NULL || realm[0] == '\0') + realm = krb_realmofhost(host_save); + + for (;;) { + s = getport(&lport); + if (s < 0) { + if (errno == EAGAIN) + warnx("kcmd(socket): All ports in use\n"); + else + warn("kcmd: socket"); + return (-1); + } + sin.sin_family = hp->h_addrtype; + memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); + sin.sin_port = rport; + if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + break; + close(s); + if (errno == EADDRINUSE) { + lport--; + continue; + } + /* + * don't wait very long for Kerberos rcmd. + */ + if (errno == ECONNREFUSED && timo <= 4) { + /* sleep(timo); don't wait at all here */ + timo *= 2; + continue; + } + if (hp->h_addr_list[1] != NULL) { + warn ("kcmd: connect (%s)", + inet_ntoa(sin.sin_addr)); + hp->h_addr_list++; + memcpy(&sin.sin_addr, + hp->h_addr_list[0], + sizeof(sin.sin_addr)); + fprintf(stderr, "Trying %s...\n", + inet_ntoa(sin.sin_addr)); + continue; + } + if (errno != ECONNREFUSED) + warn ("connect(%s)", hp->h_name); + return (-1); + } + lport--; + if (fd2p == 0) { + write(s, "", 1); + lport = 0; + } else { + char num[8]; + int s2 = getport(&lport), s3; + int len = sizeof(from); + + if (s2 < 0) { + status = -1; + goto bad; + } + listen(s2, 1); + snprintf(num, sizeof(num), "%d", lport); + if (write(s, num, strlen(num) + 1) != strlen(num) + 1) { + warn("kcmd(write): setting up stderr"); + close(s2); + status = -1; + goto bad; + } + { + fd_set fds; + FD_ZERO(&fds); + FD_SET(s, &fds); + FD_SET(s2, &fds); + status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); + if(FD_ISSET(s, &fds)){ + warnx("kcmd: connection unexpectedly closed."); + close(s2); + status = -1; + goto bad; + } + } + s3 = accept(s2, (struct sockaddr *)&from, &len); + close(s2); + if (s3 < 0) { + warn ("kcmd: accept"); + lport = 0; + status = -1; + goto bad; + } + + *fd2p = s3; + from.sin_port = ntohs((u_short)from.sin_port); + if (from.sin_family != AF_INET || + from.sin_port >= IPPORT_RESERVED) { + warnx("kcmd(socket): " + "protocol failure in circuit setup."); + status = -1; + goto bad2; + } + } + /* + * Kerberos-authenticated service. Don't have to send locuser, + * since its already in the ticket, and we'll extract it on + * the other side. + */ + /* write(s, locuser, strlen(locuser)+1); */ + + /* set up the needed stuff for mutual auth, but only if necessary */ + if (authopts & KOPT_DO_MUTUAL) { + int sin_len; + *faddr = sin; + + sin_len = sizeof(struct sockaddr_in); + if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) { + warn("kcmd(getsockname)"); + status = -1; + goto bad2; + } + } + if ((status = krb_sendauth(authopts, s, ticket, service, *ahost, + realm, (unsigned long) getpid(), msg_data, + cred, schedule, + laddr, + faddr, + "KCMDV0.1")) != KSUCCESS) + goto bad2; + + write(s, remuser, strlen(remuser)+1); + write(s, cmd, strlen(cmd)+1); + + if ((rc = read(s, &c, 1)) != 1) { + if (rc == -1) + warn("read(%s)", *ahost); + else + warnx("kcmd: bad connection with remote host"); + status = -1; + goto bad2; + } + if (c != '\0') { + while (read(s, &c, 1) == 1) { + write(2, &c, 1); + if (c == '\n') + break; + } + status = -1; + goto bad2; + } + *sock = s; + return (KSUCCESS); +bad2: + if (lport) + close(*fd2p); +bad: + close(s); + return (status); +} diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c new file mode 100644 index 0000000..321da64 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/klogin.c @@ -0,0 +1,184 @@ +/*- + * Copyright (c) 1990, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $"); + +#ifdef KERBEROS + +#define VERIFY_SERVICE "rcmd" + +extern int notickets; +extern char *krbtkfile_env; + +static char tkt_location[MaxPathLen]; + +/* + * Attempt to log the user in using Kerberos authentication + * + * return 0 on success (will be logged in) + * 1 if Kerberos failed (try local password in login) + */ +int +klogin(struct passwd *pw, char *instance, char *localhost, char *password) +{ + int kerror; + AUTH_DAT authdata; + KTEXT_ST ticket; + struct hostent *hp; + u_int32_t faddr; + char realm[REALM_SZ], savehost[MaxHostNameLen]; + extern int noticketsdontcomplain; + +#ifdef KLOGIN_PARANOID + noticketsdontcomplain = 0; /* enable warning message */ +#endif + /* + * Root logins don't use Kerberos. + * If we have a realm, try getting a ticket-granting ticket + * and using it to authenticate. Otherwise, return + * failure so that we can try the normal passwd file + * for a password. If that's ok, log the user in + * without issuing any tickets. + */ + if (strcmp(pw->pw_name, "root") == 0 || + krb_get_lrealm(realm, 0) != KSUCCESS) + return (1); + + noticketsdontcomplain = 0; /* enable warning message */ + + /* + * get TGT for local realm + * tickets are stored in a file named TKT_ROOT plus uid + * except for user.root tickets. + */ + + if (strcmp(instance, "root") != 0) + snprintf(tkt_location, sizeof(tkt_location), + "%s%u_%u", + TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid()); + else { + snprintf(tkt_location, sizeof(tkt_location), + "%s_root_%d", TKT_ROOT, + (unsigned)pw->pw_uid); + } + krbtkfile_env = tkt_location; + krb_set_tkt_string(tkt_location); + + kerror = krb_get_pw_in_tkt(pw->pw_name, instance, + realm, KRB_TICKET_GRANTING_TICKET, realm, + DEFAULT_TKT_LIFE, password); + + /* + * If we got a TGT, get a local "rcmd" ticket and check it so as to + * ensure that we are not talking to a bogus Kerberos server. + * + * There are 2 cases where we still allow a login: + * 1: the VERIFY_SERVICE doesn't exist in the KDC + * 2: local host has no srvtab, as (hopefully) indicated by a + * return value of RD_AP_UNDEC from krb_rd_req(). + */ + if (kerror != INTK_OK) { + if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) { + syslog(LOG_ERR, "Kerberos intkt error: %s", + krb_get_err_text(kerror)); + dest_tkt(); + } + return (1); + } + + if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) + syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); + + strncpy(savehost, krb_get_phost(localhost), sizeof(savehost)); + savehost[sizeof(savehost)-1] = '\0'; + +#ifdef KLOGIN_PARANOID + /* + * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, + * don't allow kerberos login, also log the error condition. + */ + + kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33); + if (kerror == KDC_PR_UNKNOWN) { + syslog(LOG_NOTICE, + "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?", + krb_get_err_text(kerror), VERIFY_SERVICE, savehost); + notickets = 0; + return (1); + } + + if (kerror != KSUCCESS) { + warnx("unable to use TGT: (%s)", krb_get_err_text(kerror)); + syslog(LOG_NOTICE, "unable to use TGT: (%s)", + krb_get_err_text(kerror)); + dest_tkt(); + return (1); + } + + if (!(hp = gethostbyname(localhost))) { + syslog(LOG_ERR, "couldn't get local host address"); + dest_tkt(); + return (1); + } + + memcpy(&faddr, hp->h_addr, sizeof(faddr)); + + kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr, + &authdata, ""); + + if (kerror == KSUCCESS) { + notickets = 0; + return (0); + } + + /* undecipherable: probably didn't have a srvtab on the local host */ + if (kerror == RD_AP_UNDEC) { + syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror)); + dest_tkt(); + return (1); + } + /* failed for some other reason */ + warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE, + krb_get_err_text(kerror)); + syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE, + krb_get_err_text(kerror)); + dest_tkt(); + return (1); +#else + notickets = 0; + return (0); +#endif +} +#endif diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c new file mode 100644 index 0000000..8c3c6f3 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/krcmd.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $"); + +#define SERVICE_NAME "rcmd" + +/* + * krcmd: simplified version of Athena's "kcmd" + * returns a socket attached to the destination, -1 or krb error on error + * if fd2p is non-NULL, another socket is filled in for it + */ + +int +krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm) +{ + int sock = -1, err = 0; + KTEXT_ST ticket; + long authopts = 0L; + + err = kcmd( + &sock, + ahost, + rport, + NULL, /* locuser not used */ + remuser, + cmd, + fd2p, + &ticket, + SERVICE_NAME, + realm, + (CREDENTIALS *) NULL, /* credentials not used */ + 0, /* key schedule not used */ + (MSG_DAT *) NULL, /* MSG_DAT not used */ + (struct sockaddr_in *) NULL, /* local addr not used */ + (struct sockaddr_in *) NULL, /* foreign addr not used */ + authopts + ); + + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warning("krcmd: %s", krb_get_err_text(err)); + return(-1); + } + if (err < 0) + return(-1); + return(sock); +} + +int +krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched) +{ + int sock, err; + KTEXT_ST ticket; + MSG_DAT msg_dat; + struct sockaddr_in laddr, faddr; + long authopts = KOPT_DO_MUTUAL; + + err = kcmd( + &sock, + ahost, + rport, + NULL, /* locuser not used */ + remuser, + cmd, + fd2p, + &ticket, + SERVICE_NAME, + realm, + cred, /* filled in */ + sched, /* filled in */ + &msg_dat, /* filled in */ + &laddr, /* filled in */ + &faddr, /* filled in */ + authopts + ); + + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warnx("krcmd_mutual: %s", krb_get_err_text(err)); + return(-1); + } + + if (err < 0) + return (-1); + return(sock); +} diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c new file mode 100644 index 0000000..c436f8d --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login.c @@ -0,0 +1,990 @@ +/*- + * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * login [ name ] + * login -h hostname (for telnetd, etc.) + * login -f name (for pre-authenticated login: datakit, xterm, etc.) + */ + +#include "bsd_locl.h" + +RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $"); + +#include + +#include "sysv_default.h" +#ifdef SYSV_SHADOW +#include "sysv_shadow.h" +#endif + +static void badlogin (char *); +static void checknologin (void); +static void dolastlog (int); +static void getloginname (int); +static int rootterm (char *); +static char *stypeof (char *); +static RETSIGTYPE timedout (int); +static int doremotelogin (char *); +void login_fbtab (char *, uid_t, gid_t); +#ifdef KERBEROS +int klogin (struct passwd *, char *, char *, char *); +#endif + +#define TTYGRPNAME "tty" /* name of group to own ttys */ + +/* + * This bounds the time given to login. Change it in + * `/etc/default/login'. + */ + +static u_int login_timeout; + +#ifdef KERBEROS +int notickets = 1; +int noticketsdontcomplain = 1; +char *instance; +char *krbtkfile_env; +int authok; +#endif + +#ifdef HAVE_SHADOW_H +static struct spwd *spwd = NULL; +#endif + +static char *ttyprompt; + +static struct passwd *pwd; +static int failures; +static char term[64], *hostname, *username, *tty; + +static char rusername[100], lusername[100]; + +static int +change_passwd(struct passwd *who) +{ + int status; + int pid; + int wpid; + + switch (pid = fork()) { + case -1: + warn("fork /bin/passwd"); + sleepexit(1); + case 0: + execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0); + _exit(1); + default: + while ((wpid = wait(&status)) != -1 && wpid != pid) + /* void */ ; + return (status); + } +} + +#ifndef NO_MOTD /* message of the day stuff */ + +jmp_buf motdinterrupt; + +static RETSIGTYPE +sigint(int signo) +{ + longjmp(motdinterrupt, 1); +} + +static void +motd(void) +{ + int fd, nchars; + RETSIGTYPE (*oldint)(); + char tbuf[8192]; + + if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) + return; + oldint = signal(SIGINT, sigint); + if (setjmp(motdinterrupt) == 0) + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + write(fileno(stdout), tbuf, nchars); + signal(SIGINT, oldint); + close(fd); +} + +#endif /* !NO_MOTD */ + +#define AUTH_NONE 0 +#define AUTH_OTP 1 + +/* + * getpwnam and try to detect the worst form of NIS attack. + */ + +static struct passwd * +paranoid_getpwnam (char *user) +{ + struct passwd *p; + + p = k_getpwnam (user); + if (p == NULL) + return p; + if (p->pw_uid == 0 && strcmp (username, "root") != 0) { + syslog (LOG_ALERT, + "NIS attack, user %s has uid 0", username); + return NULL; + } + return p; +} + +int +main(int argc, char **argv) +{ + struct group *gr; + int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck; + int rootlogin, rval; + int rflag; + int changepass = 0; + uid_t uid; + char *domain, *p, passwd[128], *ttyn; + char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10]; + char localhost[MaxHostNameLen]; + char full_hostname[MaxHostNameLen]; + int auth_level = AUTH_NONE; + OtpContext otp_ctx; + int mask = 022; /* Default umask (set below) */ + int maxtrys = 5; /* Default number of allowed failed logins */ + + set_progname(argv[0]); + + openlog("login", LOG_ODELAY, LOG_AUTH); + + /* Read defaults file and set the login timeout period. */ + sysv_defaults(); + login_timeout = atoi(default_timeout); + maxtrys = atoi(default_maxtrys); + if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777)) + syslog(LOG_WARNING, "bad umask default: %s", default_umask); + else + umask(mask); + + signal(SIGALRM, timedout); + alarm(login_timeout); + signal(SIGQUIT, SIG_IGN); + signal(SIGINT, SIG_IGN); + setpriority(PRIO_PROCESS, 0, 0); + + /* + * -p is used by getty to tell login not to destroy the environment + * -f is used to skip a second login authentication + * -h is used by other servers to pass the name of the remote + * host to login so that it may be placed in utmp and wtmp + * -r is used by old-style rlogind to execute the autologin protocol + */ + + *full_hostname = '\0'; + domain = NULL; + if (k_gethostname(localhost, sizeof(localhost)) < 0) + syslog(LOG_ERR, "couldn't get local hostname: %m"); + else + domain = strchr(localhost, '.'); + + fflag = hflag = pflag = rflag = 0; + uid = getuid(); + while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF) + switch (ch) { + case 'a': + if (strcmp (optarg, "none") == 0) + auth_level = AUTH_NONE; + else if (strcmp (optarg, "otp") == 0) + auth_level = AUTH_OTP; + else + warnx ("bad value for -a: %s", optarg); + break; + case 'd': + break; + case 'f': + fflag = 1; + break; + case 'h': + if (rflag || hflag) { + printf("Only one of -r and -h allowed\n"); + exit(1); + } + if (uid) + errx(1, "-h option: %s", strerror(EPERM)); + hflag = 1; + strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + if (domain && (p = strchr(optarg, '.')) && + strcasecmp(p, domain) == 0) + *p = 0; + hostname = optarg; + break; + case 'p': + if (getuid()) { + warnx("-p for super-user only."); + exit(1); + } + pflag = 1; + break; + case 'r': + if (rflag || hflag) { + warnx("Only one of -r and -h allowed\n"); + exit(1); + } + if (getuid()) { + warnx("-r for super-user only."); + exit(1); + } + rflag = 1; + strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + if (domain && (p = strchr(optarg, '.')) && + strcasecmp(p, domain) == 0) + *p = 0; + hostname = optarg; + fflag = (doremotelogin(full_hostname) == 0); + break; + case '?': + default: + if (!uid) + syslog(LOG_ERR, "invalid flag %c", ch); + fprintf(stderr, + "usage: login [-fp] [-a otp]" + "[-h hostname | -r hostname] [username]\n"); + exit(1); + } + argc -= optind; + argv += optind; + + if (geteuid() != 0) { + warnx("only root may use login, use su"); + /* Or install login setuid root, which is not necessary */ + sleep(10); + exit(1); + } + /* + * Figure out if we should ask for the username or not. The name + * may be given on the command line or via the environment, and + * it may even be in the terminal input queue. + */ + if (rflag) { + username = lusername; + ask = 0; + } else + if (*argv && strchr(*argv, '=')) { + ask = 1; + } else + if (*argv && strcmp(*argv, "-") == 0) { + argc--; + argv++; + ask = 1; + } else + if (*argv) { + username = *argv; + ask = 0; + argc--; + argv++; + } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) { + getloginname(0); + ask = 0; + } else + ask = 1; + + /* Default tty settings. */ + stty_default(); + + for (cnt = getdtablesize(); cnt > 2; cnt--) + close(cnt); + + /* + * Determine the tty name. BSD takes the basename, SYSV4 takes + * whatever remains after stripping the "/dev/" prefix. The code + * below should produce sensible results in either environment. + */ + ttyn = ttyname(STDIN_FILENO); + if (ttyn == NULL || *ttyn == '\0') { + snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); + ttyn = tname; + } + if ((tty = strchr(ttyn + 1, '/'))) + ++tty; + else + tty = ttyn; + + for (cnt = 0;; ask = 1) { + char prompt[128], ss[256]; + if (ask) { + fflag = 0; + getloginname(1); + } + rootlogin = 0; + rval = 1; +#ifdef KERBEROS + if ((instance = strchr(username, '.')) != NULL) { + if (strcmp(instance, ".root") == 0) + rootlogin = 1; + *instance++ = '\0'; + } else + instance = ""; +#endif + if (strlen(username) > UT_NAMESIZE) + username[UT_NAMESIZE] = '\0'; + + /* + * Note if trying multiple user names; log failures for + * previous user name, but don't bother logging one failure + * for nonexistent name (mistyped username). + */ + if (failures && strcmp(tbuf, username)) { + if (failures > (pwd ? 0 : 1)) + badlogin(tbuf); + failures = 0; + } + strcpy(tbuf, username); + + pwd = paranoid_getpwnam (username); + + /* + * if we have a valid account name, and it doesn't have a + * password, or the -f option was specified and the caller + * is root or the caller isn't changing their uid, don't + * authenticate. + */ + if (pwd) { + if (pwd->pw_uid == 0) + rootlogin = 1; + + if (fflag && (uid == 0 || uid == pwd->pw_uid)) { + /* already authenticated */ + break; + } else if (pwd->pw_passwd[0] == '\0') { + /* pretend password okay */ + rval = 0; + goto ttycheck; + } + } + + fflag = 0; + + setpriority(PRIO_PROCESS, 0, -4); + + if (otp_challenge (&otp_ctx, username, + ss, sizeof(ss)) == 0) + snprintf (prompt, sizeof(prompt), "%s's %s Password: ", + username, ss); + else { + if (auth_level == AUTH_NONE) + snprintf(prompt, sizeof(prompt), "%s's Password: ", + username); + else { + char *s; + + rval = 1; + s = otp_error(&otp_ctx); + if(s) + printf ("OTP: %s\n", s); + continue; + } + } + + if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0)) + continue; + passwd[sizeof(passwd) - 1] = '\0'; + + /* Verify it somehow */ + + if (otp_verify_user (&otp_ctx, passwd) == 0) + rval = 0; + else if (pwd == NULL) + ; + else if (auth_level == AUTH_NONE) { + uid_t pwd_uid = pwd->pw_uid; + + rval = unix_verify_user (username, passwd); + + if (rval == 0) + { + if (rootlogin && pwd_uid != 0) + rootlogin = 0; + } + else + { + rval = klogin(pwd, instance, localhost, passwd); + if (rval != 0 && rootlogin && pwd_uid != 0) + rootlogin = 0; + if (rval == 0) + authok = 1; + } + } else { + char *s; + + rval = 1; + if ((s = otp_error(&otp_ctx))) + printf ("OTP: %s\n", s); + } + + memset (passwd, 0, sizeof(passwd)); + setpriority (PRIO_PROCESS, 0, 0); + + /* + * Santa Claus, give me a portable and reentrant getpwnam. + */ + pwd = paranoid_getpwnam (username); + + ttycheck: + /* + * If trying to log in as root without Kerberos, + * but with insecure terminal, refuse the login attempt. + */ +#ifdef KERBEROS + if (authok == 0) +#endif + if (pwd && !rval && rootlogin && !rootterm(tty) + && !rootterm(ttyn)) { + warnx("%s login refused on this terminal.", + pwd->pw_name); + if (hostname) + syslog(LOG_NOTICE, + "LOGIN %s REFUSED FROM %s ON TTY %s", + pwd->pw_name, hostname, tty); + else + syslog(LOG_NOTICE, + "LOGIN %s REFUSED ON TTY %s", + pwd->pw_name, tty); + continue; + } + + if (rval == 0) + break; + + printf("Login incorrect\n"); + failures++; + + /* max number of attemps and delays taken from defaults file */ + /* we allow maxtrys tries, but after 2 we start backing off */ + if (++cnt > 2) { + if (cnt >= maxtrys) { + badlogin(username); + sleepexit(1); + } + sleep((u_int)((cnt - 2) * atoi(default_sleep))); + } + } + + /* committed to login -- turn off timeout */ + alarm(0); + + endpwent(); + +#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) + { + struct udb *udb; + long t; + const long maxcpu = 46116860184; /* some random constant */ + udb = getudbnam(pwd->pw_name); + if(udb == UDB_NULL){ + warnx("Failed to get UDB entry."); + exit(1); + } + t = udb->ue_pcpulim[UDBRC_INTER]; + if(t == 0 || t > maxcpu) + t = CPUUNLIM; + else + t *= 100 * CLOCKS_PER_SEC; + + if(limit(C_PROC, 0, L_CPU, t) < 0) + warn("limit C_PROC"); + + t = udb->ue_jcpulim[UDBRC_INTER]; + if(t == 0 || t > maxcpu) + t = CPUUNLIM; + else + t *= 100 * CLOCKS_PER_SEC; + + if(limit(C_JOBPROCS, 0, L_CPU, t) < 0) + warn("limit C_JOBPROCS"); + + nice(udb->ue_nice[UDBRC_INTER]); + } +#endif + /* if user not super-user, check for disabled logins */ + if (!rootlogin) + checknologin(); + + if (chdir(pwd->pw_dir) < 0) { + printf("No home directory %s!\n", pwd->pw_dir); + if (chdir("/")) + exit(0); + pwd->pw_dir = "/"; + printf("Logging in with home = \"/\".\n"); + } + + quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; + nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0; + +#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) + if (pwd->pw_change || pwd->pw_expire) + gettimeofday(&tp, (struct timezone *)NULL); + + if (pwd->pw_change) + if (tp.tv_sec >= pwd->pw_change) { + printf("Sorry -- your password has expired.\n"); + changepass=1; + } else if (pwd->pw_change - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + printf("Warning: your password expires on %s", + ctime(&pwd->pw_change)); + if (pwd->pw_expire) + if (tp.tv_sec >= pwd->pw_expire) { + printf("Sorry -- your account has expired.\n"); + sleepexit(1); + } else if (pwd->pw_expire - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + printf("Warning: your account expires on %s", + ctime(&pwd->pw_expire)); +#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ + + /* Nothing else left to fail -- really log in. */ + + /* + * Update the utmp files, both BSD and SYSV style. + */ + if (utmpx_login(tty, username, hostname ? hostname : "") != 0 + && !fflag) { + printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n"); + sleepexit(0); + } + utmp_login(ttyn, username, hostname ? hostname : ""); + dolastlog(quietlog); + + /* + * Set device protections, depending on what terminal the + * user is logged in. This feature is used on Suns to give + * console users better privacy. + */ + login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); + + chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); + chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP); + setgid(pwd->pw_gid); + + initgroups(username, pwd->pw_gid); + + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; + + /* + * Set up a new environment. With SYSV, some variables are always + * preserved; some varables are never preserved, and some variables + * are always clobbered. With BSD, nothing is always preserved, and + * some variables are always clobbered. We add code to make sure + * that LD_* and IFS are never preserved. + */ + if (term[0] == '\0') + strncpy(term, stypeof(tty), sizeof(term)); + /* set up a somewhat censored environment. */ + sysv_newenv(argc, argv, pwd, term, pflag); +#ifdef KERBEROS + if (krbtkfile_env) + setenv("KRBTKFILE", krbtkfile_env, 1); +#endif + + if (tty[sizeof("tty")-1] == 'd') + syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); + + /* If fflag is on, assume caller/authenticator has logged root login. */ + if (rootlogin && fflag == 0) + if (hostname) + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", + username, tty, hostname); + else + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); + +#ifdef KERBEROS + if (!quietlog && notickets == 1 && !noticketsdontcomplain) + printf("Warning: no Kerberos tickets issued.\n"); +#endif + +#ifdef LOGALL + /* + * Syslog each successful login, so we don't have to watch hundreds + * of wtmp or lastlogin files. + */ + if (hostname) { + syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name); + } else { + syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name); + } +#endif + +#ifndef NO_MOTD + /* + * Optionally show the message of the day. System V login leaves + * motd and mail stuff up to the shell startup file. + */ + if (!quietlog) { + struct stat st; +#if 0 + printf("%s\n\t%s %s\n\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", + "The Regents of the University of California. ", + "All rights reserved."); +#endif + motd(); + if(!nomailcheck){ + snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name); + if (stat(tbuf, &st) == 0 && st.st_size != 0) + printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); + } + } +#endif /* NO_MOTD */ + +#ifdef LOGIN_ACCESS + if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) { + printf("Permission denied\n"); + if (hostname) + syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", + pwd->pw_name, hostname); + else + syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", + pwd->pw_name, tty); + sleepexit(1); + } +#endif + + signal(SIGALRM, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGINT, SIG_DFL); + signal(SIGTSTP, SIG_IGN); + + tbuf[0] = '-'; + strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? + p + 1 : pwd->pw_shell); + +#ifdef HAVE_SETLOGIN + if (setlogin(pwd->pw_name) < 0) + syslog(LOG_ERR, "setlogin() failure: %m"); +#endif + +#ifdef HAVE_SETPCRED + if (setpcred (pwd->pw_name, NULL) == -1) + syslog(LOG_ERR, "setpcred() failure: %m"); +#endif /* HAVE_SETPCRED */ + +#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM) + spwd = getspnam (username); + endspent (); +#endif + /* Discard permissions last so can't get killed and drop core. */ + { + int uid = rootlogin ? 0 : pwd->pw_uid; + if(setuid(uid) != 0){ + warn("setuid(%d)", uid); + if(!rootlogin) + exit(1); + } + } + + + /* + * After dropping privileges and after cleaning up the environment, + * optionally run, as the user, /bin/passwd. + */ + + if (pwd->pw_passwd[0] == 0 && + strcasecmp(default_passreq, "YES") == 0) { + printf("You don't have a password. Choose one.\n"); + if (change_passwd(pwd)) + sleepexit(0); + changepass = 0; + } + +#ifdef SYSV_SHADOW + if (spwd && sysv_expire(spwd)) { + if (change_passwd(pwd)) + sleepexit(0); + changepass = 0; + } +#endif /* SYSV_SHADOW */ + if (changepass) { + int res; + if ((res=system(_PATH_CHPASS))) + sleepexit(1); + } + + if (k_hasafs()) { + char cell[64]; + k_setpag(); + if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + + execlp(pwd->pw_shell, tbuf, 0); + if (getuid() == 0) { + warnx("Can't exec %s, trying %s\n", + pwd->pw_shell, _PATH_BSHELL); + execlp(_PATH_BSHELL, tbuf, 0); + err(1, "%s", _PATH_BSHELL); + } + err(1, "%s", pwd->pw_shell); + return 1; +} + +#ifdef KERBEROS +#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */ +#else +#define NBUFSIZ (UT_NAMESIZE + 1) +#endif + +static void +getloginname(int prompt) +{ + int ch; + char *p; + static char nbuf[NBUFSIZ]; + + for (;;) { + if (prompt) + if (ttyprompt && *ttyprompt) + printf("%s", ttyprompt); + else + printf("login: "); + prompt = 1; + for (p = nbuf; (ch = getchar()) != '\n'; ) { + if (ch == EOF) { + badlogin(username); + exit(0); + } + if (p < nbuf + (NBUFSIZ - 1)) + *p++ = ch; + } + if (p > nbuf) + if (nbuf[0] == '-') + warnx("login names may not start with '-'."); + else { + *p = '\0'; + username = nbuf; + break; + } + } +} + +static int +rootterm(char *ttyn) +{ +#ifndef HAVE_TTYENT_H + return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0); +#else + struct ttyent *t; + + return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); +#endif +} + +static RETSIGTYPE +timedout(int signo) +{ + fprintf(stderr, "Login timed out after %d seconds\n", + login_timeout); + exit(0); +} + +static void +checknologin(void) +{ + int fd, nchars; + char tbuf[8192]; + + if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + write(fileno(stdout), tbuf, nchars); + sleepexit(0); + } +} + +static void +dolastlog(int quiet) +{ +#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW) + struct lastlog ll; + int fd; + + if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); +#ifdef SYSV_SHADOW + if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + if (pwd->pw_uid && spwd && spwd->sp_inact > 0 + && ll.ll_time / (24 * 60 * 60) + + spwd->sp_inact < time(0)) { + printf("Your account has been inactive too long.\n"); + sleepexit(1); + } + if (!quiet) { + printf("Last login: %.*s ", + 24-5, ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') { + printf("from %.*s\n", + (int)sizeof(ll.ll_host), + ll.ll_host); + } else + printf("on %.*s\n", + (int)sizeof(ll.ll_line), + ll.ll_line); + } + } + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); +#else /* SYSV_SHADOW */ + if (!quiet) { + if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + printf("Last login: %.*s ", + 24-5, ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') + printf("from %.*s\n", + (int)sizeof(ll.ll_host), + ll.ll_host); + else + printf("on %.*s\n", + (int)sizeof(ll.ll_line), + ll.ll_line); + } + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); + } +#endif /* SYSV_SHADOW */ + memset(&ll, 0, sizeof(ll)); + time(&ll.ll_time); + strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + if (hostname) + strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); + write(fd, &ll, sizeof(ll)); + close(fd); + } +#endif /* DOLASTLOG */ +} + +static void +badlogin(char *name) +{ + + if (failures == 0) + return; + if (hostname) { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", + failures, failures > 1 ? "S" : "", hostname); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s FROM %s, %s", + failures, failures > 1 ? "S" : "", hostname, name); + } else { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", + failures, failures > 1 ? "S" : "", tty); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s ON %s, %s", + failures, failures > 1 ? "S" : "", tty, name); + } +} + +#undef UNKNOWN +#define UNKNOWN "su" + +static char * +stypeof(char *ttyid) +{ + /* TERM is probably a better guess than anything else. */ + char *term = getenv("TERM"); + + if (term != 0 && term[0] != 0) + return term; + + { +#ifndef HAVE_TTYENT_H + return UNKNOWN; +#else + struct ttyent *t; + return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); +#endif + } +} + +static void +xgetstr(char *buf, int cnt, char *err) +{ + char ch; + + do { + if (read(0, &ch, sizeof(ch)) != sizeof(ch)) + exit(1); + if (--cnt < 0) { + fprintf(stderr, "%s too long\r\n", err); + sleepexit(1); + } + *buf++ = ch; + } while (ch); +} + +/* + * Some old rlogind's unknowingly pass remuser, locuser and + * terminal_type/speed so we need to take care of that part of the + * protocol here. Also, we can't make a getpeername(2) on the socket + * so we have to trust that rlogind resolved the name correctly. + */ + +static int +doremotelogin(char *host) +{ + int code; + char *cp; + + xgetstr(rusername, sizeof (rusername), "remuser"); + xgetstr(lusername, sizeof (lusername), "locuser"); + xgetstr(term, sizeof(term), "Terminal type"); + cp = strchr(term, '/'); + if (cp != 0) + *cp = 0; /* For now ignore speed/bg */ + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return(-1); + code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername); + if (code == 0) + syslog(LOG_NOTICE, + "Warning: An old rlogind accepted login probably from host %s", + host); + return(code); +} + +void +sleepexit(int eval) +{ + + sleep(5); + exit(eval); +} diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c new file mode 100644 index 0000000..0e017b1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login_access.c @@ -0,0 +1,221 @@ + /* + * This module implements a simple but effective form of login access + * control based on login names and on host (or domain) names, internet + * addresses (or network numbers), or on terminal line names in case of + * non-networked logins. Diagnostics are reported through syslog(3). + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + +#include "bsd_locl.h" + +RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $"); + +#ifdef LOGIN_ACCESS + + /* Delimiters for fields and for lists of users, ttys or hosts. */ + +static char fs[] = ":"; /* field separator */ +static char sep[] = ", \t"; /* list-element separator */ + + /* Constants to be used in assignments only, not in comparisons... */ + +#define YES 1 +#define NO 0 + +static int list_match(char *list, char *item, int (*match_fn)(char *, char *)); +static int user_match(char *tok, char *string); +static int from_match(char *tok, char *string); +static int string_match(char *tok, char *string); + +/* login_access - match username/group and host/tty with access control file */ + +int login_access(char *user, char *from) +{ + FILE *fp; + char line[BUFSIZ]; + char *perm; /* becomes permission field */ + char *users; /* becomes list of login names */ + char *froms; /* becomes list of terminals or hosts */ + int match = NO; + int end; + int lineno = 0; /* for diagnostics */ + char *foo; + + /* + * Process the table one line at a time and stop at the first match. + * Blank lines and lines that begin with a '#' character are ignored. + * Non-comment lines are broken at the ':' character. All fields are + * mandatory. The first field should be a "+" or "-" character. A + * non-existing table means no access control. + */ + + if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) { + while (!match && fgets(line, sizeof(line), fp)) { + lineno++; + if (line[end = strlen(line) - 1] != '\n') { + syslog(LOG_ERR, "%s: line %d: missing newline or line too long", + _PATH_LOGACCESS, lineno); + continue; + } + if (line[0] == '#') + continue; /* comment line */ + while (end > 0 && isspace(line[end - 1])) + end--; + line[end] = 0; /* strip trailing whitespace */ + if (line[0] == 0) /* skip blank lines */ + continue; + foo = NULL; + if (!(perm = strtok_r(line, fs, &foo)) + || !(users = strtok_r(NULL, fs, &foo)) + || !(froms = strtok_r(NULL, fs, &foo)) + || strtok_r(NULL, fs, &foo)) { + syslog(LOG_ERR, "%s: line %d: bad field count", + _PATH_LOGACCESS, + lineno); + continue; + } + if (perm[0] != '+' && perm[0] != '-') { + syslog(LOG_ERR, "%s: line %d: bad first field", + _PATH_LOGACCESS, + lineno); + continue; + } + match = (list_match(froms, from, from_match) + && list_match(users, user, user_match)); + } + fclose(fp); + } else if (errno != ENOENT) { + syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); + } + return (match == 0 || (line[0] == '+')); +} + +/* list_match - match an item against a list of tokens with exceptions */ + +static int +list_match(char *list, char *item, int (*match_fn)(char *, char *)) +{ + char *tok; + int match = NO; + char *foo = NULL; + + /* + * Process tokens one at a time. We have exhausted all possible matches + * when we reach an "EXCEPT" token or the end of the list. If we do find + * a match, look for an "EXCEPT" list and recurse to determine whether + * the match is affected by any exceptions. + */ + + for (tok = strtok_r(list, sep, &foo); + tok != NULL; + tok = strtok_r(NULL, sep, &foo)) { + if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + break; + if ((match = (*match_fn) (tok, item)) != 0) /* YES */ + break; + } + /* Process exceptions to matches. */ + + if (match != NO) { + while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT")) + /* VOID */ ; + if (tok == 0 || list_match(NULL, item, match_fn) == NO) + return (match); + } + return (NO); +} + +/* netgroup_match - match group against machine or user */ + +static int netgroup_match(char *group, char *machine, char *user) +{ +#ifdef HAVE_YP_GET_DEFAULT_DOMAIN + static char *mydomain = 0; + + if (mydomain == 0) + yp_get_default_domain(&mydomain); + return (innetgr(group, machine, user, mydomain)); +#else + syslog(LOG_ERR, "NIS netgroup support not configured"); + return 0; +#endif +} + +/* user_match - match a username against one token */ + +static int user_match(char *tok, char *string) +{ + struct group *group; + int i; + + /* + * If a token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the username, or if + * the token is a group that contains the username. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, (char *) 0, string)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if ((group = getgrnam(tok)) != 0) { /* try group membership */ + for (i = 0; group->gr_mem[i]; i++) + if (strcasecmp(string, group->gr_mem[i]) == 0) + return (YES); + } + return (NO); +} + +/* from_match - match a host or tty against a list of tokens */ + +static int from_match(char *tok, char *string) +{ + int tok_len; + int str_len; + + /* + * If a token has the magic value "ALL" the match always succeeds. Return + * YES if the token fully matches the string. If the token is a domain + * name, return YES if it matches the last fields of the string. If the + * token has the magic value "LOCAL", return YES if the string does not + * contain a "." character. If the token is a network number, return YES + * if it matches the head of the string. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, string, (char *) 0)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if (tok[0] == '.') { /* domain: match last fields */ + if ((str_len = strlen(string)) > (tok_len = strlen(tok)) + && strcasecmp(tok, string + str_len - tok_len) == 0) + return (YES); + } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + if (strchr(string, '.') == 0) + return (YES); + } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ + && strncmp(tok, string, tok_len) == 0) { + return (YES); + } + return (NO); +} + +/* string_match - match a string against one token */ + +static int string_match(char *tok, char *string) +{ + + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + return (YES); + } else if (strcasecmp(tok, string) == 0) { /* try exact match */ + return (YES); + } + return (NO); +} +#endif /* LOGIN_ACCES */ diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c new file mode 100644 index 0000000..f7f53aa --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c @@ -0,0 +1,144 @@ +/************************************************************************ +* Copyright 1995 by Wietse Venema. All rights reserved. +* +* This material was originally written and compiled by Wietse Venema at +* Eindhoven University of Technology, The Netherlands, in 1990, 1991, +* 1992, 1993, 1994 and 1995. +* +* Redistribution and use in source and binary forms are permitted +* provided that this entire copyright notice is duplicated in all such +* copies. +* +* This software is provided "as is" and without any expressed or implied +* warranties, including, without limitation, the implied warranties of +* merchantibility and fitness for any particular purpose. +************************************************************************/ +/* + SYNOPSIS + void login_fbtab(tty, uid, gid) + char *tty; + uid_t uid; + gid_t gid; + + DESCRIPTION + This module implements device security as described in the + SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual + pages. The program first looks for /etc/fbtab. If that file + cannot be opened it attempts to process /etc/logindevperm. + We expect entries with the folowing format: + + Comments start with a # and extend to the end of the line. + + Blank lines or lines with only a comment are ignored. + + All other lines consist of three fields delimited by + whitespace: a login device (/dev/console), an octal + permission number (0600), and a ":"-delimited list of + devices (/dev/kbd:/dev/mouse). All device names are + absolute paths. A path that ends in "/*" refers to all + directory entries except "." and "..". + + If the tty argument (relative path) matches a login device + name (absolute path), the permissions of the devices in the + ":"-delimited list are set as specified in the second + field, and their ownership is changed to that of the uid + and gid arguments. + + DIAGNOSTICS + Problems are reported via the syslog daemon with severity + LOG_ERR. + + BUGS + + AUTHOR + Wietse Venema (wietse@wzv.win.tue.nl) + Eindhoven University of Technology + The Netherlands + */ + +#include "bsd_locl.h" + +RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $"); + +void login_protect (char *, char *, int, uid_t, gid_t); +void login_fbtab (char *tty, uid_t uid, gid_t gid); + +#define WSPACE " \t\n" + +/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */ + +void +login_fbtab(char *tty, uid_t uid, gid_t gid) +{ + FILE *fp; + char buf[BUFSIZ]; + char *devname; + char *cp; + int prot; + char *table; + char *foo; + + if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 + && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) + return; + + while (fgets(buf, sizeof(buf), fp)) { + if ((cp = strchr(buf, '#')) != 0) + *cp = 0; /* strip comment */ + foo = NULL; + if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0) + continue; /* empty or comment */ + if (strncmp(devname, "/dev/", 5) != 0 + || (cp = strtok_r(NULL, WSPACE, &foo)) == 0 + || *cp != '0' + || sscanf(cp, "%o", &prot) == 0 + || prot == 0 + || (prot & 0777) != prot + || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) { + syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)"); + continue; + } + if (strcmp(devname + 5, tty) == 0) { + foo = NULL; + for (cp = strtok_r(cp, ":", &foo); + cp; + cp = strtok_r(NULL, ":", &foo)) { + login_protect(table, cp, prot, uid, gid); + } + } + } + fclose(fp); +} + +/* login_protect - protect one device entry */ + +void +login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid) +{ + char buf[BUFSIZ]; + int pathlen = strlen(path); + struct dirent *ent; + DIR *dir; + + if (strcmp("/*", path + pathlen - 2) != 0) { + if (chmod(path, mask) && errno != ENOENT) + syslog(LOG_ERR, "%s: chmod(%s): %m", table, path); + if (chown(path, uid, gid) && errno != ENOENT) + syslog(LOG_ERR, "%s: chown(%s): %m", table, path); + } else { + strcpy(buf, path); + buf[pathlen - 1] = 0; + if ((dir = opendir(buf)) == 0) { + syslog(LOG_ERR, "%s: opendir(%s): %m", table, path); + } else { + while ((ent = readdir(dir)) != 0) { + if (strcmp(ent->d_name, ".") != 0 + && strcmp(ent->d_name, "..") != 0) { + strcpy(buf + pathlen - 1, ent->d_name); + login_protect(table, buf, mask, uid, gid); + } + } + closedir(dir); + } + } +} diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h new file mode 100644 index 0000000..3c10bff --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/pathnames.h @@ -0,0 +1,191 @@ +/* + * Copyright (c) 1989 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90 + * $Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $ + */ + +/******* First fix default path, we stick to _PATH_DEFPATH everywhere */ + +#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH) +#define _PATH_DEFPATH _PATH_USERPATH +#endif + +#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH) +#define _DEF_PATH _PATH_DEFPATH +#endif + +#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH) +#define _PATH_DEFPATH _DEF_PATH +#endif + +#ifndef _PATH_DEFPATH +#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin" +#define _DEF_PATH _PATH_DEFPATH +#endif /* !_PATH_DEFPATH */ + +#ifndef _PATH_DEFSUPATH +#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH +#endif /* _PATH_DEFSUPATH */ + +/******* Default PATH fixed! */ + +#undef _PATH_RLOGIN /* Redifine rlogin */ +#define _PATH_RLOGIN BINDIR "/rlogin" + +#undef _PATH_RSH /* Redifine rsh */ +#define _PATH_RSH BINDIR "/rsh" + +#undef _PATH_LOGIN +#define _PATH_LOGIN BINDIR "/login" + +/******* The rest is fallback defaults */ + +#ifndef _PATH_DEV +#define _PATH_DEV "/dev/" +#endif + +#ifndef _PATH_CP +#define _PATH_CP "/bin/cp" +#endif /* _PATH_CP */ + +#ifndef _PATH_SHELLS +#define _PATH_SHELLS "/etc/shells" +#endif /* _PATH_SHELLS */ + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif /* _PATH_BSHELL */ + +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif /* _PATH_CSHELL */ + +#ifndef _PATH_NOLOGIN +#define _PATH_NOLOGIN "/etc/nologin" +#endif /* _PATH_NOLOGIN */ + +#ifndef _PATH_TTY +#define _PATH_TTY "/dev/tty" +#endif /* _PATH_TTY */ + +#ifndef _PATH_HUSHLOGIN +#define _PATH_HUSHLOGIN ".hushlogin" +#endif /* _PATH_HUSHLOGIN */ + +#ifndef _PATH_NOMAILCHECK +#define _PATH_NOMAILCHECK ".nomailcheck" +#endif /* _PATH_NOMAILCHECK */ + +#ifndef _PATH_MOTDFILE +#define _PATH_MOTDFILE "/etc/motd" +#endif /* _PATH_MOTDFILE */ + +#ifndef _PATH_LOGACCESS +#define _PATH_LOGACCESS "/etc/login.access" +#endif /* _PATH_LOGACCESS */ + +#ifndef _PATH_HEQUIV +#define _PATH_HEQUIV "/etc/hosts.equiv" +#endif + +#ifndef _PATH_FBTAB +#define _PATH_FBTAB "/etc/fbtab" +#endif /* _PATH_FBTAB */ + +#ifndef _PATH_LOGINDEVPERM +#define _PATH_LOGINDEVPERM "/etc/logindevperm" +#endif /* _PATH_LOGINDEVPERM */ + +#ifndef _PATH_CHPASS +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* _PATH_CHPASS */ + +#if defined(__hpux) +#define __FALLBACK_MAILDIR__ "/usr/mail" +#else +#define __FALLBACK_MAILDIR__ "/usr/spool/mail" +#endif + +#ifndef KRB4_MAILDIR +#ifndef _PATH_MAILDIR +#ifdef MAILDIR +#define _PATH_MAILDIR MAILDIR +#else +#define _PATH_MAILDIR __FALLBACK_MAILDIR__ +#endif +#endif /* _PATH_MAILDIR */ +#define KRB4_MAILDIR _PATH_MAILDIR +#endif + +#ifndef _PATH_LASTLOG +#define _PATH_LASTLOG "/var/adm/lastlog" +#endif + +#if defined(UTMP_FILE) && !defined(_PATH_UTMP) +#define _PATH_UTMP UTMP_FILE +#endif + +#ifndef _PATH_UTMP +#define _PATH_UTMP "/etc/utmp" +#endif + +#if defined(WTMP_FILE) && !defined(_PATH_WTMP) +#define _PATH_WTMP WTMP_FILE +#endif + +#ifndef _PATH_WTMP +#define _PATH_WTMP "/usr/adm/wtmp" +#endif + +#ifndef _PATH_ETC_DEFAULT_LOGIN +#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login" +#endif + +#ifndef _PATH_ETC_ENVIRONMENT +#define _PATH_ETC_ENVIRONMENT "/etc/environment" +#endif + +/* + * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!! + * Some sort of bug in the NEXTSTEP cpp. + */ +#ifdef NeXT +#undef _PATH_DEFSUPATH +#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin" +#undef _PATH_RLOGIN +#define _PATH_RLOGIN "/usr/athena/bin/rlogin" +#undef _PATH_RSH +#define _PATH_RSH "/usr/athena/bin/rsh" +#undef _PATH_LOGIN +#define _PATH_LOGIN "/usr/athena/bin/login" +#endif diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c new file mode 100644 index 0000000..4669009 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c @@ -0,0 +1,246 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $"); + +int +get_login_port(int kerberos, int encryption) +{ + char *service="login"; + int port=htons(513); + + if(kerberos && encryption){ + service="eklogin"; + port=htons(2105); + } + + if(kerberos && !encryption){ + service="klogin"; + port=htons(543); + } + return k_getportbyname (service, "tcp", port); +} + +int +get_shell_port(int kerberos, int encryption) +{ + char *service="shell"; + int port=htons(514); + + if(kerberos && encryption){ + service="ekshell"; + port=htons(545); + } + + if(kerberos && !encryption){ + service="kshell"; + port=htons(544); + } + + return k_getportbyname (service, "tcp", port); +} + +/* + * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s + * directly, and the following functions are just identity functions. + * This is however a slower way of doing those + * should-be-but-are-not-always idenity functions. + */ + +static struct { int speed; int bps; } conv[] = { +#ifdef B0 + {B0, 0}, +#endif +#ifdef B50 + {B50, 50}, +#endif +#ifdef B75 + {B75, 75}, +#endif +#ifdef B110 + {B110, 110}, +#endif +#ifdef B134 + {B134, 134}, +#endif +#ifdef B150 + {B150, 150}, +#endif +#ifdef B200 + {B200, 200}, +#endif +#ifdef B300 + {B300, 300}, +#endif +#ifdef B600 + {B600, 600}, +#endif +#ifdef B1200 + {B1200, 1200}, +#endif +#ifdef B1800 + {B1800, 1800}, +#endif +#ifdef B2400 + {B2400, 2400}, +#endif +#ifdef B4800 + {B4800, 4800}, +#endif +#ifdef B9600 + {B9600, 9600}, +#endif +#ifdef B19200 + {B19200, 19200}, +#endif +#ifdef B38400 + {B38400, 38400}, +#endif +#ifdef B57600 + {B57600, 57600}, +#endif +#ifdef B115200 + {B115200, 115200}, +#endif +#ifdef B153600 + {B153600, 153600}, +#endif +#ifdef B230400 + {B230400, 230400}, +#endif +#ifdef B307200 + {B307200, 307200}, +#endif +#ifdef B460800 + {B460800, 460800}, +#endif +}; + +#define N (sizeof(conv)/sizeof(*conv)) + +int +speed_t2int (speed_t s) +{ + int l, r, m; + + l = 0; + r = N - 1; + while(l <= r) { + m = (l + r) / 2; + if (conv[m].speed == s) + return conv[m].bps; + else if(conv[m].speed < s) + l = m + 1; + else + r = m - 1; + } + return -1; +} + +/* + * + */ + +speed_t +int2speed_t (int i) +{ + int l, r, m; + + l = 0; + r = N - 1; + while(l <= r) { + m = (l + r) / 2; + if (conv[m].bps == i) + return conv[m].speed; + else if(conv[m].bps < i) + l = m + 1; + else + r = m - 1; + } + return -1; +} + +/* + * If there are any IP options on `sock', die. + */ + +void +ip_options_and_die (int sock, struct sockaddr_in *fromp) +{ +#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT) + u_char optbuf[BUFSIZ/3], *cp; + char lbuf[BUFSIZ], *lp; + int optsize = sizeof(optbuf), ipproto; + struct protoent *ip; + + if ((ip = getprotobyname("ip")) != NULL) + ipproto = ip->p_proto; + else + ipproto = IPPROTO_IP; + if (getsockopt(sock, ipproto, IP_OPTIONS, + (void *)optbuf, &optsize) == 0 && + optsize != 0) { + lp = lbuf; + for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) + snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp); + syslog(LOG_NOTICE, + "Connection received from %s using IP options (dead):%s", + inet_ntoa(fromp->sin_addr), lbuf); + exit(1); + } +#endif +} + +void +warning(const char *fmt, ...) +{ + char *rstar_no_warn = getenv("RSTAR_NO_WARN"); + va_list args; + + va_start(args, fmt); + if (rstar_no_warn == NULL) + rstar_no_warn = ""; + if (strncmp(rstar_no_warn, "yes", 3) != 0) { + /* XXX */ + fprintf(stderr, "%s: warning, using standard ", __progname); + warnx(fmt, args); + } + va_end(args); +} diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c new file mode 100644 index 0000000..6dfb472 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcp.c @@ -0,0 +1,1019 @@ +/* + * Copyright (c) 1983, 1990, 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $"); + +/* Globals */ +static char dst_realm_buf[REALM_SZ]; +static char *dest_realm = NULL; +static int use_kerberos = 1; + +static int doencrypt = 0; +#define OPTIONS "dfKk:prtx" + +static int errs, rem; +static struct passwd *pwd; +static u_short port; +static uid_t userid; +static int pflag, iamremote, iamrecursive, targetshouldbedirectory; + +#define CMDNEEDS 64 +static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + +void rsource(char *name, struct stat *statp); + +#define SERVICE_NAME "rcmd" + +CREDENTIALS cred; +MSG_DAT msg_data; +struct sockaddr_in foreign, local; +Key_schedule schedule; + +KTEXT_ST ticket; +AUTH_DAT kdata; + +static void +send_auth(char *h, char *r) +{ + int lslen, fslen, status; + long opts; + + lslen = sizeof(struct sockaddr_in); + if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + err(1, "getsockname"); + fslen = sizeof(struct sockaddr_in); + if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + err(1, "getpeername"); + if ((r == NULL) || (*r == '\0')) + r = krb_realmofhost(h); + opts = KOPT_DO_MUTUAL; + if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, + (unsigned long)getpid(), &msg_data, &cred, + schedule, &local, + &foreign, "KCMDV0.1")) != KSUCCESS) + errx(1, "krb_sendauth failure: %s", krb_get_err_text(status)); +} + +static void +answer_auth(void) +{ + int lslen, fslen, status; + long opts; + char inst[INST_SZ], v[9]; + + lslen = sizeof(struct sockaddr_in); + if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + err(1, "getsockname"); + fslen = sizeof(struct sockaddr_in); + if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + err(1, "getperrname"); + k_getsockinst(rem, inst, sizeof(inst)); + opts = KOPT_DO_MUTUAL; + if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst, + &foreign, &local, + &kdata, "", schedule, v)) != KSUCCESS) + errx(1, "krb_recvauth failure: %s", krb_get_err_text(status)); +} + +static int +des_read(int fd, char *buf, int len) +{ + if (doencrypt) + return(des_enc_read(fd, buf, len, schedule, + (iamremote? &kdata.session : &cred.session))); + else + return(read(fd, buf, len)); +} + +static int +des_write(int fd, char *buf, int len) +{ + if (doencrypt) + return(des_enc_write(fd, buf, len, schedule, + (iamremote? &kdata.session : &cred.session))); + else + return(write(fd, buf, len)); +} + +static void run_err(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + + +static void +run_err(const char *fmt, ...) +{ + char errbuf[1024]; + + va_list args; + va_start(args, fmt); + ++errs; +#define RCPERR "\001rcp: " + strcpy (errbuf, RCPERR); + vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR), + fmt, args); + strcat (errbuf, "\n"); + des_write (rem, errbuf, strlen(errbuf)); + if (!iamremote) + vwarnx(fmt, args); + va_end(args); +} + +static void +verifydir(char *cp) +{ + struct stat stb; + + if (!stat(cp, &stb)) { + if (S_ISDIR(stb.st_mode)) + return; + errno = ENOTDIR; + } + run_err("%s: %s", cp, strerror(errno)); + exit(1); +} + +#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) + +static BUF * +allocbuf(BUF *bp, int fd, int blksize) +{ + struct stat stb; + size_t size; + + if (fstat(fd, &stb) < 0) { + run_err("fstat: %s", strerror(errno)); + return (0); + } +#ifdef HAVE_ST_BLKSIZE + size = ROUNDUP(stb.st_blksize, blksize); +#else + size = blksize; +#endif + if (size == 0) + size = blksize; + if (bp->cnt >= size) + return (bp); + if (bp->buf == NULL) + bp->buf = malloc(size); + else + bp->buf = realloc(bp->buf, size); + if (bp->buf == NULL) { + bp->cnt = 0; + run_err("%s", strerror(errno)); + return (0); + } + bp->cnt = size; + return (bp); +} + +static void +usage(void) +{ + fprintf(stderr, "%s\n\t%s\n", + "usage: rcp [-Kpx] [-k realm] f1 f2", + "or: rcp [-Kprx] [-k realm] f1 ... fn directory"); + exit(1); +} + +static void +oldw(const char *s) +{ + char *rstar_no_warn = getenv("RSTAR_NO_WARN"); + if (rstar_no_warn == 0) + rstar_no_warn = ""; + if (strncmp(rstar_no_warn, "yes", 3) != 0) + warnx("%s, using standard rcp", s); +} + +static RETSIGTYPE +lostconn(int signo) +{ + if (!iamremote) + warnx("lost connection"); + exit(1); +} + +static int +response(void) +{ + char ch, *cp, resp, rbuf[BUFSIZ]; + + if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp)) + lostconn(0); + + cp = rbuf; + switch(resp) { + case 0: /* ok */ + return (0); + default: + *cp++ = resp; + /* FALLTHROUGH */ + case 1: /* error, followed by error msg */ + case 2: /* fatal error, "" */ + do { + if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) + lostconn(0); + *cp++ = ch; + } while (cp < &rbuf[BUFSIZ] && ch != '\n'); + + if (!iamremote) + write(STDERR_FILENO, rbuf, cp - rbuf); + ++errs; + if (resp == 1) + return (-1); + exit(1); + } + /* NOTREACHED */ +} + +static void +source(int argc, char **argv) +{ + struct stat stb; + static BUF buffer; + BUF *bp; + off_t i; + int amt, fd, haderr, indx, result; + char *last, *name, buf[BUFSIZ]; + + for (indx = 0; indx < argc; ++indx) { + name = argv[indx]; + if ((fd = open(name, O_RDONLY, 0)) < 0) + goto syserr; + if (fstat(fd, &stb)) { +syserr: run_err("%s: %s", name, strerror(errno)); + goto next; + } + switch (stb.st_mode & S_IFMT) { + case S_IFREG: + break; + case S_IFDIR: + if (iamrecursive) { + rsource(name, &stb); + goto next; + } + /* FALLTHROUGH */ + default: + run_err("%s: not a regular file", name); + goto next; + } + if ((last = strrchr(name, '/')) == NULL) + last = name; + else + ++last; + if (pflag) { + /* + * Make it compatible with possible future + * versions expecting microseconds. + */ + snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + (long)stb.st_mtime, (long)stb.st_atime); + des_write(rem, buf, strlen(buf)); + if (response() < 0) + goto next; + } + snprintf(buf, sizeof(buf), "C%04o %ld %s\n", + (int)stb.st_mode & MODEMASK, (long) stb.st_size, last); + des_write(rem, buf, strlen(buf)); + if (response() < 0) + goto next; + if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { +next: close(fd); + continue; + } + + /* Keep writing after an error so that we stay sync'd up. */ + for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { + amt = bp->cnt; + if (i + amt > stb.st_size) + amt = stb.st_size - i; + if (!haderr) { + result = read(fd, bp->buf, amt); + if (result != amt) + haderr = result >= 0 ? EIO : errno; + } + if (haderr) + des_write(rem, bp->buf, amt); + else { + result = des_write(rem, bp->buf, amt); + if (result != amt) + haderr = result >= 0 ? EIO : errno; + } + } + if (close(fd) && !haderr) + haderr = errno; + if (!haderr) + des_write(rem, "", 1); + else + run_err("%s: %s", name, strerror(haderr)); + response(); + } +} + +void +rsource(char *name, struct stat *statp) +{ + DIR *dirp; + struct dirent *dp; + char *last, *vect[1], path[MaxPathLen]; + + if (!(dirp = opendir(name))) { + run_err("%s: %s", name, strerror(errno)); + return; + } + last = strrchr(name, '/'); + if (last == 0) + last = name; + else + last++; + if (pflag) { + snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", + (long)statp->st_mtime, (long)statp->st_atime); + des_write(rem, path, strlen(path)); + if (response() < 0) { + closedir(dirp); + return; + } + } + snprintf(path, sizeof(path), + "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last); + des_write(rem, path, strlen(path)); + if (response() < 0) { + closedir(dirp); + return; + } + while ((dp = readdir(dirp))) { + if (dp->d_ino == 0) + continue; + if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) + continue; + if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) { + run_err("%s/%s: name too long", name, dp->d_name); + continue; + } + if (snprintf(path, sizeof(path), + "%s/%s", name, dp->d_name) >= sizeof(path)) { + run_err("%s/%s: name too long", name, dp->d_name); + continue; + } + vect[0] = path; + source(1, vect); + } + closedir(dirp); + des_write(rem, "E\n", 2); + response(); +} + +static int +kerberos(char **host, char *bp, char *locuser, char *user) +{ + int sock = -1, err; +again: + if (use_kerberos) { + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(*host); + +#if 0 + rem = krcmd(host, port, user, bp, 0, dest_realm); +#else + err = kcmd( + &sock, + host, + port, + NULL, /* locuser not used */ + user, + bp, + 0, + &ticket, + SERVICE_NAME, + dest_realm, + (CREDENTIALS *) NULL, /* credentials not used */ + 0, /* key schedule not used */ + (MSG_DAT *) NULL, /* MSG_DAT not used */ + (struct sockaddr_in *) NULL, /* local addr not used */ + (struct sockaddr_in *) NULL, /* foreign addr not used */ + 0L); /* authopts */ + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warnx("kcmd: %s", krb_get_err_text(err)); + rem = -1; + } else if (err < 0) + rem = -1; + else + rem = sock; +#endif + if (rem < 0) { + use_kerberos = 0; + port = get_shell_port(use_kerberos, 0); + if (errno == ECONNREFUSED) + oldw("remote host doesn't support Kerberos"); + else if (errno == ENOENT) + oldw("can't provide Kerberos authentication data"); + goto again; + } + } else { + if (doencrypt) + errx(1, + "the -x option requires Kerberos authentication"); + if (geteuid() != 0) { + errx(1, "not installed setuid root, " + "only root may use non kerberized rcp"); + } + rem = rcmd(host, port, locuser, user, bp, 0); + } + return (rem); +} + +static void +toremote(char *targ, int argc, char **argv) +{ + int i, len; +#ifdef IP_TOS + int tos; +#endif + char *bp, *host, *src, *suser, *thost, *tuser; + + *targ++ = 0; + if (*targ == 0) + targ = "."; + + if ((thost = strchr(argv[argc - 1], '@'))) { + /* user@host */ + *thost++ = 0; + tuser = argv[argc - 1]; + if (*tuser == '\0') + tuser = NULL; + else if (!okname(tuser)) + exit(1); + } else { + thost = argv[argc - 1]; + tuser = NULL; + } + + for (i = 0; i < argc - 1; i++) { + src = colon(argv[i]); + if (src) { /* remote to remote */ + *src++ = 0; + if (*src == 0) + src = "."; + host = strchr(argv[i], '@'); + len = strlen(_PATH_RSH) + strlen(argv[i]) + + strlen(src) + (tuser ? strlen(tuser) : 0) + + strlen(thost) + strlen(targ) + CMDNEEDS + 20; + if (!(bp = malloc(len))) + err(1, " "); + if (host) { + *host++ = 0; + suser = argv[i]; + if (*suser == '\0') + suser = pwd->pw_name; + else if (!okname(suser)) + continue; + snprintf(bp, len, + "%s %s -l %s -n %s %s '%s%s%s:%s'", + _PATH_RSH, host, suser, cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + } else + snprintf(bp, len, + "exec %s %s -n %s %s '%s%s%s:%s'", + _PATH_RSH, argv[i], cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + susystem(bp, userid); + free(bp); + } else { /* local to remote */ + if (rem == -1) { + len = strlen(targ) + CMDNEEDS + 20; + if (!(bp = malloc(len))) + err(1, " "); + snprintf(bp, len, "%s -t %s", cmd, targ); + host = thost; + if (use_kerberos) + rem = kerberos(&host, bp, +#ifdef __CYGWIN32__ + tuser, +#else + pwd->pw_name, +#endif + tuser ? tuser : pwd->pw_name); + else + rem = rcmd(&host, port, +#ifdef __CYGWIN32__ + tuser, +#else + pwd->pw_name, +#endif + tuser ? tuser : pwd->pw_name, + bp, 0); + if (rem < 0) + exit(1); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, + (void *)&tos, sizeof(int)) < 0) + warn("TOS (ignored)"); +#endif /* IP_TOS */ + if (doencrypt) + send_auth(host, dest_realm); + if (response() < 0) + exit(1); + free(bp); + setuid(userid); + } + source(1, argv+i); + } + } +} + +static void +sink(int argc, char **argv) +{ + static BUF buffer; + struct stat stb; + struct timeval tv[2]; + enum { YES, NO, DISPLAYED } wrerr; + BUF *bp; + off_t i, j; + int amt, count, exists, first, mask, mode, ofd, omode; + int setimes, size, targisdir, wrerrno=0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ]; + +#define atime tv[0] +#define mtime tv[1] +#define SCREWUP(str) { why = str; goto screwup; } + + setimes = targisdir = 0; + mask = umask(0); + if (!pflag) + umask(mask); + if (argc != 1) { + run_err("ambiguous target"); + exit(1); + } + targ = *argv; + if (targetshouldbedirectory) + verifydir(targ); + des_write(rem, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; + for (first = 1;; first = 0) { + cp = buf; + if (des_read(rem, cp, 1) <= 0) + return; + if (*cp++ == '\n') + SCREWUP("unexpected "); + do { + if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) + SCREWUP("lost connection"); + *cp++ = ch; + } while (cp < &buf[BUFSIZ - 1] && ch != '\n'); + *cp = 0; + + if (buf[0] == '\01' || buf[0] == '\02') { + if (iamremote == 0) + write(STDERR_FILENO, + buf + 1, strlen(buf + 1)); + if (buf[0] == '\02') + exit(1); + ++errs; + continue; + } + if (buf[0] == 'E') { + des_write(rem, "", 1); + return; + } + + if (ch == '\n') + *--cp = 0; + +#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0'); + cp = buf; + if (*cp == 'T') { + setimes++; + cp++; + getnum(mtime.tv_sec); + if (*cp++ != ' ') + SCREWUP("mtime.sec not delimited"); + getnum(mtime.tv_usec); + if (*cp++ != ' ') + SCREWUP("mtime.usec not delimited"); + getnum(atime.tv_sec); + if (*cp++ != ' ') + SCREWUP("atime.sec not delimited"); + getnum(atime.tv_usec); + if (*cp++ != '\0') + SCREWUP("atime.usec not delimited"); + des_write(rem, "", 1); + continue; + } + if (*cp != 'C' && *cp != 'D') { + /* + * Check for the case "rcp remote:foo\* local:bar". + * In this case, the line "No match." can be returned + * by the shell before the rcp command on the remote is + * executed so the ^Aerror_message convention isn't + * followed. + */ + if (first) { + run_err("%s", cp); + exit(1); + } + SCREWUP("expected control record"); + } + mode = 0; + for (++cp; cp < buf + 5; cp++) { + if (*cp < '0' || *cp > '7') + SCREWUP("bad mode"); + mode = (mode << 3) | (*cp - '0'); + } + if (*cp++ != ' ') + SCREWUP("mode not delimited"); + + for (size = 0; isdigit(*cp);) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); + if (targisdir) { + static char *namebuf; + static int cursize; + size_t need; + + need = strlen(targ) + strlen(cp) + 250; + if (need > cursize) { + if (!(namebuf = malloc(need))) + run_err("%s", strerror(errno)); + } + snprintf(namebuf, need, "%s%s%s", targ, + *targ ? "/" : "", cp); + np = namebuf; + } else + np = targ; + exists = stat(np, &stb) == 0; + if (buf[0] == 'D') { + int mod_flag = pflag; + if (exists) { + if (!S_ISDIR(stb.st_mode)) { + errno = ENOTDIR; + goto bad; + } + if (pflag) + chmod(np, mode); + } else { + /* Handle copying from a read-only directory */ + mod_flag = 1; + if (mkdir(np, mode | S_IRWXU) < 0) + goto bad; + } + vect[0] = np; + sink(1, vect); + if (setimes) { + struct utimbuf times; + times.actime = atime.tv_sec; + times.modtime = mtime.tv_sec; + setimes = 0; + if (utime(np, ×) < 0) + run_err("%s: set times: %s", + np, strerror(errno)); + } + if (mod_flag) + chmod(np, mode); + continue; + } + omode = mode; + mode |= S_IWRITE; + if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { +bad: run_err("%s: %s", np, strerror(errno)); + continue; + } + des_write(rem, "", 1); + if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { + close(ofd); + continue; + } + cp = bp->buf; + wrerr = NO; + for (count = i = 0; i < size; i += BUFSIZ) { + amt = BUFSIZ; + if (i + amt > size) + amt = size - i; + count += amt; + do { + j = des_read(rem, cp, amt); + if (j <= 0) { + run_err("%s", j ? strerror(errno) : + "dropped connection"); + exit(1); + } + amt -= j; + cp += j; + } while (amt > 0); + if (count == bp->cnt) { + /* Keep reading so we stay sync'd up. */ + if (wrerr == NO) { + j = write(ofd, bp->buf, count); + if (j != count) { + wrerr = YES; + wrerrno = j >= 0 ? EIO : errno; + } + } + count = 0; + cp = bp->buf; + } + } + if (count != 0 && wrerr == NO && + (j = write(ofd, bp->buf, count)) != count) { + wrerr = YES; + wrerrno = j >= 0 ? EIO : errno; + } + if (ftruncate(ofd, size)) { + run_err("%s: truncate: %s", np, strerror(errno)); + wrerr = DISPLAYED; + } + if (pflag) { + if (exists || omode != mode) +#ifdef HAVE_FCHMOD + if (fchmod(ofd, omode)) +#else + if (chmod(np, omode)) +#endif + run_err("%s: set mode: %s", + np, strerror(errno)); + } else { + if (!exists && omode != mode) +#ifdef HAVE_FCHMOD + if (fchmod(ofd, omode & ~mask)) +#else + if (chmod(np, omode & ~mask)) +#endif + run_err("%s: set mode: %s", + np, strerror(errno)); + } + close(ofd); + response(); + if (setimes && wrerr == NO) { + struct utimbuf times; + times.actime = atime.tv_sec; + times.modtime = mtime.tv_sec; + setimes = 0; + if (utime(np, ×) < 0) { + run_err("%s: set times: %s", + np, strerror(errno)); + wrerr = DISPLAYED; + } + } + switch(wrerr) { + case YES: + run_err("%s: %s", np, strerror(wrerrno)); + break; + case NO: + des_write(rem, "", 1); + break; + case DISPLAYED: + break; + } + } +screwup: + run_err("protocol error: %s", why); + exit(1); +} + +static void +tolocal(int argc, char **argv) +{ + int i, len; +#ifdef IP_TOS + int tos; +#endif + char *bp, *host, *src, *suser; + + for (i = 0; i < argc - 1; i++) { + if (!(src = colon(argv[i]))) { /* Local to local. */ + len = strlen(_PATH_CP) + strlen(argv[i]) + + strlen(argv[argc - 1]) + 20; + if (!(bp = malloc(len))) + err(1, " "); + snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, + iamrecursive ? " -r" : "", pflag ? " -p" : "", + argv[i], argv[argc - 1]); + if (susystem(bp, userid)) + ++errs; + free(bp); + continue; + } + *src++ = 0; + if (*src == 0) + src = "."; + if ((host = strchr(argv[i], '@')) == NULL) { +#ifdef __CYGWIN32__ + errx (1, "Sorry, you need to specify the username"); +#else + host = argv[i]; + suser = pwd->pw_name; +#endif + } else { + *host++ = 0; + suser = argv[i]; + if (*suser == '\0') +#ifdef __CYGWIN32__ + errx (1, "Sorry, you need to specify the username"); +#else + suser = pwd->pw_name; +#endif + else if (!okname(suser)) + continue; + } + len = strlen(src) + CMDNEEDS + 20; + if ((bp = malloc(len)) == NULL) + err(1, " "); + snprintf(bp, len, "%s -f %s", cmd, src); + rem = + use_kerberos ? + kerberos(&host, bp, +#ifndef __CYGWIN32__ + pwd->pw_name, +#else + suser, +#endif + suser) : + rcmd(&host, port, +#ifndef __CYGWIN32__ + pwd->pw_name, +#else + suser, +#endif + suser, bp, 0); + free(bp); + if (rem < 0) { + ++errs; + continue; + } + seteuid(userid); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos, + sizeof(int)) < 0) + warn("TOS (ignored)"); +#endif /* IP_TOS */ + if (doencrypt) + send_auth(host, dest_realm); + sink(1, argv + argc - 1); + seteuid(0); + close(rem); + rem = -1; + } +} + + +int +main(int argc, char **argv) +{ + int ch, fflag, tflag; + char *targ; + + set_progname(argv[0]); + fflag = tflag = 0; + while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + switch(ch) { /* User-visible flags. */ + case 'K': + use_kerberos = 0; + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dst_realm_buf, optarg, REALM_SZ); + break; + case 'x': + doencrypt = 1; + LEFT_JUSTIFIED = 1; + break; + case 'p': + pflag = 1; + break; + case 'r': + iamrecursive = 1; + break; + /* Server options. */ + case 'd': + targetshouldbedirectory = 1; + break; + case 'f': /* "from" */ + iamremote = 1; + fflag = 1; + break; + case 't': /* "to" */ + iamremote = 1; + tflag = 1; + break; + case '?': + default: + usage(); + } + argc -= optind; + argv += optind; + + /* Rcp implements encrypted file transfer without using the + * kshell service, pass 0 for no encryption */ + port = get_shell_port(use_kerberos, 0); + +#ifndef __CYGWIN32__ + if ((pwd = k_getpwuid(userid = getuid())) == NULL) + errx(1, "unknown user %d", (int)userid); +#endif + + rem = STDIN_FILENO; /* XXX */ + + if (fflag) { /* Follow "protocol", send data. */ + if (doencrypt) + answer_auth(); + response(); + setuid(userid); + if (k_hasafs()) { + /* Sometimes we will need cell specific tokens + * to be able to read and write files, thus, + * the token stuff done in rshd might not + * suffice. + */ + char cell[64]; + if (k_afs_cell_of_file(pwd->pw_dir, + cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + source(argc, argv); + exit(errs); + } + + if (tflag) { /* Receive data. */ + if (doencrypt) + answer_auth(); + setuid(userid); + if (k_hasafs()) { + char cell[64]; + if (k_afs_cell_of_file(pwd->pw_dir, + cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + sink(argc, argv); + exit(errs); + } + + if (argc < 2) + usage(); + if (argc > 2) + targetshouldbedirectory = 1; + + rem = -1; + /* Command to be executed on remote system using "rsh". */ + snprintf(cmd, sizeof(cmd), + "rcp%s%s%s%s", iamrecursive ? " -r" : "", + (doencrypt && use_kerberos ? " -x" : ""), + pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); + + signal(SIGPIPE, lostconn); + + if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ + toremote(targ, argc, argv); + else { + tolocal(argc, argv); /* Dest is local host. */ + if (targetshouldbedirectory) + verifydir(argv[argc - 1]); + } + exit(errs); +} diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c new file mode 100644 index 0000000..6f0c5f0 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcp_util.c @@ -0,0 +1,97 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $"); + +char * +colon(char *cp) +{ + if (*cp == ':') /* Leading colon is part of file name. */ + return (0); + + for (; *cp; ++cp) { + if (*cp == ':') + return (cp); + if (*cp == '/') + return (0); + } + return (0); +} + +int +okname(char *cp0) +{ + int c; + char *cp; + + cp = cp0; + do { + c = *cp; + if (c & 0200) + goto bad; + if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-') + goto bad; + } while (*++cp); + return (1); + +bad: warnx("%s: invalid user name", cp0); + return (0); +} + +int +susystem(char *s, int userid) +{ + RETSIGTYPE (*istat)(), (*qstat)(); + int status; + pid_t pid; + + pid = fork(); + switch (pid) { + case -1: + return (127); + + case 0: + setuid(userid); + execl(_PATH_BSHELL, "sh", "-c", s, NULL); + _exit(127); + } + istat = signal(SIGINT, SIG_IGN); + qstat = signal(SIGQUIT, SIG_IGN); + if (waitpid(pid, &status, 0) < 0) + status = -1; + signal(SIGINT, istat); + signal(SIGQUIT, qstat); + return (status); +} diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c new file mode 100644 index 0000000..27aa8f0 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rlogin.c @@ -0,0 +1,707 @@ +/* + * Copyright (c) 1983, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * rlogin - remote login + */ +#include "bsd_locl.h" + +RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $"); + +CREDENTIALS cred; +Key_schedule schedule; +int use_kerberos = 1, doencrypt; +char dst_realm_buf[REALM_SZ], *dest_realm = NULL; + +#ifndef CCEQ +#define c2uc(x) ((unsigned char) x) +#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0) +#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c)) +#endif + +int eight, rem; +struct termios deftty; + +int noescape; +char escapechar = '~'; + +struct winsize winsize; + +int parent, rcvcnt; +char rcvbuf[8 * 1024]; + +int child; + +static void +echo(char c) +{ + char *p; + char buf[8]; + + p = buf; + c &= 0177; + *p++ = escapechar; + if (c < ' ') { + *p++ = '^'; + *p++ = c + '@'; + } else if (c == 0177) { + *p++ = '^'; + *p++ = '?'; + } else + *p++ = c; + *p++ = '\r'; + *p++ = '\n'; + write(STDOUT_FILENO, buf, p - buf); +} + +static void +mode(int f) +{ + struct termios tty; + + switch (f) { + case 0: + tcsetattr(0, TCSANOW, &deftty); + break; + case 1: + tcgetattr(0, &deftty); + tty = deftty; + /* This is loosely derived from sys/compat/tty_compat.c. */ + tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN); + tty.c_iflag &= ~ICRNL; + tty.c_oflag &= ~OPOST; + tty.c_cc[VMIN] = 1; + tty.c_cc[VTIME] = 0; + if (eight) { + tty.c_iflag &= IXOFF; + tty.c_cflag &= ~(CSIZE|PARENB); + tty.c_cflag |= CS8; + } + tcsetattr(0, TCSANOW, &tty); + break; + default: + return; + } +} + +static void +done(int status) +{ + int w, wstatus; + + mode(0); + if (child > 0) { + /* make sure catch_child does not snap it up */ + signal(SIGCHLD, SIG_DFL); + if (kill(child, SIGKILL) >= 0) + while ((w = wait(&wstatus)) > 0 && w != child); + } + exit(status); +} + +static +RETSIGTYPE +catch_child(int foo) +{ + int status; + int pid; + + for (;;) { + pid = waitpid(-1, &status, WNOHANG|WUNTRACED); + if (pid == 0) + return; + /* if the child (reader) dies, just quit */ + if (pid < 0 || (pid == child && !WIFSTOPPED(status))) + done(WTERMSIG(status) | WEXITSTATUS(status)); + } + /* NOTREACHED */ +} + +/* + * There is a race in the SunOS5 rlogind. If the slave end has not yet + * been opened by the child when setting tty size the size is reset to + * zero when the child opens it. Therefore we send the window update + * twice. + */ + +static int tty_kludge = 1; + +/* Return the number of OOB bytes processed. */ +static int +oob_real(void) +{ + struct termios tty; + int atmark, n, out, rcvd; + char waste[BUFSIZ], mark; + + out = O_RDWR; + rcvd = 0; + if (recv(rem, &mark, 1, MSG_OOB) < 0) { + return -1; + } + if (mark & TIOCPKT_WINDOW) { + /* Let server know about window size changes */ + kill(parent, SIGUSR1); + } else if (tty_kludge) { + /* Let server know about window size changes */ + kill(parent, SIGUSR1); + tty_kludge = 0; + } + if (!eight && (mark & TIOCPKT_NOSTOP)) { + tcgetattr(0, &tty); + tty.c_iflag &= ~IXON; + tcsetattr(0, TCSANOW, &tty); + } + if (!eight && (mark & TIOCPKT_DOSTOP)) { + tcgetattr(0, &tty); + tty.c_iflag |= (deftty.c_iflag & IXON); + tcsetattr(0, TCSANOW, &tty); + } + if (mark & TIOCPKT_FLUSHWRITE) { +#ifdef TCOFLUSH + tcflush(1, TCOFLUSH); +#else + ioctl(1, TIOCFLUSH, (char *)&out); +#endif + for (;;) { + if (ioctl(rem, SIOCATMARK, &atmark) < 0) { + warn("ioctl"); + break; + } + if (atmark) + break; + n = read(rem, waste, sizeof (waste)); + if (n <= 0) + break; + } + /* + * Don't want any pending data to be output, so clear the recv + * buffer. If we were hanging on a write when interrupted, + * don't want it to restart. If we were reading, restart + * anyway. + */ + rcvcnt = 0; + } + + /* oob does not do FLUSHREAD (alas!) */ + return 1; +} + +/* reader: read from remote: line -> 1 */ +static int +reader(void) +{ + int n, remaining; + char *bufp; + int kludgep = 1; + + bufp = rcvbuf; + for (;;) { + fd_set readfds, exceptfds; + while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) { + n = write(STDOUT_FILENO, bufp, remaining); + if (n < 0) { + if (errno != EINTR) + return (-1); + continue; + } + bufp += n; + } + bufp = rcvbuf; + rcvcnt = 0; + + FD_ZERO (&readfds); + FD_SET (rem, &readfds); + FD_ZERO (&exceptfds); + if (kludgep) + FD_SET (rem, &exceptfds); + if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) { + if (errno == EINTR) + continue; /* Got signal */ + else + errx(1, "select failed mysteriously"); + } + + if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) { + warnx("select: nothing to read?"); + continue; + } + + if (FD_ISSET(rem, &exceptfds)) { + int foo = oob_real (); + if (foo >= 1) + continue; /* First check if there is more OOB data. */ + else if (foo < 0) + kludgep = 0; + } + + if (!FD_ISSET(rem, &readfds)) + continue; /* Nothing to read. */ + + kludgep = 1; +#ifndef NOENCRYPTION + if (doencrypt) + rcvcnt = des_enc_read(rem, rcvbuf, + sizeof(rcvbuf), + schedule, &cred.session); + else +#endif + rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); + if (rcvcnt == 0) + return (0); + if (rcvcnt < 0) { + if (errno == EINTR) + continue; + warn("read"); + return (-1); + } + } +} + +/* + * Send the window size to the server via the magic escape + */ +static void +sendwindow(void) +{ + char obuf[4 + 4 * sizeof (u_int16_t)]; + unsigned short *p; + + p = (u_int16_t *)(obuf + 4); + obuf[0] = 0377; + obuf[1] = 0377; + obuf[2] = 's'; + obuf[3] = 's'; + *p++ = htons(winsize.ws_row); + *p++ = htons(winsize.ws_col); +#ifdef HAVE_WS_XPIXEL + *p++ = htons(winsize.ws_xpixel); +#else + *p++ = htons(0); +#endif +#ifdef HAVE_WS_YPIXEL + *p++ = htons(winsize.ws_ypixel); +#else + *p++ = htons(0); +#endif + +#ifndef NOENCRYPTION + if(doencrypt) + des_enc_write(rem, obuf, sizeof(obuf), schedule, + &cred.session); + else +#endif + write(rem, obuf, sizeof(obuf)); +} + +static +RETSIGTYPE +sigwinch(int foo) +{ + struct winsize ws; + + if (get_window_size(0, &ws) == 0 && + memcmp(&ws, &winsize, sizeof(ws))) { + winsize = ws; + sendwindow(); + } +} + +static void +stop(int all) +{ + mode(0); + signal(SIGCHLD, SIG_IGN); + kill(all ? 0 : getpid(), SIGTSTP); + signal(SIGCHLD, catch_child); + mode(1); +#ifdef SIGWINCH + kill(SIGWINCH, getpid()); /* check for size changes, if caught */ +#endif +} + +/* + * writer: write to remote: 0 -> line. + * ~. terminate + * ~^Z suspend rlogin process. + * ~ suspend rlogin process, but leave reader alone. + */ +static void +writer(void) +{ + int bol, local, n; + char c; + + bol = 1; /* beginning of line */ + local = 0; + for (;;) { + n = read(STDIN_FILENO, &c, 1); + if (n <= 0) { + if (n < 0 && errno == EINTR) + continue; + break; + } + /* + * If we're at the beginning of the line and recognize a + * command character, then we echo locally. Otherwise, + * characters are echo'd remotely. If the command character + * is doubled, this acts as a force and local echo is + * suppressed. + */ + if (bol) { + bol = 0; + if (!noescape && c == escapechar) { + local = 1; + continue; + } + } else if (local) { + local = 0; + if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) { + echo(c); + break; + } + if (CCEQ(deftty.c_cc[VSUSP], c)) { + bol = 1; + echo(c); + stop(1); + continue; + } +#ifdef VDSUSP + /* Is VDSUSP called something else on Linux? + * Perhaps VDELAY is a better thing? */ + if (CCEQ(deftty.c_cc[VDSUSP], c)) { + bol = 1; + echo(c); + stop(0); + continue; + } +#endif /* VDSUSP */ + if (c != escapechar) +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(rem, &escapechar,1, schedule, &cred.session); + else +#endif + write(rem, &escapechar, 1); + } + + if (doencrypt) { +#ifdef NOENCRYPTION + if (write(rem, &c, 1) == 0) { +#else + if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { +#endif + warnx("line gone"); + break; + } + } else + if (write(rem, &c, 1) == 0) { + warnx("line gone"); + break; + } + bol = CCEQ(deftty.c_cc[VKILL], c) || + CCEQ(deftty.c_cc[VEOF], c) || + CCEQ(deftty.c_cc[VINTR], c) || + CCEQ(deftty.c_cc[VSUSP], c) || + c == '\r' || c == '\n'; + } +} + +static +RETSIGTYPE +lostpeer(int foo) +{ + signal(SIGPIPE, SIG_IGN); + warnx("\aconnection closed.\r"); + done(1); +} + +/* + * This is called in the parent when the reader process gets the + * out-of-band (urgent) request to turn on the window-changing + * protocol. It is signalled from the child(reader). + */ +static +RETSIGTYPE +sigusr1(int foo) +{ + /* + * Now we now daemon supports winsize hack, + */ + sendwindow(); +#ifdef SIGWINCH + signal(SIGWINCH, sigwinch); /* so we start to support it */ +#endif + SIGRETURN(0); +} + +static void +doit(void) +{ + signal(SIGINT, SIG_IGN); + signal(SIGHUP, SIG_IGN); + signal(SIGQUIT, SIG_IGN); + + signal(SIGCHLD, catch_child); + + /* + * Child sends parent this signal for window size hack. + */ + signal(SIGUSR1, sigusr1); + + signal(SIGPIPE, lostpeer); + + mode(1); + parent = getpid(); + child = fork(); + if (child == -1) { + warn("fork"); + done(1); + } + if (child == 0) { + signal(SIGCHLD, SIG_IGN); + signal(SIGTTOU, SIG_IGN); + if (reader() == 0) + errx(1, "connection closed.\r"); + sleep(1); + errx(1, "\aconnection closed.\r"); + } + + writer(); + warnx("closed connection.\r"); + done(0); +} + +static void +usage(void) +{ + fprintf(stderr, + "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n", + "8DEKLdx", " [-k realm] "); + exit(1); +} + +static u_int +getescape(char *p) +{ + long val; + int len; + + if ((len = strlen(p)) == 1) /* use any single char, including '\' */ + return ((u_int)*p); + /* otherwise, \nnn */ + if (*p == '\\' && len >= 2 && len <= 4) { + val = strtol(++p, NULL, 8); + for (;;) { + if (!*++p) + return ((u_int)val); + if (*p < '0' || *p > '8') + break; + } + } + warnx("illegal option value -- e"); + usage(); + return 0; +} + +int +main(int argc, char **argv) +{ + struct passwd *pw; + int sv_port, user_port = 0; + int argoff, ch, dflag, Dflag, one, uid; + char *host, *user, term[1024]; + + argoff = dflag = Dflag = 0; + one = 1; + host = user = NULL; + + set_progname(argv[0]); + + /* handle "rlogin host flags" */ + if (argc > 2 && argv[1][0] != '-') { + host = argv[1]; + argoff = 1; + } + +#define OPTIONS "8DEKLde:k:l:xp:" + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) + switch(ch) { + case '8': + eight = 1; + break; + case 'D': + Dflag = 1; + break; + case 'E': + noescape = 1; + break; + case 'K': + use_kerberos = 0; + break; + case 'd': + dflag = 1; + break; + case 'e': + noescape = 0; + escapechar = getescape(optarg); + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dest_realm, optarg, REALM_SZ); + break; + case 'l': + user = optarg; + break; + case 'x': + doencrypt = 1; + break; + case 'p': + user_port = htons(atoi(optarg)); + break; + case '?': + default: + usage(); + } + optind += argoff; + argc -= optind; + argv += optind; + + /* if haven't gotten a host yet, do so */ + if (!host && !(host = *argv++)) + usage(); + + if (*argv) + usage(); + + if (!(pw = k_getpwuid(uid = getuid()))) + errx(1, "unknown user id."); + if (!user) + user = pw->pw_name; + + + if (user_port) + sv_port = user_port; + else + sv_port = get_login_port(use_kerberos, doencrypt); + + { + char *p = getenv("TERM"); + struct termios tty; + int i; + + if (p == NULL) + p = "network"; + + if (tcgetattr(0, &tty) == 0 + && (i = speed_t2int (cfgetospeed(&tty))) > 0) + snprintf (term, sizeof(term), + "%s/%d", + p, i); + else + snprintf (term, sizeof(term), + "%s", + p); + } + + get_window_size(0, &winsize); + + try_connect: + if (use_kerberos) { + struct hostent *hp; + + /* Fully qualify hostname (needed for krb_realmofhost). */ + hp = gethostbyname(host); + if (hp != NULL && !(host = strdup(hp->h_name))) { + errno = ENOMEM; + err(1, NULL); + } + + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(host); + + if (doencrypt) + rem = krcmd_mutual(&host, sv_port, user, term, 0, + dest_realm, &cred, schedule); + else + rem = krcmd(&host, sv_port, user, term, 0, + dest_realm); + if (rem < 0) { + use_kerberos = 0; + if (user_port == 0) + sv_port = get_login_port(use_kerberos, + doencrypt); + if (errno == ECONNREFUSED) + warning("remote host doesn't support Kerberos"); + if (errno == ENOENT) + warning("can't provide Kerberos auth data"); + goto try_connect; + } + } else { + if (doencrypt) + errx(1, "the -x flag requires Kerberos authentication."); + if (geteuid() != 0) + errx(1, "not installed setuid root, " + "only root may use non kerberized rlogin"); + rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0); + } + + if (rem < 0) + exit(1); + +#ifdef HAVE_SETSOCKOPT +#ifdef SO_DEBUG + if (dflag && + setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); +#endif +#ifdef TCP_NODELAY + if (Dflag && + setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt(TCP_NODELAY)"); +#endif +#ifdef IP_TOS + one = IPTOS_LOWDELAY; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0) + warn("setsockopt(IP_TOS)"); +#endif /* IP_TOS */ +#endif /* HAVE_SETSOCKOPT */ + + setuid(uid); + doit(); + return 0; +} diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c new file mode 100644 index 0000000..c5d80774 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rlogind.c @@ -0,0 +1,934 @@ +/*- + * Copyright (c) 1983, 1988, 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * remote login server: + * \0 + * remuser\0 + * locuser\0 + * terminal_type/speed\0 + * data + */ + +#include "bsd_locl.h" + +RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $"); + +extern int __check_rhosts_file; + +char *INSECURE_MESSAGE = +"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***" +"\r\n*** Use telnet or rlogin -x instead! ***\r\n"; + +#ifndef NOENCRYPTION +char *SECURE_MESSAGE = +"This rlogin session is using DES encryption for all transmissions.\r\n"; +#else +#define SECURE_MESSAGE INSECURE_MESSAGE +#endif + +AUTH_DAT *kdata; +KTEXT ticket; +u_char auth_buf[sizeof(AUTH_DAT)]; +u_char tick_buf[sizeof(KTEXT_ST)]; +Key_schedule schedule; +int doencrypt, retval, use_kerberos, vacuous; + +#define ARGSTR "Daip:lnkvxL:" + +char *env[2]; +#define NMAX 30 +char lusername[NMAX+1], rusername[NMAX+1]; +static char term[64] = "TERM="; +#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ +int keepalive = 1; +int check_all = 0; +int no_delay = 0; + +struct passwd *pwd; + +static const char *new_login = _PATH_LOGIN; + +static void doit (int, struct sockaddr_in *); +static int control (int, char *, int); +static void protocol (int, int); +static RETSIGTYPE cleanup (int); +void fatal (int, const char *, int); +static int do_rlogin (struct sockaddr_in *); +static void setup_term (int); +static int do_krb_login (struct sockaddr_in *); +static void usage (void); + +static int +readstream(int p, char *ibuf, int bufsize) +{ +#ifndef HAVE_GETMSG + return read(p, ibuf, bufsize); +#else + static int flowison = -1; /* current state of flow: -1 is unknown */ + static struct strbuf strbufc, strbufd; + static unsigned char ctlbuf[BUFSIZ]; + static int use_read = 1; + + int flags = 0; + int ret; + struct termios tsp; + + struct iocblk ip; + char vstop, vstart; + int ixon; + int newflow; + + if (use_read) + { + ret = read(p, ibuf, bufsize); + if (ret < 0 && errno == EBADMSG) + use_read = 0; + else + return ret; + } + + strbufc.maxlen = BUFSIZ; + strbufc.buf = (char *)ctlbuf; + strbufd.maxlen = bufsize-1; + strbufd.len = 0; + strbufd.buf = ibuf+1; + ibuf[0] = 0; + + ret = getmsg(p, &strbufc, &strbufd, &flags); + if (ret < 0) /* error of some sort -- probably EAGAIN */ + return(-1); + + if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { + /* data message */ + if (strbufd.len > 0) { /* real data */ + return(strbufd.len + 1); /* count header char */ + } else { + /* nothing there */ + errno = EAGAIN; + return(-1); + } + } + + /* + * It's a control message. Return 1, to look at the flag we set + */ + + switch (ctlbuf[0]) { + case M_FLUSH: + if (ibuf[1] & FLUSHW) + ibuf[0] = TIOCPKT_FLUSHWRITE; + return(1); + + case M_IOCTL: + memcpy(&ip, (ibuf+1), sizeof(ip)); + + switch (ip.ioc_cmd) { +#ifdef TCSETS + case TCSETS: + case TCSETSW: + case TCSETSF: + memcpy(&tsp, + (ibuf+1 + sizeof(struct iocblk)), + sizeof(tsp)); + vstop = tsp.c_cc[VSTOP]; + vstart = tsp.c_cc[VSTART]; + ixon = tsp.c_iflag & IXON; + break; +#endif + default: + errno = EAGAIN; + return(-1); + } + + newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; + if (newflow != flowison) { /* it's a change */ + flowison = newflow; + ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; + return(1); + } + } + + /* nothing worth doing anything about */ + errno = EAGAIN; + return(-1); +#endif +} + +#ifdef HAVE_UTMPX_H +static int +logout(const char *line) +{ + struct utmpx utmpx, *utxp; + int ret = 1; + + setutxent (); + memset(&utmpx, 0, sizeof(utmpx)); + utmpx.ut_type = USER_PROCESS; + strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); + utxp = getutxline(&utmpx); + if (utxp) { + strcpy(utxp->ut_user, ""); + utxp->ut_type = DEAD_PROCESS; +#ifdef _STRUCT___EXIT_STATUS + utxp->ut_exit.__e_termination = 0; + utxp->ut_exit.__e_exit = 0; +#elif defined(__osf__) /* XXX */ + utxp->ut_exit.ut_termination = 0; + utxp->ut_exit.ut_exit = 0; +#else + utxp->ut_exit.e_termination = 0; + utxp->ut_exit.e_exit = 0; +#endif + gettimeofday(&utxp->ut_tv, NULL); + pututxline(utxp); +#ifdef WTMPX_FILE + updwtmpx(WTMPX_FILE, utxp); +#else + ret = 0; +#endif + } + endutxent(); + return ret; +} +#else +static int +logout(const char *line) +{ + FILE *fp; + struct utmp ut; + int rval; + + if (!(fp = fopen(_PATH_UTMP, "r+"))) + return(0); + rval = 1; + while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) { + if (!ut.ut_name[0] || + strncmp(ut.ut_line, line, sizeof(ut.ut_line))) + continue; + memset(ut.ut_name, 0, sizeof(ut.ut_name)); +#ifdef HAVE_UT_HOST + memset(ut.ut_host, 0, sizeof(ut.ut_host)); +#endif + time(&ut.ut_time); + fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); + fwrite(&ut, sizeof(struct utmp), 1, fp); + fseek(fp, (long)0, SEEK_CUR); + rval = 0; + } + fclose(fp); + return(rval); +} +#endif + +#ifndef HAVE_LOGWTMP +static void +logwtmp(const char *line, const char *name, const char *host) +{ + struct utmp ut; + struct stat buf; + int fd; + + memset (&ut, 0, sizeof(ut)); + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (!fstat(fd, &buf)) { + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); +#ifdef HAVE_UT_HOST + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); +#endif +#ifdef HAVE_UT_PID + ut.ut_pid = getpid(); +#endif +#ifdef HAVE_UT_TYPE + if(name[0]) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; +#endif + time(&ut.ut_time); + if (write(fd, &ut, sizeof(struct utmp)) != + sizeof(struct utmp)) + ftruncate(fd, buf.st_size); + } + close(fd); +} +#endif + +int +main(int argc, char **argv) +{ + struct sockaddr_in from; + int ch, fromlen, on; + int interactive = 0; + int portnum = 0; + + set_progname(argv[0]); + + openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); + + opterr = 0; + while ((ch = getopt(argc, argv, ARGSTR)) != EOF) + switch (ch) { + case 'D': + no_delay = 1; + break; + case 'a': + break; + case 'i': + interactive = 1; + break; + case 'p': + portnum = htons(atoi(optarg)); + break; + case 'l': + __check_rhosts_file = 0; + break; + case 'n': + keepalive = 0; + break; + case 'k': + use_kerberos = 1; + break; + case 'v': + vacuous = 1; + break; + case 'x': + doencrypt = 1; + break; + case 'L': + new_login = optarg; + break; + case '?': + default: + usage(); + break; + } + argc -= optind; + argv += optind; + + if (use_kerberos && vacuous) { + usage(); + fatal(STDERR_FILENO, "only one of -k and -v allowed", 0); + } + if (interactive) { + if(portnum == 0) + portnum = get_login_port (use_kerberos, doencrypt); + mini_inetd (portnum); + } + + fromlen = sizeof (from); + if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { + syslog(LOG_ERR,"Can't get peer name of remote host: %m"); + fatal(STDERR_FILENO, "Can't get peer name of remote host", 1); + } + on = 1; +#ifdef HAVE_SETSOCKOPT +#ifdef SO_KEEPALIVE + if (keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof (on)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); +#endif +#ifdef TCP_NODELAY + if (no_delay && + setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); +#endif + +#ifdef IP_TOS + on = IPTOS_LOWDELAY; + if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif +#endif /* HAVE_SETSOCKOPT */ + doit(0, &from); + return 0; +} + +int child; +int netf; +char line[MaxPathLen]; +int confirmed; + +struct winsize win = { 0, 0, 0, 0 }; + + +static void +doit(int f, struct sockaddr_in *fromp) +{ + int master, pid, on = 1; + int authenticated = 0; + char hostname[2 * MaxHostNameLen + 1]; + char c; + + alarm(60); + read(f, &c, 1); + + if (c != 0) + exit(1); + if (vacuous) + fatal(f, "Remote host requires Kerberos authentication", 0); + + alarm(0); + inaddr2str (fromp->sin_addr, hostname, sizeof(hostname)); + + if (use_kerberos) { + retval = do_krb_login(fromp); + if (retval == 0) + authenticated++; + else if (retval > 0) + fatal(f, krb_get_err_text(retval), 0); + write(f, &c, 1); + confirmed = 1; /* we sent the null! */ + } else { + fromp->sin_port = ntohs((u_short)fromp->sin_port); + if (fromp->sin_family != AF_INET || + fromp->sin_port >= IPPORT_RESERVED || + fromp->sin_port < IPPORT_RESERVED/2) { + syslog(LOG_NOTICE, "Connection from %s on illegal port", + inet_ntoa(fromp->sin_addr)); + fatal(f, "Permission denied", 0); + } + ip_options_and_die (0, fromp); + if (do_rlogin(fromp) == 0) + authenticated++; + } + if (confirmed == 0) { + write(f, "", 1); + confirmed = 1; /* we sent the null! */ + } +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(f, SECURE_MESSAGE, + strlen(SECURE_MESSAGE), + schedule, &kdata->session); + else +#endif + write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE)); + netf = f; + + pid = forkpty(&master, line, NULL, NULL); + if (pid < 0) { + if (errno == ENOENT) + fatal(f, "Out of ptys", 0); + else + fatal(f, "Forkpty", 1); + } + if (pid == 0) { + if (f > 2) /* f should always be 0, but... */ + close(f); + setup_term(0); + if (lusername[0] == '-'){ + syslog(LOG_ERR, "tried to pass user \"%s\" to login", + lusername); + fatal(STDERR_FILENO, "invalid user", 0); + } + if (authenticated) { + if (use_kerberos && (pwd->pw_uid == 0)) + syslog(LOG_INFO|LOG_AUTH, + "ROOT Kerberos login from %s on %s\n", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + hostname); + + execl(new_login, "login", "-p", + "-h", hostname, "-f", "--", lusername, 0); + } else + execl(new_login, "login", "-p", + "-h", hostname, "--", lusername, 0); + fatal(STDERR_FILENO, new_login, 1); + /*NOTREACHED*/ + } + /* + * If encrypted, don't turn on NBIO or the des read/write + * routines will croak. + */ + + if (!doencrypt) + ioctl(f, FIONBIO, &on); + ioctl(master, FIONBIO, &on); + ioctl(master, TIOCPKT, &on); + signal(SIGTSTP, SIG_IGN); + signal(SIGCHLD, cleanup); + setsid(); + protocol(f, master); + signal(SIGCHLD, SIG_IGN); + cleanup(0); +} + +const char magic[2] = { 0377, 0377 }; + +/* + * Handle a "control" request (signaled by magic being present) + * in the data stream. For now, we are only willing to handle + * window size changes. + */ +static int +control(int master, char *cp, int n) +{ + struct winsize w; + char *p; + u_int32_t tmp; + + if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's') + return (0); +#ifdef TIOCSWINSZ + p = cp + 4; + p += krb_get_int(p, &tmp, 2, 0); + w.ws_row = tmp; + p += krb_get_int(p, &tmp, 2, 0); + w.ws_col = tmp; + + p += krb_get_int(p, &tmp, 2, 0); +#ifdef HAVE_WS_XPIXEL + w.ws_xpixel = tmp; +#endif + p += krb_get_int(p, &tmp, 2, 0); +#ifdef HAVE_WS_YPIXEL + w.ws_ypixel = tmp; +#endif + ioctl(master, TIOCSWINSZ, &w); +#endif + return p - cp; +} + +static +void +send_oob(int fd, char c) +{ + static char last_oob = 0xFF; + +#if (SunOS == 5) || defined(__hpux) + /* + * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we + * can avoid sending OOB data and thus not break on Linux by merging + * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW. + */ + static int oob_kludge = 2; + if (oob_kludge == 2) + { + oob_kludge--; /* First time send nothing */ + return; + } + else if (oob_kludge == 1) + { + oob_kludge--; /* Second time merge TIOCPKT_WINDOW */ + c |= TIOCPKT_WINDOW; + } +#endif + +#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP)) + c = pkcontrol(c); + /* Multiple OOB data breaks on Linux, avoid it when possible. */ + if (c != last_oob) + send(fd, &c, 1, MSG_OOB); + last_oob = c; +} + +/* + * rlogin "protocol" machine. + */ +static void +protocol(int f, int master) +{ + char pibuf[1024+1], fibuf[1024], *pbp, *fbp; + int pcc = 0, fcc = 0; + int cc, nfd, n; + char cntl; + unsigned char oob_queue = 0; + + /* + * Must ignore SIGTTOU, otherwise we'll stop + * when we try and set slave pty's window shape + * (our controlling tty is the master pty). + */ + signal(SIGTTOU, SIG_IGN); + + send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */ + + if (f > master) + nfd = f + 1; + else + nfd = master + 1; + if (nfd > FD_SETSIZE) { + syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE"); + fatal(f, "internal error (select mask too small)", 0); + } + for (;;) { + fd_set ibits, obits, ebits, *omask; + + FD_ZERO(&ebits); + FD_ZERO(&ibits); + FD_ZERO(&obits); + omask = (fd_set *)NULL; + if (fcc) { + FD_SET(master, &obits); + omask = &obits; + } else + FD_SET(f, &ibits); + if (pcc >= 0) + if (pcc) { + FD_SET(f, &obits); + omask = &obits; + } else + FD_SET(master, &ibits); + FD_SET(master, &ebits); + if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) { + if (errno == EINTR) + continue; + fatal(f, "select", 1); + } + if (n == 0) { + /* shouldn't happen... */ + sleep(5); + continue; + } + if (FD_ISSET(master, &ebits)) { + cc = readstream(master, &cntl, 1); + if (cc == 1 && pkcontrol(cntl)) { +#if 0 /* Kludge around */ + send_oob(f, cntl); +#endif + oob_queue = cntl; + if (cntl & TIOCPKT_FLUSHWRITE) { + pcc = 0; + FD_CLR(master, &ibits); + } + } + } + if (FD_ISSET(f, &ibits)) { +#ifndef NOENCRYPTION + if (doencrypt) + fcc = des_enc_read(f, fibuf, + sizeof(fibuf), + schedule, &kdata->session); + else +#endif + fcc = read(f, fibuf, sizeof(fibuf)); + if (fcc < 0 && errno == EWOULDBLOCK) + fcc = 0; + else { + char *cp; + int left, n; + + if (fcc <= 0) + break; + fbp = fibuf; + + top: + for (cp = fibuf; cp < fibuf+fcc-1; cp++) + if (cp[0] == magic[0] && + cp[1] == magic[1]) { + left = fcc - (cp-fibuf); + n = control(master, cp, left); + if (n) { + left -= n; + if (left > 0) + memmove(cp, cp+n, left); + fcc -= n; + goto top; /* n^2 */ + } + } + FD_SET(master, &obits); /* try write */ + } + } + + if (FD_ISSET(master, &obits) && fcc > 0) { + cc = write(master, fbp, fcc); + if (cc > 0) { + fcc -= cc; + fbp += cc; + } + } + + if (FD_ISSET(master, &ibits)) { + pcc = readstream(master, pibuf, sizeof (pibuf)); + pbp = pibuf; + if (pcc < 0 && errno == EWOULDBLOCK) + pcc = 0; + else if (pcc <= 0) + break; + else if (pibuf[0] == 0) { + pbp++, pcc--; + if (!doencrypt) + FD_SET(f, &obits); /* try write */ + } else { + if (pkcontrol(pibuf[0])) { + oob_queue = pibuf[0]; +#if 0 /* Kludge around */ + send_oob(f, pibuf[0]); +#endif + } + pcc = 0; + } + } + if ((FD_ISSET(f, &obits)) && pcc > 0) { +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session); + else +#endif + cc = write(f, pbp, pcc); + if (cc < 0 && errno == EWOULDBLOCK) { + /* + * This happens when we try write after read + * from p, but some old kernels balk at large + * writes even when select returns true. + */ + if (!FD_ISSET(master, &ibits)) + sleep(5); + continue; + } + if (cc > 0) { + pcc -= cc; + pbp += cc; + /* Only send urg data when normal data + * has just been sent. + * Linux has deep problems with more + * than one byte of OOB data. + */ + if (oob_queue) { + send_oob (f, oob_queue); + oob_queue = 0; + } + } + } + } +} + +static RETSIGTYPE +cleanup(int signo) +{ + char *p = clean_ttyname (line); + + if (logout(p) == 0) + logwtmp(p, "", ""); + chmod(line, 0666); + chown(line, 0, 0); + *p = 'p'; + chmod(line, 0666); + chown(line, 0, 0); + shutdown(netf, 2); + signal(SIGHUP, SIG_IGN); +#ifdef HAVE_VHANGUP + vhangup(); +#endif /* HAVE_VHANGUP */ + exit(1); +} + +void +fatal(int f, const char *msg, int syserr) +{ + int len; + char buf[BUFSIZ], *bp = buf; + + /* + * Prepend binary one to message if we haven't sent + * the magic null as confirmation. + */ + if (!confirmed) + *bp++ = '\01'; /* error indicator */ + if (syserr) + snprintf(bp, sizeof(buf) - (bp - buf), + "rlogind: %s: %s.\r\n", + msg, strerror(errno)); + else + snprintf(bp, sizeof(buf) - (bp - buf), + "rlogind: %s.\r\n", msg); + len = strlen(bp); +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); + else +#endif + write(f, buf, bp + len - buf); + exit(1); +} + +static void +xgetstr(char *buf, int cnt, char *errmsg) +{ + char c; + + do { + if (read(0, &c, 1) != 1) + exit(1); + if (--cnt < 0) + fatal(STDOUT_FILENO, errmsg, 0); + *buf++ = c; + } while (c != 0); +} + +static int +do_rlogin(struct sockaddr_in *dest) +{ + xgetstr(rusername, sizeof(rusername), "remuser too long"); + xgetstr(lusername, sizeof(lusername), "locuser too long"); + xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); + + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return (-1); + if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); + return (-1); + } + return (iruserok(dest->sin_addr.s_addr, + (pwd->pw_uid == 0), + rusername, + lusername)); +} + +static void +setup_term(int fd) +{ + char *cp = strchr(term+ENVSIZE, '/'); + char *speed; + struct termios tt; + + tcgetattr(fd, &tt); + if (cp) { + int s; + + *cp++ = '\0'; + speed = cp; + cp = strchr(speed, '/'); + if (cp) + *cp++ = '\0'; + s = int2speed_t (atoi (speed)); + if (s > 0) { + cfsetospeed (&tt, s); + cfsetispeed (&tt, s); + } + } + + tt.c_iflag &= ~INPCK; + tt.c_iflag |= ICRNL|IXON; + tt.c_oflag |= OPOST|ONLCR; +#ifdef TAB3 + tt.c_oflag |= TAB3; +#endif /* TAB3 */ +#ifdef ONLRET + tt.c_oflag &= ~ONLRET; +#endif /* ONLRET */ + tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON); + tt.c_cflag &= ~PARENB; + tt.c_cflag |= CS8; + tt.c_cc[VMIN] = 1; + tt.c_cc[VTIME] = 0; + tt.c_cc[VEOF] = CEOF; + tcsetattr(fd, TCSAFLUSH, &tt); + + env[0] = term; + env[1] = 0; + environ = env; +} + +#define VERSION_SIZE 9 + +/* + * Do the remote kerberos login to the named host with the + * given inet address + * + * Return 0 on valid authorization + * Return -1 on valid authentication, no authorization + * Return >0 for error conditions + */ +static int +do_krb_login(struct sockaddr_in *dest) +{ + int rc; + char instance[INST_SZ], version[VERSION_SIZE]; + long authopts = 0L; /* !mutual */ + struct sockaddr_in faddr; + + kdata = (AUTH_DAT *) auth_buf; + ticket = (KTEXT) tick_buf; + + k_getsockinst(0, instance, sizeof(instance)); + + if (doencrypt) { + rc = sizeof(faddr); + if (getsockname(0, (struct sockaddr *)&faddr, &rc)) + return (-1); + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, &faddr, + kdata, "", schedule, version); + des_set_key(&kdata->session, schedule); + + } else + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, (struct sockaddr_in *) 0, + kdata, "", 0, version); + + if (rc != KSUCCESS) + return (rc); + + xgetstr(lusername, sizeof(lusername), "locuser"); + /* get the "cmd" in the rcmd protocol */ + xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type"); + + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return (-1); + if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); + return (-1); + } + + /* returns nonzero for no access */ + if (kuserok(kdata, lusername) != 0) + return (-1); + + return (0); + +} + +static void +usage(void) +{ + syslog(LOG_ERR, + "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]"); + exit(1); +} diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c new file mode 100644 index 0000000..329ebf7 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rsh.c @@ -0,0 +1,353 @@ +/*- + * Copyright (c) 1983, 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $"); + +CREDENTIALS cred; +Key_schedule schedule; +int use_kerberos = 1, doencrypt; +char dst_realm_buf[REALM_SZ], *dest_realm; + +/* + * rsh - remote shell + */ +int rfd2; + +static void +usage(void) +{ + fprintf(stderr, + "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n"); + exit(1); +} + +static char * +copyargs(char **argv) +{ + int cc; + char **ap, *p; + char *args; + + cc = 0; + for (ap = argv; *ap; ++ap) + cc += strlen(*ap) + 1; + if (!(args = malloc(cc))) + errx(1, "Out of memory."); + for (p = args, ap = argv; *ap; ++ap) { + strcpy(p, *ap); + for (p = strcpy(p, *ap); *p; ++p); + if (ap[1]) + *p++ = ' '; + } + return(args); +} + +static RETSIGTYPE +sendsig(int signo_) +{ + char signo = signo_; +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(rfd2, &signo, 1, schedule, &cred.session); + else +#endif + write(rfd2, &signo, 1); +} + +static void +talk(int nflag, sigset_t omask, int pid, int rem) +{ + int cc, wc; + char *bp; + fd_set readfrom, ready, rembits; + char buf[BUFSIZ]; + + if (pid == 0) { + if (nflag) + goto done; + + close(rfd2); + + reread: errno = 0; + if ((cc = read(0, buf, sizeof buf)) <= 0) + goto done; + bp = buf; + + rewrite: FD_ZERO(&rembits); + FD_SET(rem, &rembits); + if (select(16, 0, &rembits, 0, 0) < 0) { + if (errno != EINTR) + err(1, "select"); + goto rewrite; + } + if (!FD_ISSET(rem, &rembits)) + goto rewrite; +#ifndef NOENCRYPTION + if (doencrypt) + wc = des_enc_write(rem, bp, cc, schedule, &cred.session); + else +#endif + wc = write(rem, bp, cc); + if (wc < 0) { + if (errno == EWOULDBLOCK) + goto rewrite; + goto done; + } + bp += wc; + cc -= wc; + if (cc == 0) + goto reread; + goto rewrite; + done: + shutdown(rem, 1); + exit(0); + } + + if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) + warn("sigprocmask"); + FD_ZERO(&readfrom); + FD_SET(rem, &readfrom); + FD_SET(rfd2, &readfrom); + do { + ready = readfrom; + if (select(16, &ready, 0, 0, 0) < 0) { + if (errno != EINTR) + err(1, "select"); + continue; + } + if (FD_ISSET(rfd2, &ready)) { + errno = 0; +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_read(rfd2, buf, sizeof buf, + schedule, &cred.session); + else +#endif + cc = read(rfd2, buf, sizeof buf); + if (cc <= 0) { + if (errno != EWOULDBLOCK) + FD_CLR(rfd2, &readfrom); + } else + write(2, buf, cc); + } + if (FD_ISSET(rem, &ready)) { + errno = 0; +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_read(rem, buf, sizeof buf, + schedule, &cred.session); + else +#endif + cc = read(rem, buf, sizeof buf); + if (cc <= 0) { + if (errno != EWOULDBLOCK) + FD_CLR(rem, &readfrom); + } else + write(1, buf, cc); + } + } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom)); +} + +int +main(int argc, char **argv) +{ + struct passwd *pw; + int sv_port; + sigset_t omask; + int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid; + char *args, *host, *user, *local_user; + + argoff = dflag = nflag = nfork = 0; + one = 1; + host = user = NULL; + pid = 1; + + set_progname(argv[0]); + + /* handle "rsh host flags" */ + if (!host && argc > 2 && argv[1][0] != '-') { + host = argv[1]; + argoff = 1; + } + +#define OPTIONS "+8KLde:k:l:nwx" + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) + switch(ch) { + case 'K': + use_kerberos = 0; + break; + case 'L': /* -8Lew are ignored to allow rlogin aliases */ + case 'e': + case 'w': + case '8': + break; + case 'd': + dflag = 1; + break; + case 'l': + user = optarg; + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dest_realm, optarg, REALM_SZ); + break; + case 'n': + nflag = nfork = 1; + break; + case 'x': + doencrypt = 1; + break; + case '?': + default: + usage(); + } + optind += argoff; + + /* if haven't gotten a host yet, do so */ + if (!host && !(host = argv[optind++])) + usage(); + + /* if no further arguments, must have been called as rlogin. */ + if (!argv[optind]) { + *argv = "rlogin"; + setuid(getuid()); + execv(_PATH_RLOGIN, argv); + err(1, "can't exec %s", _PATH_RLOGIN); + } + + argc -= optind; + argv += optind; + +#ifndef __CYGWIN32__ + if (!(pw = k_getpwuid(uid = getuid()))) + errx(1, "unknown user id."); + local_user = pw->pw_name; + if (!user) + user = local_user; +#else + if (!user) + errx(1, "Sorry, you need to specify the username (with -l)"); + local_user = user; +#endif + + /* -n must still fork but does not turn of the -n functionality */ + if (doencrypt) + nfork = 0; + + args = copyargs(argv); + + sv_port=get_shell_port(use_kerberos, doencrypt); + +try_connect: + if (use_kerberos) { + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(host); + + if (doencrypt) + rem = krcmd_mutual(&host, sv_port, user, args, + &rfd2, dest_realm, &cred, schedule); + else + rem = krcmd(&host, sv_port, user, args, &rfd2, + dest_realm); + if (rem < 0) { + if (errno == ECONNREFUSED) + warning("remote host doesn't support Kerberos"); + if (errno == ENOENT) + warning("can't provide Kerberos auth data"); + use_kerberos = 0; + sv_port=get_shell_port(use_kerberos, doencrypt); + goto try_connect; + } + } else { + if (doencrypt) + errx(1, "the -x flag requires Kerberos authentication."); + if (geteuid() != 0) + errx(1, "not installed setuid root, " + "only root may use non kerberized rsh"); + rem = rcmd(&host, sv_port, local_user, user, args, &rfd2); + } + + if (rem < 0) + exit(1); + + if (rfd2 < 0) + errx(1, "can't establish stderr."); +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if (dflag) { + if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); + if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); + } +#endif + + setuid(uid); + { + sigset_t sigmsk; + sigemptyset(&sigmsk); + sigaddset(&sigmsk, SIGINT); + sigaddset(&sigmsk, SIGQUIT); + sigaddset(&sigmsk, SIGTERM); + if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0) + warn("sigprocmask"); + } + if (signal(SIGINT, SIG_IGN) != SIG_IGN) + signal(SIGINT, sendsig); + if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) + signal(SIGQUIT, sendsig); + if (signal(SIGTERM, SIG_IGN) != SIG_IGN) + signal(SIGTERM, sendsig); + + if (!nfork) { + pid = fork(); + if (pid < 0) + err(1, "fork"); + } + + if (!doencrypt) { + ioctl(rfd2, FIONBIO, &one); + ioctl(rem, FIONBIO, &one); + } + + talk(nflag, omask, pid, rem); + + if (!nflag) + kill(pid, SIGKILL); + exit(0); +} diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c new file mode 100644 index 0000000..75ca1df --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rshd.c @@ -0,0 +1,635 @@ +/*- + * Copyright (c) 1988, 1989, 1992, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * remote shell server: + * [port]\0 + * remuser\0 + * locuser\0 + * command\0 + * data + */ + +#include "bsd_locl.h" + +RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $"); + +extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ +extern int __check_rhosts_file; + +static int keepalive = 1; +static int log_success; /* If TRUE, log all successful accesses */ +static int new_pag = 1; /* Put process in new PAG by default */ +static int no_inetd = 0; +static int sent_null; + +static void doit (struct sockaddr_in *); +static void error (const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +static void usage (void); + +#define VERSION_SIZE 9 +#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" +#define OPTIONS "alnkvxLp:Pi" +AUTH_DAT authbuf; +KTEXT_ST tickbuf; +int doencrypt, use_kerberos, vacuous; +Key_schedule schedule; + +int +main(int argc, char *argv[]) +{ + struct linger linger; + int ch, on = 1, fromlen; + struct sockaddr_in from; + int portnum = 0; + + set_progname(argv[0]); + + openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); + + opterr = 0; + while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + switch (ch) { + case 'a': + break; + case 'l': + __check_rhosts_file = 0; + break; + case 'n': + keepalive = 0; + break; + case 'k': + use_kerberos = 1; + break; + + case 'v': + vacuous = 1; + break; + + case 'x': + doencrypt = 1; + break; + case 'L': + log_success = 1; + break; + case 'p': + portnum = htons(atoi(optarg)); + break; + case 'P': + new_pag = 0; + break; + case 'i': + no_inetd = 1; + break; + case '?': + default: + usage(); + break; + } + + argc -= optind; + argv += optind; + + if (use_kerberos && vacuous) { + syslog(LOG_ERR, "only one of -k and -v allowed"); + exit(2); + } + if (doencrypt && !use_kerberos) { + syslog(LOG_ERR, "-k is required for -x"); + exit(2); + } + + if (no_inetd) { + if(portnum == 0) + portnum = get_shell_port (use_kerberos, doencrypt); + mini_inetd (portnum); + } + + fromlen = sizeof (from); + if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + _exit(1); + } +#ifdef HAVE_SETSOCKOPT +#ifdef SO_KEEPALIVE + if (keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); +#endif +#ifdef SO_LINGER + linger.l_onoff = 1; + linger.l_linger = 60; /* XXX */ + if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger, + sizeof (linger)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); +#endif +#endif /* HAVE_SETSOCKOPT */ + doit(&from); + /* NOTREACHED */ + return 0; +} + +char username[20] = "USER="; +char homedir[64] = "HOME="; +char shell[64] = "SHELL="; +char path[100] = "PATH="; +char *envinit[] = +{homedir, shell, path, username, 0}; + +static void +xgetstr(char *buf, int cnt, char *err) +{ + char c; + + do { + if (read(STDIN_FILENO, &c, 1) != 1) + exit(1); + *buf++ = c; + if (--cnt == 0) { + error("%s too long\n", err); + exit(1); + } + } while (c != 0); +} + +static void +doit(struct sockaddr_in *fromp) +{ + struct passwd *pwd; + u_short port; + fd_set ready, readfrom; + int cc, nfd, pv[2], pid, s; + int one = 1; + const char *errorhost = ""; + char *errorstr; + char *cp, sig, buf[BUFSIZ]; + char cmdbuf[NCARGS+1], locuser[16], remuser[16]; + char remotehost[2 * MaxHostNameLen + 1]; + + AUTH_DAT *kdata; + KTEXT ticket; + char instance[INST_SZ], version[VERSION_SIZE]; + struct sockaddr_in fromaddr; + int rc; + long authopts; + int pv1[2], pv2[2]; + fd_set wready, writeto; + + fromaddr = *fromp; + + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGTERM, SIG_DFL); +#ifdef DEBUG + { int t = open(_PATH_TTY, 2); + if (t >= 0) { + ioctl(t, TIOCNOTTY, (char *)0); + close(t); + } + } +#endif + fromp->sin_port = ntohs((u_short)fromp->sin_port); + if (fromp->sin_family != AF_INET) { + syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", + fromp->sin_family); + exit(1); + } + + + if (!use_kerberos) { + ip_options_and_die (0, fromp); + if (fromp->sin_port >= IPPORT_RESERVED || + fromp->sin_port < IPPORT_RESERVED/2) { + syslog(LOG_NOTICE|LOG_AUTH, + "Connection from %s on illegal port %u", + inet_ntoa(fromp->sin_addr), + fromp->sin_port); + exit(1); + } + } + + alarm(60); + port = 0; + for (;;) { + char c; + if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { + if (cc < 0) + syslog(LOG_NOTICE, "read: %m"); + shutdown(0, 1+1); + exit(1); + } + if (c== 0) + break; + port = port * 10 + c - '0'; + } + + alarm(0); + if (port != 0) { + int lport = IPPORT_RESERVED - 1; + s = rresvport(&lport); + if (s < 0) { + syslog(LOG_ERR, "can't get stderr port: %m"); + exit(1); + } + if (!use_kerberos) + if (port >= IPPORT_RESERVED) { + syslog(LOG_ERR, "2nd port not reserved\n"); + exit(1); + } + fromp->sin_port = htons(port); + if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) { + syslog(LOG_INFO, "connect second port %d: %m", port); + exit(1); + } + } + + if (vacuous) { + error("rshd: remote host requires Kerberos authentication\n"); + exit(1); + } + + errorstr = NULL; + inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost)); + + if (use_kerberos) { + kdata = &authbuf; + ticket = &tickbuf; + authopts = 0L; + k_getsockinst(0, instance, sizeof(instance)); + version[VERSION_SIZE - 1] = '\0'; + if (doencrypt) { + struct sockaddr_in local_addr; + rc = sizeof(local_addr); + if (getsockname(0, (struct sockaddr *)&local_addr, + &rc) < 0) { + syslog(LOG_ERR, "getsockname: %m"); + error("rlogind: getsockname: %m"); + exit(1); + } + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth(authopts, 0, ticket, + "rcmd", instance, &fromaddr, + &local_addr, kdata, "", schedule, + version); +#ifndef NOENCRYPTION + des_set_key(&kdata->session, schedule); +#else + memset(schedule, 0, sizeof(schedule)); +#endif + } else + rc = krb_recvauth(authopts, 0, ticket, "rcmd", + instance, &fromaddr, + (struct sockaddr_in *) 0, + kdata, "", 0, version); + if (rc != KSUCCESS) { + error("Kerberos authentication failure: %s\n", + krb_get_err_text(rc)); + exit(1); + } + } else + xgetstr(remuser, sizeof(remuser), "remuser"); + + xgetstr(locuser, sizeof(locuser), "locuser"); + xgetstr(cmdbuf, sizeof(cmdbuf), "command"); + setpwent(); + pwd = k_getpwnam(locuser); + if (pwd == NULL) { + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: unknown login. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + if (errorstr == NULL) + errorstr = "Login incorrect.\n"; + goto fail; + } + if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser); + if (errorstr == NULL) + errorstr = "Login incorrect.\n"; + goto fail; + } + if (chdir(pwd->pw_dir) < 0) { + chdir("/"); +#ifdef notdef + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: no home directory. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + error("No remote directory.\n"); + exit(1); +#endif + } + + if (use_kerberos) { + if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { + if (kuserok(kdata, locuser) != 0) { + syslog(LOG_INFO|LOG_AUTH, + "Kerberos rsh denied to %s", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm)); + error("Permission denied.\n"); + exit(1); + } + } + } else + + if (errorstr || + pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && + iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, + remuser, locuser) < 0) { + if (__rcmd_errstr) + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: permission denied (%s). cmd='%.80s'", + remuser, remotehost, locuser, + __rcmd_errstr, cmdbuf); + else + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: permission denied. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + fail: + if (errorstr == NULL) + errorstr = "Permission denied.\n"; + error(errorstr, errorhost); + exit(1); + } + + if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { + error("Logins currently disabled.\n"); + exit(1); + } + + write(STDERR_FILENO, "\0", 1); + sent_null = 1; + + if (port) { + if (pipe(pv) < 0) { + error("Can't make pipe.\n"); + exit(1); + } + if (doencrypt) { + if (pipe(pv1) < 0) { + error("Can't make 2nd pipe.\n"); + exit(1); + } + if (pipe(pv2) < 0) { + error("Can't make 3rd pipe.\n"); + exit(1); + } + } + pid = fork(); + if (pid == -1) { + error("Can't fork; try again.\n"); + exit(1); + } + if (pid) { + if (doencrypt) { + static char msg[] = SECURE_MESSAGE; + close(pv1[1]); + close(pv2[0]); +#ifndef NOENCRYPTION + des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); +#else + write(s, msg, sizeof(msg) - 1); +#endif + } else { + close(0); + close(1); + } + close(2); + close(pv[1]); + + FD_ZERO(&readfrom); + FD_SET(s, &readfrom); + FD_SET(pv[0], &readfrom); + if (pv[0] > s) + nfd = pv[0]; + else + nfd = s; + if (doencrypt) { + FD_ZERO(&writeto); + FD_SET(pv2[1], &writeto); + FD_SET(pv1[0], &readfrom); + FD_SET(STDIN_FILENO, &readfrom); + + nfd = max(nfd, pv2[1]); + nfd = max(nfd, pv1[0]); + } else + ioctl(pv[0], FIONBIO, (char *)&one); + + /* should set s nbio! */ + nfd++; + do { + ready = readfrom; + if (doencrypt) { + wready = writeto; + if (select(nfd, &ready, + &wready, 0, + (struct timeval *) 0) < 0) + break; + } else + if (select(nfd, &ready, 0, + 0, (struct timeval *)0) < 0) + break; + if (FD_ISSET(s, &ready)) { + int ret; + if (doencrypt) +#ifndef NOENCRYPTION + ret = des_enc_read(s, &sig, 1, schedule, &kdata->session); +#else + ret = read(s, &sig, 1); +#endif + else + ret = read(s, &sig, 1); + if (ret <= 0) + FD_CLR(s, &readfrom); + else + kill(-pid, sig); + } + if (FD_ISSET(pv[0], &ready)) { + errno = 0; + cc = read(pv[0], buf, sizeof(buf)); + if (cc <= 0) { + shutdown(s, 1+1); + FD_CLR(pv[0], &readfrom); + } else { + if (doencrypt) +#ifndef NOENCRYPTION + des_enc_write(s, buf, cc, schedule, &kdata->session); +#else + write(s, buf, cc); +#endif + else + (void) + write(s, buf, cc); + } + } + if (doencrypt && FD_ISSET(pv1[0], &ready)) { + errno = 0; + cc = read(pv1[0], buf, sizeof(buf)); + if (cc <= 0) { + shutdown(pv1[0], 1+1); + FD_CLR(pv1[0], &readfrom); + } else +#ifndef NOENCRYPTION + des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); +#else + write(STDOUT_FILENO, buf, cc); +#endif + } + + if (doencrypt + && FD_ISSET(STDIN_FILENO, &ready) + && FD_ISSET(pv2[1], &wready)) { + errno = 0; +#ifndef NOENCRYPTION + cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); +#else + cc = read(STDIN_FILENO, buf, sizeof(buf)); +#endif + if (cc <= 0) { + shutdown(STDIN_FILENO, 0); + FD_CLR(STDIN_FILENO, &readfrom); + close(pv2[1]); + FD_CLR(pv2[1], &writeto); + } else + write(pv2[1], buf, cc); + } + + } while (FD_ISSET(s, &readfrom) || + (doencrypt && FD_ISSET(pv1[0], &readfrom)) || + FD_ISSET(pv[0], &readfrom)); + exit(0); + } + setsid(); + close(s); + close(pv[0]); + if (doencrypt) { + close(pv1[0]); + close(pv2[1]); + dup2(pv1[1], 1); + dup2(pv2[0], 0); + close(pv1[1]); + close(pv2[0]); + } + dup2(pv[1], 2); + close(pv[1]); + } + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; +#ifdef HAVE_SETLOGIN + if (setlogin(pwd->pw_name) < 0) + syslog(LOG_ERR, "setlogin() failed: %m"); +#endif + +#ifdef HAVE_SETPCRED + if (setpcred (pwd->pw_name, NULL) == -1) + syslog(LOG_ERR, "setpcred() failure: %m"); +#endif /* HAVE_SETPCRED */ + setgid((gid_t)pwd->pw_gid); + initgroups(pwd->pw_name, pwd->pw_gid); + setuid((uid_t)pwd->pw_uid); + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); + + /* Need to extend path to find rcp */ + strncat(path, BINDIR, sizeof(path)-1); + strncat(path, ":", sizeof(path)-1); + strncat(path, _PATH_DEFPATH, sizeof(path)-1); + path[sizeof(path)-1] = '\0'; + + strncat(shell, pwd->pw_shell, sizeof(shell)-7); + strncat(username, pwd->pw_name, sizeof(username)-6); + cp = strrchr(pwd->pw_shell, '/'); + if (cp) + cp++; + else + cp = pwd->pw_shell; + endpwent(); + if (log_success || pwd->pw_uid == 0) { + if (use_kerberos) + syslog(LOG_INFO|LOG_AUTH, + "Kerberos shell from %s on %s as %s, cmd='%.80s'", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + remotehost, locuser, cmdbuf); + else + syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + } + if (k_hasafs()) { + if (new_pag) + k_setpag(); /* Put users process in an new pag */ + k_afsklog(0, 0); + } + execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit); + err(1, pwd->pw_shell); +} + +/* + * Report error to client. Note: can't be used until second socket has + * connected to client, or older clients will hang waiting for that + * connection first. + */ + +static void +error(const char *fmt, ...) +{ + va_list ap; + int len; + char *bp, buf[BUFSIZ]; + + va_start(ap, fmt); + bp = buf; + if (sent_null == 0) { + *bp++ = 1; + len = 1; + } else + len = 0; + len = vsnprintf (bp, sizeof(buf) - len, fmt, ap); + write (STDERR_FILENO, buf, len); + va_end(ap); +} + +static void +usage() +{ + + syslog(LOG_ERR, + "usage: rshd [-alnkvxLPi] [-p port]"); + exit(2); +} diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c new file mode 100644 index 0000000..b7112c1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/stty_default.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $"); + +#include + +/* HP-UX 9.0 termios doesn't define these */ +#ifndef FLUSHO +#define FLUSHO 0 +#endif + +#ifndef XTABS +#define XTABS 0 +#endif + +#ifndef OXTABS +#define OXTABS XTABS +#endif + +/* Ultrix... */ +#ifndef ECHOPRT +#define ECHOPRT 0 +#endif + +#ifndef ECHOCTL +#define ECHOCTL 0 +#endif + +#ifndef ECHOKE +#define ECHOKE 0 +#endif + +#ifndef IMAXBEL +#define IMAXBEL 0 +#endif + +#define Ctl(x) ((x) ^ 0100) + +void +stty_default(void) +{ + struct termios termios; + + /* + * Finalize the terminal settings. Some systems default to 8 bits, + * others to 7, so we should leave that alone. + */ + tcgetattr(0, &termios); + + termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL); + termios.c_iflag &= ~IXANY; + + termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE); + termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO); + + termios.c_oflag |= (OPOST|ONLCR); + termios.c_oflag &= ~OXTABS; + + termios.c_cc[VINTR] = Ctl('C'); + termios.c_cc[VERASE] = Ctl('H'); + termios.c_cc[VKILL] = Ctl('U'); + termios.c_cc[VEOF] = Ctl('D'); + + termios.c_cc[VSUSP] = Ctl('Z'); + + tcsetattr(0, TCSANOW, &termios); +} diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c new file mode 100644 index 0000000..8c610e1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/su.c @@ -0,0 +1,452 @@ +/* + * Copyright (c) 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $"); + +#ifdef SYSV_SHADOW +#include "sysv_shadow.h" +#endif + +static int kerberos (char *username, char *user, int uid); +static int chshell (char *sh); +static char *ontty (void); +static int koktologin (char *name, char *realm, char *toname); +static int chshell (char *sh); + +/* Handle '-' option after all the getopt options */ +#define ARGSTR "Kflmi:" + +static int use_kerberos = 1; +static char *root_inst = "root"; + +int +main (int argc, char **argv) +{ + struct passwd *pwd; + char *p, **g; + struct group *gr; + uid_t ruid; + int asme, ch, asthem, fastlogin, prio; + enum { UNSET, YES, NO } iscsh = UNSET; + char *user, *shell, *avshell, *username, **np; + char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; + + set_progname (argv[0]); + + asme = asthem = fastlogin = 0; + while ((ch = getopt (argc, argv, ARGSTR)) != EOF) + switch ((char) ch) { + case 'K': + use_kerberos = 0; + break; + case 'f': + fastlogin = 1; + break; + case 'l': + asme = 0; + asthem = 1; + break; + case 'm': + asme = 1; + asthem = 0; + break; + case 'i': + root_inst = optarg; + break; + case '?': + default: + fprintf (stderr, + "usage: su [-Kflm] [-i root-instance] [-] [login]\n"); + exit (1); + } + /* Don't handle '-' option with getopt */ + if (optind < argc && strcmp (argv[optind], "-") == 0) { + asme = 0; + asthem = 1; + optind++; + } + argv += optind; + + if (use_kerberos) { + int fd = open (KEYFILE, O_RDONLY); + + if (fd >= 0) + close (fd); + else + use_kerberos = 0; + } + errno = 0; + prio = getpriority (PRIO_PROCESS, 0); + if (errno) + prio = 0; + setpriority (PRIO_PROCESS, 0, -2); + openlog ("su", LOG_CONS, 0); + + /* get current login name and shell */ + ruid = getuid (); + username = getlogin (); + if (username == NULL || (pwd = k_getpwnam (username)) == NULL || + pwd->pw_uid != ruid) + pwd = k_getpwuid (ruid); + if (pwd == NULL) + errx (1, "who are you?"); + username = strdup (pwd->pw_name); + if (asme) + if (pwd->pw_shell && *pwd->pw_shell) + shell = strcpy (shellbuf, pwd->pw_shell); + else { + shell = _PATH_BSHELL; + iscsh = NO; + } + + /* get target login information, default to root */ + user = *argv ? *argv : "root"; + np = *argv ? argv : argv - 1; + + pwd = k_getpwnam (user); + if (pwd == NULL) + errx (1, "unknown login %s", user); + if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) { + syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); + errx (1, "unknown login %s", user); + } + if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) { +#ifndef PASSWD_FALLBACK + errx (1, "won't use /etc/passwd authentication"); +#endif + /* getpwnam() is not reentrant and kerberos might use it! */ + pwd = k_getpwnam (user); + if (pwd == NULL) + errx (1, "unknown login %s", user); + /* only allow those in group zero to su to root. */ + if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0))) + for (g = gr->gr_mem;; ++g) { + if (!*g) { +#if 1 + /* if group 0 is empty or only + contains root su is still ok. */ + if (gr->gr_mem[0] == 0) + break; /* group 0 is empty */ + if (gr->gr_mem[1] == 0 && + strcmp (gr->gr_mem[0], "root") == 0) + break; /* only root in group 0 */ +#endif + errx (1, "you are not in the correct group to su %s.", + user); + } + if (!strcmp (username, *g)) + break; + } + /* if target requires a password, verify it */ + if (ruid && *pwd->pw_passwd) { + char prompt[128]; + char passwd[256]; + + snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name); + if (des_read_pw_string (passwd, sizeof (passwd), + prompt, 0)) { + memset (passwd, 0, sizeof (passwd)); + exit (1); + } + if (strcmp (pwd->pw_passwd, + crypt (passwd, pwd->pw_passwd))) { + memset (passwd, 0, sizeof (passwd)); + syslog (LOG_AUTH | LOG_WARNING, + "BAD SU %s to %s%s", username, + user, ontty ()); + errx (1, "Sorry"); + } + memset (passwd, 0, sizeof (passwd)); + } + } + if (asme) { + /* if asme and non-standard target shell, must be root */ + if (!chshell (pwd->pw_shell) && ruid) + errx (1, "permission denied (shell '%s' not in /etc/shells).", + pwd->pw_shell); + } else if (pwd->pw_shell && *pwd->pw_shell) { + shell = pwd->pw_shell; + iscsh = UNSET; + } else { + shell = _PATH_BSHELL; + iscsh = NO; + } + + if ((p = strrchr (shell, '/')) != 0) + avshell = p + 1; + else + avshell = shell; + + /* if we're forking a csh, we want to slightly muck the args */ + if (iscsh == UNSET) + iscsh = strcmp (avshell, "csh") ? NO : YES; + + /* set permissions */ + + if (setgid (pwd->pw_gid) < 0) + err (1, "setgid"); + if (initgroups (user, pwd->pw_gid)) + errx (1, "initgroups failed."); + + if (setuid (pwd->pw_uid) < 0) + err (1, "setuid"); + + if (!asme) { + if (asthem) { + char *k = getenv ("KRBTKFILE"); + char *t = getenv ("TERM"); + + environ = malloc (10 * sizeof (char *)); + environ[0] = NULL; + setenv ("PATH", _PATH_DEFPATH, 1); + if (t) + setenv ("TERM", t, 1); + if (k) + setenv ("KRBTKFILE", k, 1); + if (chdir (pwd->pw_dir) < 0) + errx (1, "no directory"); + } + if (asthem || pwd->pw_uid) + setenv ("USER", pwd->pw_name, 1); + setenv ("HOME", pwd->pw_dir, 1); + setenv ("SHELL", shell, 1); + } + if (iscsh == YES) { + if (fastlogin) + *np-- = "-f"; + if (asme) + *np-- = "-m"; + } + if (asthem) { + avshellbuf[0] = '-'; + strcpy (avshellbuf + 1, avshell); + avshell = avshellbuf; + } else if (iscsh == YES) { + /* csh strips the first character... */ + avshellbuf[0] = '_'; + strcpy (avshellbuf + 1, avshell); + avshell = avshellbuf; + } + *np = avshell; + + if (ruid != 0) + syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s", + username, user, ontty ()); + + setpriority (PRIO_PROCESS, 0, prio); + + if (k_hasafs ()) { + int code; + + if (k_setpag () != 0) + warn ("setpag"); + code = k_afsklog (0, 0); + if (code != KSUCCESS && code != KDC_PR_UNKNOWN) + warnx ("afsklog: %s", krb_get_err_text (code)); + } + execv (shell, np); + warn ("execv(%s)", shell); + if (getuid () == 0) { + execv (_PATH_BSHELL, np); + warn ("execv(%s)", _PATH_BSHELL); + } + exit (1); +} + +static int +chshell (char *sh) +{ + char *cp; + + while ((cp = getusershell ()) != NULL) + if (!strcmp (cp, sh)) + return (1); + return (0); +} + +static char * +ontty (void) +{ + char *p; + static char buf[MaxPathLen + 4]; + + buf[0] = 0; + if ((p = ttyname (STDERR_FILENO)) != 0) + snprintf (buf, sizeof(buf), " on %s", p); + return (buf); +} + +static int +kerberos (char *username, char *user, int uid) +{ + KTEXT_ST ticket; + AUTH_DAT authdata; + struct hostent *hp; + int kerno; + u_long faddr; + char lrealm[REALM_SZ], krbtkfile[MaxPathLen]; + char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; + + if (krb_get_lrealm (lrealm, 1) != KSUCCESS) + return (1); + if (koktologin (username, lrealm, user) && !uid) { +#ifndef PASSWD_FALLBACK + warnx ("not in %s's ACL.", user); +#endif + return (1); + } + snprintf (krbtkfile, sizeof(krbtkfile), + "%s_%s_to_%s_%u", TKT_ROOT, username, user, + (unsigned) getpid ()); + + setenv ("KRBTKFILE", krbtkfile, 1); + krb_set_tkt_string (krbtkfile); + /* + * Little trick here -- if we are su'ing to root, we need to get a ticket + * for "xxx.root", where xxx represents the name of the person su'ing. + * Otherwise (non-root case), we need to get a ticket for "yyy.", where + * yyy represents the name of the person being su'd to, and the instance + * is null + * + * We should have a way to set the ticket lifetime, with a system default + * for root. + */ + { + char prompt[128]; + char passw[256]; + + snprintf (prompt, sizeof(prompt), + "%s's Password: ", + krb_unparse_name_long ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), + lrealm)); + if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) { + memset (passw, 0, sizeof (passw)); + return (1); + } + if (strlen(passw) == 0) + return (1); /* Empty passwords is not allowed */ + kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), lrealm, + KRB_TICKET_GRANTING_TICKET, + lrealm, + DEFAULT_TKT_LIFE, + passw); + memset (passw, 0, strlen (passw)); + } + + if (kerno != KSUCCESS) { + if (kerno == KDC_PR_UNKNOWN) { + warnx ("principal unknown: %s", + krb_unparse_name_long ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), + lrealm)); + return (1); + } + warnx ("unable to su: %s", krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, + "BAD SU: %s to %s%s: %s", + username, user, ontty (), krb_get_err_text (kerno)); + return (1); + } + if (chown (krbtkfile, uid, -1) < 0) { + warn ("chown"); + unlink (krbtkfile); + return (1); + } + setpriority (PRIO_PROCESS, 0, -2); + + if (k_gethostname (hostname, sizeof (hostname)) == -1) { + warn ("gethostname"); + dest_tkt (); + return (1); + } + strncpy (savehost, krb_get_phost (hostname), sizeof (savehost)); + savehost[sizeof (savehost) - 1] = '\0'; + + kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33); + + if (kerno == KDC_PR_UNKNOWN) { + warnx ("Warning: TGT not verified."); + syslog (LOG_NOTICE | LOG_AUTH, + "%s to %s%s, TGT not verified (%s); " + "%s.%s not registered?", + username, user, ontty (), krb_get_err_text (kerno), + "rcmd", savehost); +#ifdef KLOGIN_PARANOID + /* + * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, * + * don't allow kerberos login, also log the error condition. + */ + warnx ("Trying local password!"); + return (1); +#endif + } else if (kerno != KSUCCESS) { + warnx ("Unable to use TGT: %s", krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s", + username, user, ontty (), krb_get_err_text (kerno)); + dest_tkt (); + return (1); + } else { + if (!(hp = gethostbyname (hostname))) { + warnx ("can't get addr of %s", hostname); + dest_tkt (); + return (1); + } + memcpy (&faddr, hp->h_addr, sizeof (faddr)); + + if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr, + &authdata, "")) != KSUCCESS) { + warnx ("unable to verify rcmd ticket: %s", + krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, + "failed su: %s to %s%s: %s", username, + user, ontty (), krb_get_err_text (kerno)); + dest_tkt (); + return (1); + } + } + fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n"); + return (0); +} + +static int +koktologin (char *name, char *realm, char *toname) +{ + return krb_kuserok (name, + strcmp (toname, "root") == 0 ? root_inst : "", + realm, + toname); +} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c new file mode 100644 index 0000000..cb36b84 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_default.c @@ -0,0 +1,95 @@ +/* Author: Wietse Venema */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $"); + +#include "sysv_default.h" + + /* + * Default values for stuff that can be read from the defaults file. The + * SunOS 5.1 documentation is incomplete and often disagrees with reality. + */ + +static char default_umask_value[] = "022"; + +char *default_console = 0; +char *default_altsh = "YES"; +char *default_passreq = "NO"; +char *default_timezone= 0; +char *default_hz = 0; +char *default_path = _PATH_DEFPATH; +char *default_supath = _PATH_DEFSUPATH; +char *default_ulimit = 0; +char *default_timeout = "60"; +char *default_umask = default_umask_value; +char *default_sleep = "4"; +char *default_maxtrys = "5"; + +static struct sysv_default { + char **valptr; + char *prefix; + int prefix_len; +} defaults[] = { + {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1}, + {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1}, + {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1}, + {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1}, + {&default_hz, "HZ=", sizeof("HZ=") -1}, + {&default_path, "PATH=", sizeof("PATH=") -1}, + {&default_supath, "SUPATH=", sizeof("SUPATH=") -1}, + {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1}, + {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1}, + {&default_umask, "UMASK=", sizeof("UMASK=") -1}, + {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1}, + {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1}, + {0}, +}; + +#define trim(s) { \ + char *cp = s + strlen(s); \ + while (cp > s && isspace(cp[-1])) \ + cp--; \ + *cp = 0; \ +} + +/* sysv_defaults - read login defaults file */ + +void +sysv_defaults() +{ + struct sysv_default *dp; + FILE *fp; + char buf[BUFSIZ]; + + if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) { + + /* Stupid quadratic algorithm. */ + + while (fgets(buf, sizeof(buf), fp)) { + + /* Skip comments and blank lines. */ + + if (buf[0] == '#') + continue; + trim(buf); + if (buf[0] == 0) + continue; + + /* Assign defaults from file. */ + +#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) + + for (dp = defaults; dp->valptr; dp++) { + if (STREQN(buf, dp->prefix, dp->prefix_len)) { + if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) { + warnx("Insufficient memory resources - try later."); + sleepexit(1); + } + break; + } + } + } + fclose(fp); + } +} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h new file mode 100644 index 0000000..0056059 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_default.h @@ -0,0 +1,18 @@ +/* Author: Wietse Venema */ + +/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */ + +extern char *default_console; +extern char *default_altsh; +extern char *default_passreq; +extern char *default_timezone; +extern char *default_hz; +extern char *default_path; +extern char *default_supath; +extern char *default_ulimit; +extern char *default_timeout; +extern char *default_umask; +extern char *default_sleep; +extern char *default_maxtrys; + +void sysv_defaults(void); diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c new file mode 100644 index 0000000..f5e782d --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c @@ -0,0 +1,192 @@ +/* Author: Wietse Venema */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $"); + +#ifdef HAVE_ULIMIT_H +#include +#endif + +#ifndef UL_SETFSIZE +#define UL_SETFSIZE 2 +#endif + +#include "sysv_default.h" + +/* + * Set + */ + +static void +read_etc_environment (void) +{ + FILE *f; + char buf[BUFSIZ]; + + f = fopen(_PATH_ETC_ENVIRONMENT, "r"); + if (f) { + char *val; + + while (fgets (buf, sizeof(buf), f) != NULL) { + if (buf[0] == '\n' || buf[0] == '#') + continue; + buf[strlen(buf) - 1] = '\0'; + val = strchr (buf, '='); + if (val == NULL) + continue; + *val = '\0'; + setenv(buf, val + 1, 1); + } + fclose (f); + } +} + + /* + * Environment variables that are preserved (but may still be overruled by + * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are + * typically inherited from the ttymon process. + */ + +static struct preserved { + char *name; + char *value; +} preserved[] = { + {"TZ", 0}, + {"TERM", 0}, + {0}, +}; + + /* + * Environment variables that are not preserved and that cannot be specified + * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff, + * the list applies to most SYSV systems. The manpage mentions only that + * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always + * overwritten; they are in the list to make the censoring explicit. + */ + +static struct censored { + char *prefix; + int length; +} censored[] = { + {"SHELL=", sizeof("SHELL=") - 1}, + {"HOME=", sizeof("HOME=") - 1}, + {"LOGNAME=", sizeof("LOGNAME=") - 1}, + {"MAIL=", sizeof("MAIL=") - 1}, + {"CDPATH=", sizeof("CDPATH=") - 1}, + {"IFS=", sizeof("IFS=") - 1}, + {"PATH=", sizeof("PATH=") - 1}, + {"LD_", sizeof("LD_") - 1}, + {0}, +}; + +/* sysv_newenv - set up final environment after logging in */ + +void sysv_newenv(int argc, char **argv, struct passwd *pwd, + char *term, int pflag) +{ + unsigned umask_val; + long limit_val; + char buf[BUFSIZ]; + int count = 0; + struct censored *cp; + struct preserved *pp; + + /* Preserve a selection of the environment. */ + + for (pp = preserved; pp->name; pp++) + pp->value = getenv(pp->name); + + /* + * Note: it is a bad idea to assign a static array to the global environ + * variable. Reason is that putenv() can run into problems when it tries + * to realloc() the environment table. Instead, we just clear environ[0] + * and let putenv() work things out. + */ + + if (!pflag && environ) + environ[0] = 0; + + /* Restore preserved environment variables. */ + + for (pp = preserved; pp->name; pp++) + if (pp->value) + setenv(pp->name, pp->value, 1); + + /* The TERM definition from e.g. rlogind can override an existing one. */ + + if (term[0]) + setenv("TERM", term, 1); + + /* + * Environment definitions from the command line overrule existing ones, + * but can be overruled by definitions from stdin. Some variables are + * censored. + * + * Omission: we do not support environment definitions from stdin. + */ + +#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) + + while (argc && *argv) { + if (strchr(*argv, '=') == 0) { + snprintf(buf, sizeof(buf), "L%d", count++); + setenv(buf, *argv, 1); + } else { + for (cp = censored; cp->prefix; cp++) + if (STREQN(*argv, cp->prefix, cp->length)) + break; + if (cp->prefix == 0) + putenv(*argv); + } + argc--, argv++; + } + + /* PATH is always reset. */ + + setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); + + /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ + + setenv("HOME", pwd->pw_dir, 1); + { + char *sep = "/"; + if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') + sep = ""; + k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); + } + setenv("MAIL", buf, 1); + setenv("LOGNAME", pwd->pw_name, 1); + setenv("USER", pwd->pw_name, 1); + + /* + * Variables that may be set according to specifications in the defaults + * file. HZ and TZ are set only if they are still uninitialized. + * + * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is + * /bin/sh. + */ + + if (strcasecmp(default_altsh, "YES") == 0) + setenv("SHELL", pwd->pw_shell, 1); + if (default_hz) + setenv("HZ", default_hz, 0); + if (default_timezone) + setenv("TZ", default_timezone, 0); + + /* Non-environment stuff. */ + + if (default_umask) { + if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val) + umask(umask_val); + } +#ifdef HAVE_ULIMIT + if (default_ulimit) { + if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val) + if (ulimit(UL_SETFSIZE, limit_val) < 0) + warn ("ulimit(UL_SETFSIZE, %ld)", limit_val); + } +#endif + read_etc_environment(); +} + diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c new file mode 100644 index 0000000..6839441 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c @@ -0,0 +1,45 @@ +/* Author: Wietse Venema */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $"); + +#ifdef SYSV_SHADOW + +#include + +/* sysv_expire - check account and password expiration times */ + +int +sysv_expire(struct spwd *spwd) +{ + long today; + + tzset(); + today = time(0); + + if (spwd->sp_expire > 0) { + if (today > spwd->sp_expire) { + printf("Your account has expired.\n"); + sleepexit(1); + } else if (spwd->sp_expire - today < 14) { + printf("Your account will expire in %d days.\n", + (int)(spwd->sp_expire - today)); + return (0); + } + } + if (spwd->sp_max > 0) { + if (today > (spwd->sp_lstchg + spwd->sp_max)) { + printf("Your password has expired. Choose a new one.\n"); + return (1); + } else if (spwd->sp_warn > 0 + && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) { + printf("Your password will expire in %d days.\n", + (int)(spwd->sp_lstchg + spwd->sp_max - today)); + return (0); + } + } + return (0); +} + +#endif /* SYSV_SHADOW */ diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h new file mode 100644 index 0000000..4f07b49 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h @@ -0,0 +1,5 @@ +/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */ + +#include + +extern sysv_expire(struct spwd *); diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c new file mode 100644 index 0000000..3192426 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/tty.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $"); + +/* + * Clean the tty name. Return a pointer to the cleaned version. + */ + +char * +clean_ttyname (char *tty) +{ + char *res = tty; + + if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) + res += strlen(_PATH_DEV); + if (strncmp (res, "pty/", 4) == 0) + res += 4; + if (strncmp (res, "ptym/", 5) == 0) + res += 5; + return res; +} + +/* + * Generate a name usable as an `ut_id', typically without `tty'. + */ + +char * +make_id (char *tty) +{ + char *res = tty; + + if (strncmp (res, "pts/", 4) == 0) + res += 4; + if (strncmp (res, "tty", 3) == 0) + res += 3; + return res; +} diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c new file mode 100644 index 0000000..da3f96a --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/utmp_login.c @@ -0,0 +1,121 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $"); + +void +prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname) +{ + char *ttyx = clean_ttyname (tty); + + memset(utmp, 0, sizeof(*utmp)); + utmp->ut_time = time(NULL); + strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line)); + strncpy(utmp->ut_name, username, sizeof(utmp->ut_name)); + +# ifdef HAVE_UT_USER + strncpy(utmp->ut_user, username, sizeof(utmp->ut_user)); +# endif + +# ifdef HAVE_UT_ADDR + if (hostname[0]) { + struct hostent *he; + if ((he = gethostbyname(hostname))) + memcpy(&utmp->ut_addr, he->h_addr_list[0], + sizeof(utmp->ut_addr)); + } +# endif + +# ifdef HAVE_UT_HOST + strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host)); +# endif + +# ifdef HAVE_UT_TYPE + utmp->ut_type = USER_PROCESS; +# endif + +# ifdef HAVE_UT_PID + utmp->ut_pid = getpid(); +# endif + +# ifdef HAVE_UT_ID + strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); +# endif +} + +#ifdef HAVE_UTMPX_H +void utmp_login(char *tty, char *username, char *hostname) { return; } +#else + +/* update utmp and wtmp - the BSD way */ + +void utmp_login(char *tty, char *username, char *hostname) +{ + struct utmp utmp; + int fd; + + prepare_utmp (&utmp, tty, username, hostname); + +#ifdef HAVE_SETUTENT + utmpname(_PATH_UTMP); + setutent(); + pututline(&utmp); + endutent(); +#else + +#ifdef HAVE_TTYSLOT + { + int ttyno; + ttyno = ttyslot(); + if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) { + lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET); + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } + } +#endif /* HAVE_TTYSLOT */ +#endif /* HAVE_SETUTENT */ + + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } +} +#endif /* !HAVE_UTMPX_H */ diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c new file mode 100644 index 0000000..005eca5 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c @@ -0,0 +1,88 @@ +/* Author: Wietse Venema */ + +#include "bsd_locl.h" + +RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $"); + +/* utmpx_login - update utmp and wtmp after login */ + +#ifndef HAVE_UTMPX_H +int utmpx_login(char *line, char *user, char *host) { return 0; } +#else + +static void +utmpx_update(struct utmpx *ut, char *line, char *user, char *host) +{ + struct timeval tmp; + char *clean_tty = clean_ttyname(line); + + strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line)); +#ifdef HAVE_UT_ID + strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); +#endif + strncpy(ut->ut_user, user, sizeof(ut->ut_user)); + strncpy(ut->ut_host, host, sizeof(ut->ut_host)); +#ifdef HAVE_UT_SYSLEN + ut->ut_syslen = strlen(host) + 1; + if (ut->ut_syslen > sizeof(ut->ut_host)) + ut->ut_syslen = sizeof(ut->ut_host); +#endif + ut->ut_type = USER_PROCESS; + gettimeofday (&tmp, 0); + ut->ut_tv.tv_sec = tmp.tv_sec; + ut->ut_tv.tv_usec = tmp.tv_usec; + pututxline(ut); +#ifdef WTMPX_FILE + updwtmpx(WTMPX_FILE, ut); +#elif defined(WTMP_FILE) + { + struct utmp utmp; + int fd; + + prepare_utmp (&utmp, line, user, host); + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } + } +#endif +} + +int +utmpx_login(char *line, char *user, char *host) +{ + struct utmpx *ut; + pid_t mypid = getpid(); + int ret = (-1); + + /* + * SYSV4 ttymon and login use tty port names with the "/dev/" prefix + * stripped off. Rlogind and telnetd, on the other hand, make utmpx + * entries with device names like /dev/pts/nnn. We therefore cannot use + * getutxline(). Return nonzero if no utmp entry was found with our own + * process ID for a login or user process. + */ + + while ((ut = getutxent())) { + /* Try to find a reusable entry */ + if (ut->ut_pid == mypid + && ( ut->ut_type == INIT_PROCESS + || ut->ut_type == LOGIN_PROCESS + || ut->ut_type == USER_PROCESS)) { + utmpx_update(ut, line, user, host); + ret = 0; + break; + } + } + if (ret == -1) { + /* Grow utmpx file by one record. */ + struct utmpx newut; + memset(&newut, 0, sizeof(newut)); + newut.ut_pid = mypid; + utmpx_update(&newut, line, user, host); + ret = 0; + } + endutxent(); + return (ret); +} +#endif /* HAVE_UTMPX_H */ diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in new file mode 100644 index 0000000..6d0c420 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/Makefile.in @@ -0,0 +1,41 @@ +# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +CC = @CC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ + +prefix = @prefix@ + +SUBDIRS=common ftp ftpd + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +install: all + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean cleandir: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +distclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile *~ diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in new file mode 100644 index 0000000..9ce1aa5 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in @@ -0,0 +1,52 @@ +# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ + +prefix = @prefix@ + +SOURCES = base64.c glob.c sockbuf.c buffer.c +OBJECTS = $(libcommon_OBJS) + +libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o + +LIBNAME = $(LIBPREFIX)common +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +LIB = $(LIBNAME).$(LIBEXT) + +all: $(LIB) + +.c.o: + $(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $< + +$(LIB): $(libcommon_OBJS) + rm -f $@ + ar cr $@ $(libcommon_OBJS) + -$(RANLIB) $@ + +install: + +uninstall: + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o libcommon.a core \#* + +distclean: + rm -f Makefile + +$(OBJECTS): ../../../include/config.h diff --git a/crypto/kerberosIV/appl/ftp/common/base64.c b/crypto/kerberosIV/appl/ftp/common/base64.c new file mode 100644 index 0000000..648f32d --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/base64.c @@ -0,0 +1,149 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $"); +#endif +#include +#include +#include "base64.h" + +static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int pos(char c) +{ + char *p; + for(p = base64; *p; p++) + if(*p == c) + return p - base64; + return -1; +} + +int base64_encode(const void *data, int size, char **str) +{ + char *s, *p; + int i; + int c; + unsigned char *q; + + p = s = (char*)malloc(size*4/3+4); + q = (unsigned char*)data; + i=0; + for(i = 0; i < size;){ + c=q[i++]; + c*=256; + if(i < size) + c+=q[i]; + i++; + c*=256; + if(i < size) + c+=q[i]; + i++; + p[0]=base64[(c&0x00fc0000) >> 18]; + p[1]=base64[(c&0x0003f000) >> 12]; + p[2]=base64[(c&0x00000fc0) >> 6]; + p[3]=base64[(c&0x0000003f) >> 0]; + if(i > size) + p[3]='='; + if(i > size+1) + p[2]='='; + p+=4; + } + *p=0; + *str = s; + return strlen(s); +} + +int base64_decode(const char *str, void *data) +{ + const char *p; + unsigned char *q; + int c; + int x; + int done = 0; + q=(unsigned char*)data; + for(p=str; *p && !done; p+=4){ + x = pos(p[0]); + if(x >= 0) + c = x; + else{ + done = 3; + break; + } + c*=64; + + x = pos(p[1]); + if(x >= 0) + c += x; + else + return -1; + c*=64; + + if(p[2] == '=') + done++; + else{ + x = pos(p[2]); + if(x >= 0) + c += x; + else + return -1; + } + c*=64; + + if(p[3] == '=') + done++; + else{ + if(done) + return -1; + x = pos(p[3]); + if(x >= 0) + c += x; + else + return -1; + } + if(done < 3) + *q++=(c&0x00ff0000)>>16; + + if(done < 2) + *q++=(c&0x0000ff00)>>8; + if(done < 1) + *q++=(c&0x000000ff)>>0; + } + return q - (unsigned char*)data; +} diff --git a/crypto/kerberosIV/appl/ftp/common/base64.h b/crypto/kerberosIV/appl/ftp/common/base64.h new file mode 100644 index 0000000..fe799a2 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/base64.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +int base64_encode(const void *data, int size, char **str); +int base64_decode(const char *str, void *data); + +#endif diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c new file mode 100644 index 0000000..5b7829a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/buffer.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "common.h" +#include +#include "roken.h" + +RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $"); + +/* + * Allocate a buffer enough to handle st->st_blksize, if + * there is such a field, otherwise BUFSIZ. + */ + +void * +alloc_buffer (void *oldbuf, size_t *sz, struct stat *st) +{ + size_t new_sz; + + new_sz = BUFSIZ; +#ifdef HAVE_ST_BLKSIZE + if (st) + new_sz = max(BUFSIZ, st->st_blksize); +#endif + if(new_sz > *sz) { + if (oldbuf) + free (oldbuf); + oldbuf = malloc (new_sz); + if (oldbuf == NULL) { + warn ("malloc"); + *sz = 0; + return NULL; + } + *sz = new_sz; + } + return oldbuf; +} + diff --git a/crypto/kerberosIV/appl/ftp/common/common.h b/crypto/kerberosIV/appl/ftp/common/common.h new file mode 100644 index 0000000..4ec3149 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/common.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifndef __COMMON_H__ +#define __COMMON_H__ + +#include "base64.h" + +void set_buffer_size(int, int); + +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st); + +#endif /* __COMMON_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/common/glob.c b/crypto/kerberosIV/appl/ftp/common/glob.c new file mode 100644 index 0000000..8f19d7c --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/glob.c @@ -0,0 +1,835 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Guido van Rossum. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * glob(3) -- a superset of the one defined in POSIX 1003.2. + * + * The [!...] convention to negate a range is supported (SysV, Posix, ksh). + * + * Optional extra services, controlled by flags not defined by POSIX: + * + * GLOB_QUOTE: + * Escaping convention: \ inhibits any special meaning the following + * character might have (except \ at end of string is retained). + * GLOB_MAGCHAR: + * Set in gl_flags if pattern contained a globbing character. + * GLOB_NOMAGIC: + * Same as GLOB_NOCHECK, but it will only append pattern if it did + * not contain any magic characters. [Used in csh style globbing] + * GLOB_ALTDIRFUNC: + * Use alternately specified directory access functions. + * GLOB_TILDE: + * expand ~user/foo to the /home/dir/of/user/foo + * GLOB_BRACE: + * expand {1,2}{a,b} to 1a 1b 2a 2b + * gl_matchc: + * Number of matches in the current invocation of glob. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#include +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_PWD_H +#include +#endif +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "glob.h" +#include "roken.h" + +#define CHAR_DOLLAR '$' +#define CHAR_DOT '.' +#define CHAR_EOS '\0' +#define CHAR_LBRACKET '[' +#define CHAR_NOT '!' +#define CHAR_QUESTION '?' +#define CHAR_QUOTE '\\' +#define CHAR_RANGE '-' +#define CHAR_RBRACKET ']' +#define CHAR_SEP '/' +#define CHAR_STAR '*' +#define CHAR_TILDE '~' +#define CHAR_UNDERSCORE '_' +#define CHAR_LBRACE '{' +#define CHAR_RBRACE '}' +#define CHAR_SLASH '/' +#define CHAR_COMMA ',' + +#ifndef DEBUG + +#define M_QUOTE 0x8000 +#define M_PROTECT 0x4000 +#define M_MASK 0xffff +#define M_ASCII 0x00ff + +typedef u_short Char; + +#else + +#define M_QUOTE 0x80 +#define M_PROTECT 0x40 +#define M_MASK 0xff +#define M_ASCII 0x7f + +typedef char Char; + +#endif + + +#define CHAR(c) ((Char)((c)&M_ASCII)) +#define META(c) ((Char)((c)|M_QUOTE)) +#define M_ALL META('*') +#define M_END META(']') +#define M_NOT META('!') +#define M_ONE META('?') +#define M_RNG META('-') +#define M_SET META('[') +#define ismeta(c) (((c)&M_QUOTE) != 0) + + +static int compare (const void *, const void *); +static void g_Ctoc (const Char *, char *); +static int g_lstat (Char *, struct stat *, glob_t *); +static DIR *g_opendir (Char *, glob_t *); +static Char *g_strchr (Char *, int); +#ifdef notdef +static Char *g_strcat (Char *, const Char *); +#endif +static int g_stat (Char *, struct stat *, glob_t *); +static int glob0 (const Char *, glob_t *); +static int glob1 (Char *, glob_t *); +static int glob2 (Char *, Char *, Char *, glob_t *); +static int glob3 (Char *, Char *, Char *, Char *, glob_t *); +static int globextend (const Char *, glob_t *); +static const Char * globtilde (const Char *, Char *, glob_t *); +static int globexp1 (const Char *, glob_t *); +static int globexp2 (const Char *, const Char *, glob_t *, int *); +static int match (Char *, Char *, Char *); +#ifdef DEBUG +static void qprintf (const char *, Char *); +#endif + +int +glob(const char *pattern, + int flags, + int (*errfunc)(const char *, int), + glob_t *pglob) +{ + const u_char *patnext; + int c; + Char *bufnext, *bufend, patbuf[MaxPathLen+1]; + + patnext = (u_char *) pattern; + if (!(flags & GLOB_APPEND)) { + pglob->gl_pathc = 0; + pglob->gl_pathv = NULL; + if (!(flags & GLOB_DOOFFS)) + pglob->gl_offs = 0; + } + pglob->gl_flags = flags & ~GLOB_MAGCHAR; + pglob->gl_errfunc = errfunc; + pglob->gl_matchc = 0; + + bufnext = patbuf; + bufend = bufnext + MaxPathLen; + if (flags & GLOB_QUOTE) { + /* Protect the quoted characters. */ + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + if (c == CHAR_QUOTE) { + if ((c = *patnext++) == CHAR_EOS) { + c = CHAR_QUOTE; + --patnext; + } + *bufnext++ = c | M_PROTECT; + } + else + *bufnext++ = c; + } + else + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + *bufnext++ = c; + *bufnext = CHAR_EOS; + + if (flags & GLOB_BRACE) + return globexp1(patbuf, pglob); + else + return glob0(patbuf, pglob); +} + +/* + * Expand recursively a glob {} pattern. When there is no more expansion + * invoke the standard globbing routine to glob the rest of the magic + * characters + */ +static int globexp1(const Char *pattern, glob_t *pglob) +{ + const Char* ptr = pattern; + int rv; + + /* Protect a single {}, for find(1), like csh */ + if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS) + return glob0(pattern, pglob); + + while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL) + if (!globexp2(ptr, pattern, pglob, &rv)) + return rv; + + return glob0(pattern, pglob); +} + + +/* + * Recursive brace globbing helper. Tries to expand a single brace. + * If it succeeds then it invokes globexp1 with the new pattern. + * If it fails then it tries to glob the rest of the pattern and returns. + */ +static int globexp2(const Char *ptr, const Char *pattern, + glob_t *pglob, int *rv) +{ + int i; + Char *lm, *ls; + const Char *pe, *pm, *pl; + Char patbuf[MaxPathLen + 1]; + + /* copy part up to the brace */ + for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++) + continue; + ls = lm; + + /* Find the balanced brace */ + for (i = 0, pe = ++ptr; *pe; pe++) + if (*pe == CHAR_LBRACKET) { + /* Ignore everything between [] */ + for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++) + continue; + if (*pe == CHAR_EOS) { + /* + * We could not find a matching CHAR_RBRACKET. + * Ignore and just look for CHAR_RBRACE + */ + pe = pm; + } + } + else if (*pe == CHAR_LBRACE) + i++; + else if (*pe == CHAR_RBRACE) { + if (i == 0) + break; + i--; + } + + /* Non matching braces; just glob the pattern */ + if (i != 0 || *pe == CHAR_EOS) { + *rv = glob0(patbuf, pglob); + return 0; + } + + for (i = 0, pl = pm = ptr; pm <= pe; pm++) + switch (*pm) { + case CHAR_LBRACKET: + /* Ignore everything between [] */ + for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++) + continue; + if (*pm == CHAR_EOS) { + /* + * We could not find a matching CHAR_RBRACKET. + * Ignore and just look for CHAR_RBRACE + */ + pm = pl; + } + break; + + case CHAR_LBRACE: + i++; + break; + + case CHAR_RBRACE: + if (i) { + i--; + break; + } + /* FALLTHROUGH */ + case CHAR_COMMA: + if (i && *pm == CHAR_COMMA) + break; + else { + /* Append the current string */ + for (lm = ls; (pl < pm); *lm++ = *pl++) + continue; + /* + * Append the rest of the pattern after the + * closing brace + */ + for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;) + continue; + + /* Expand the current pattern */ +#ifdef DEBUG + qprintf("globexp2:", patbuf); +#endif + *rv = globexp1(patbuf, pglob); + + /* move after the comma, to the next string */ + pl = pm + 1; + } + break; + + default: + break; + } + *rv = 0; + return 0; +} + + + +/* + * expand tilde from the passwd file. + */ +static const Char * +globtilde(const Char *pattern, Char *patbuf, glob_t *pglob) +{ + struct passwd *pwd; + char *h; + const Char *p; + Char *b; + + if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE)) + return pattern; + + /* Copy up to the end of the string or / */ + for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; + *h++ = *p++) + continue; + + *h = CHAR_EOS; + + if (((char *) patbuf)[0] == CHAR_EOS) { + /* + * handle a plain ~ or ~/ by expanding $HOME + * first and then trying the password file + */ + if ((h = getenv("HOME")) == NULL) { + if ((pwd = k_getpwuid(getuid())) == NULL) + return pattern; + else + h = pwd->pw_dir; + } + } + else { + /* + * Expand a ~user + */ + if ((pwd = k_getpwnam((char*) patbuf)) == NULL) + return pattern; + else + h = pwd->pw_dir; + } + + /* Copy the home directory */ + for (b = patbuf; *h; *b++ = *h++) + continue; + + /* Append the rest of the pattern */ + while ((*b++ = *p++) != CHAR_EOS) + continue; + + return patbuf; +} + + +/* + * The main glob() routine: compiles the pattern (optionally processing + * quotes), calls glob1() to do the real pattern matching, and finally + * sorts the list (unless unsorted operation is requested). Returns 0 + * if things went well, nonzero if errors occurred. It is not an error + * to find no matches. + */ +static int +glob0(const Char *pattern, glob_t *pglob) +{ + const Char *qpatnext; + int c, err, oldpathc; + Char *bufnext, patbuf[MaxPathLen+1]; + + qpatnext = globtilde(pattern, patbuf, pglob); + oldpathc = pglob->gl_pathc; + bufnext = patbuf; + + /* We don't need to check for buffer overflow any more. */ + while ((c = *qpatnext++) != CHAR_EOS) { + switch (c) { + case CHAR_LBRACKET: + c = *qpatnext; + if (c == CHAR_NOT) + ++qpatnext; + if (*qpatnext == CHAR_EOS || + g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) { + *bufnext++ = CHAR_LBRACKET; + if (c == CHAR_NOT) + --qpatnext; + break; + } + *bufnext++ = M_SET; + if (c == CHAR_NOT) + *bufnext++ = M_NOT; + c = *qpatnext++; + do { + *bufnext++ = CHAR(c); + if (*qpatnext == CHAR_RANGE && + (c = qpatnext[1]) != CHAR_RBRACKET) { + *bufnext++ = M_RNG; + *bufnext++ = CHAR(c); + qpatnext += 2; + } + } while ((c = *qpatnext++) != CHAR_RBRACKET); + pglob->gl_flags |= GLOB_MAGCHAR; + *bufnext++ = M_END; + break; + case CHAR_QUESTION: + pglob->gl_flags |= GLOB_MAGCHAR; + *bufnext++ = M_ONE; + break; + case CHAR_STAR: + pglob->gl_flags |= GLOB_MAGCHAR; + /* collapse adjacent stars to one, + * to avoid exponential behavior + */ + if (bufnext == patbuf || bufnext[-1] != M_ALL) + *bufnext++ = M_ALL; + break; + default: + *bufnext++ = CHAR(c); + break; + } + } + *bufnext = CHAR_EOS; +#ifdef DEBUG + qprintf("glob0:", patbuf); +#endif + + if ((err = glob1(patbuf, pglob)) != 0) + return(err); + + /* + * If there was no match we are going to append the pattern + * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified + * and the pattern did not contain any magic characters + * GLOB_NOMAGIC is there just for compatibility with csh. + */ + if (pglob->gl_pathc == oldpathc && + ((pglob->gl_flags & GLOB_NOCHECK) || + ((pglob->gl_flags & GLOB_NOMAGIC) && + !(pglob->gl_flags & GLOB_MAGCHAR)))) + return(globextend(pattern, pglob)); + else if (!(pglob->gl_flags & GLOB_NOSORT)) + qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, + pglob->gl_pathc - oldpathc, sizeof(char *), compare); + return(0); +} + +static int +compare(const void *p, const void *q) +{ + return(strcmp(*(char **)p, *(char **)q)); +} + +static int +glob1(Char *pattern, glob_t *pglob) +{ + Char pathbuf[MaxPathLen+1]; + + /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */ + if (*pattern == CHAR_EOS) + return(0); + return(glob2(pathbuf, pathbuf, pattern, pglob)); +} + +/* + * The functions glob2 and glob3 are mutually recursive; there is one level + * of recursion for each segment in the pattern that contains one or more + * meta characters. + */ + +#ifndef S_ISLNK +#if defined(S_IFLNK) && defined(S_IFMT) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#define S_ISLNK(mode) 0 +#endif +#endif + +static int +glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob) +{ + struct stat sb; + Char *p, *q; + int anymeta; + + /* + * Loop over pattern segments until end of pattern or until + * segment with meta character found. + */ + for (anymeta = 0;;) { + if (*pattern == CHAR_EOS) { /* End of pattern? */ + *pathend = CHAR_EOS; + if (g_lstat(pathbuf, &sb, pglob)) + return(0); + + if (((pglob->gl_flags & GLOB_MARK) && + pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode) + || (S_ISLNK(sb.st_mode) && + (g_stat(pathbuf, &sb, pglob) == 0) && + S_ISDIR(sb.st_mode)))) { + *pathend++ = CHAR_SEP; + *pathend = CHAR_EOS; + } + ++pglob->gl_matchc; + return(globextend(pathbuf, pglob)); + } + + /* Find end of next segment, copy tentatively to pathend. */ + q = pathend; + p = pattern; + while (*p != CHAR_EOS && *p != CHAR_SEP) { + if (ismeta(*p)) + anymeta = 1; + *q++ = *p++; + } + + if (!anymeta) { /* No expansion, do next segment. */ + pathend = q; + pattern = p; + while (*pattern == CHAR_SEP) + *pathend++ = *pattern++; + } else /* Need expansion, recurse. */ + return(glob3(pathbuf, pathend, pattern, p, pglob)); + } + /* CHAR_NOTREACHED */ +} + +static int +glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, + glob_t *pglob) +{ + struct dirent *dp; + DIR *dirp; + int err; + char buf[MaxPathLen]; + + /* + * The readdirfunc declaration can't be prototyped, because it is + * assigned, below, to two functions which are prototyped in glob.h + * and dirent.h as taking pointers to differently typed opaque + * structures. + */ + struct dirent *(*readdirfunc)(void *); + + *pathend = CHAR_EOS; + errno = 0; + + if ((dirp = g_opendir(pathbuf, pglob)) == NULL) { + /* TODO: don't call for ENOENT or ENOTDIR? */ + if (pglob->gl_errfunc) { + g_Ctoc(pathbuf, buf); + if (pglob->gl_errfunc(buf, errno) || + pglob->gl_flags & GLOB_ERR) + return (GLOB_ABEND); + } + return(0); + } + + err = 0; + + /* Search directory for matching names. */ + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + readdirfunc = pglob->gl_readdir; + else + readdirfunc = (struct dirent *(*)(void *))readdir; + while ((dp = (*readdirfunc)(dirp))) { + u_char *sc; + Char *dc; + + /* Initial CHAR_DOT must be matched literally. */ + if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT) + continue; + for (sc = (u_char *) dp->d_name, dc = pathend; + (*dc++ = *sc++) != CHAR_EOS;) + continue; + if (!match(pathend, pattern, restpattern)) { + *pathend = CHAR_EOS; + continue; + } + err = glob2(pathbuf, --dc, restpattern, pglob); + if (err) + break; + } + + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + (*pglob->gl_closedir)(dirp); + else + closedir(dirp); + return(err); +} + + +/* + * Extend the gl_pathv member of a glob_t structure to accomodate a new item, + * add the new item, and update gl_pathc. + * + * This assumes the BSD realloc, which only copies the block when its size + * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic + * behavior. + * + * Return 0 if new item added, error code if memory couldn't be allocated. + * + * Invariant of the glob_t structure: + * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and + * gl_pathv points to (gl_offs + gl_pathc + 1) items. + */ +static int +globextend(const Char *path, glob_t *pglob) +{ + char **pathv; + int i; + u_int newsize; + char *copy; + const Char *p; + + newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); + pathv = pglob->gl_pathv ? + realloc(pglob->gl_pathv, newsize) : + malloc(newsize); + if (pathv == NULL) + return(GLOB_NOSPACE); + + if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { + /* first time around -- clear initial gl_offs items */ + pathv += pglob->gl_offs; + for (i = pglob->gl_offs; --i >= 0; ) + *--pathv = NULL; + } + pglob->gl_pathv = pathv; + + for (p = path; *p++;) + continue; + if ((copy = malloc(p - path)) != NULL) { + g_Ctoc(path, copy); + pathv[pglob->gl_offs + pglob->gl_pathc++] = copy; + } + pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; + return(copy == NULL ? GLOB_NOSPACE : 0); +} + + +/* + * pattern matching function for filenames. Each occurrence of the * + * pattern causes a recursion level. + */ +static int +match(Char *name, Char *pat, Char *patend) +{ + int ok, negate_range; + Char c, k; + + while (pat < patend) { + c = *pat++; + switch (c & M_MASK) { + case M_ALL: + if (pat == patend) + return(1); + do + if (match(name, pat, patend)) + return(1); + while (*name++ != CHAR_EOS); + return(0); + case M_ONE: + if (*name++ == CHAR_EOS) + return(0); + break; + case M_SET: + ok = 0; + if ((k = *name++) == CHAR_EOS) + return(0); + if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS) + ++pat; + while (((c = *pat++) & M_MASK) != M_END) + if ((*pat & M_MASK) == M_RNG) { + if (c <= k && k <= pat[1]) + ok = 1; + pat += 2; + } else if (c == k) + ok = 1; + if (ok == negate_range) + return(0); + break; + default: + if (*name++ != c) + return(0); + break; + } + } + return(*name == CHAR_EOS); +} + +/* Free allocated data belonging to a glob_t structure. */ +void +globfree(glob_t *pglob) +{ + int i; + char **pp; + + if (pglob->gl_pathv != NULL) { + pp = pglob->gl_pathv + pglob->gl_offs; + for (i = pglob->gl_pathc; i--; ++pp) + if (*pp) + free(*pp); + free(pglob->gl_pathv); + } +} + +static DIR * +g_opendir(Char *str, glob_t *pglob) +{ + char buf[MaxPathLen]; + + if (!*str) + strcpy(buf, "."); + else + g_Ctoc(str, buf); + + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_opendir)(buf)); + + return(opendir(buf)); +} + +static int +g_lstat(Char *fn, struct stat *sb, glob_t *pglob) +{ + char buf[MaxPathLen]; + + g_Ctoc(fn, buf); + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_lstat)(buf, sb)); + return(lstat(buf, sb)); +} + +static int +g_stat(Char *fn, struct stat *sb, glob_t *pglob) +{ + char buf[MaxPathLen]; + + g_Ctoc(fn, buf); + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_stat)(buf, sb)); + return(stat(buf, sb)); +} + +static Char * +g_strchr(Char *str, int ch) +{ + do { + if (*str == ch) + return (str); + } while (*str++); + return (NULL); +} + +#ifdef notdef +static Char * +g_strcat(Char *dst, const Char *src) +{ + Char *sdst = dst; + + while (*dst++) + continue; + --dst; + while((*dst++ = *src++) != CHAR_EOS) + continue; + + return (sdst); +} +#endif + +static void +g_Ctoc(const Char *str, char *buf) +{ + char *dc; + + for (dc = buf; (*dc++ = *str++) != CHAR_EOS;) + continue; +} + +#ifdef DEBUG +static void +qprintf(const Char *str, Char *s) +{ + Char *p; + + printf("%s:\n", str); + for (p = s; *p; p++) + printf("%c", CHAR(*p)); + printf("\n"); + for (p = s; *p; p++) + printf("%c", *p & M_PROTECT ? '"' : ' '); + printf("\n"); + for (p = s; *p; p++) + printf("%c", ismeta(*p) ? '_' : ' '); + printf("\n"); +} +#endif diff --git a/crypto/kerberosIV/appl/ftp/common/glob.h b/crypto/kerberosIV/appl/ftp/common/glob.h new file mode 100644 index 0000000..bece48a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/glob.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Guido van Rossum. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)glob.h 8.1 (Berkeley) 6/2/93 + */ + +#ifndef _GLOB_H_ +#define _GLOB_H_ + +struct stat; +typedef struct { + int gl_pathc; /* Count of total paths so far. */ + int gl_matchc; /* Count of paths matching pattern. */ + int gl_offs; /* Reserved at beginning of gl_pathv. */ + int gl_flags; /* Copy of flags parameter to glob. */ + char **gl_pathv; /* List of paths matching pattern. */ + /* Copy of errfunc parameter to glob. */ + int (*gl_errfunc) (const char *, int); + + /* + * Alternate filesystem access methods for glob; replacement + * versions of closedir(3), readdir(3), opendir(3), stat(2) + * and lstat(2). + */ + void (*gl_closedir) (void *); + struct dirent *(*gl_readdir) (void *); + void *(*gl_opendir) (const char *); + int (*gl_lstat) (const char *, struct stat *); + int (*gl_stat) (const char *, struct stat *); +} glob_t; + +#define GLOB_APPEND 0x0001 /* Append to output from previous call. */ +#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */ +#define GLOB_ERR 0x0004 /* Return on error. */ +#define GLOB_MARK 0x0008 /* Append / to matching directories. */ +#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ +#define GLOB_NOSORT 0x0020 /* Don't sort. */ + +#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ +#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ +#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */ +#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ +#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ +#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ + +#define GLOB_NOSPACE (-1) /* Malloc call failed. */ +#define GLOB_ABEND (-2) /* Unignored error. */ + +int glob (const char *, int, int (*)(const char *, int), glob_t *); +void globfree (glob_t *); + +#endif /* !_GLOB_H_ */ diff --git a/crypto/kerberosIV/appl/ftp/common/sockbuf.c b/crypto/kerberosIV/appl/ftp/common/sockbuf.c new file mode 100644 index 0000000..ab8c293 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/sockbuf.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "common.h" +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +RCSID("$Id: sockbuf.c,v 1.2 1997/05/11 10:01:48 assar Exp $"); + +void +set_buffer_size(int fd, int read) +{ +#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT) + size_t size = 4194304; + while(size >= 131072 && + setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, + (void *)&size, sizeof(size)) < 0) + size /= 2; +#endif +} + + diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in new file mode 100644 index 0000000..62bde3b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in @@ -0,0 +1,76 @@ +# +# $Id: Makefile.in,v 1.24 1997/03/23 13:03:55 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../../.. + +CC = @CC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(topdir) -I$(top_srcdir) -I$(topdir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@ +LD_FLAGS = @LD_FLAGS@ +LIB_tgetent = @LIB_tgetent@ +LIBS = @LIBS@ @LIB_readline@ +MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +libdir = @libdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +INCTOP = $(topdir)/include + +LIBTOP = $(topdir)/lib + +PROGS = ftp$(EXECSUFFIX) + +ftp_OBJS = cmds.o cmdtab.o ftp.o krb4.o main.o ruserpass.o domacro.o \ + globals.o kauth.o + +ftp_SOURCES = cmds.c cmdtab.c ftp.c krb4.c main.c ruserpass.c \ + domacro.c globals.c kauth.c + +OBJECTS = $(ftp_OBJS) +SOURCES = $(ftp_SOURCES) + +all: $(PROGS) + +.c.o: + $(CC) -c $(CFLAGS) $(CPPFLAGS) $(DEFS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +ftp$(EXECSUFFIX): $(ftp_OBJS) # ../common/libcommon.a + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o core ftp \#* + +distclean: + rm -f Makefile + +$(OBJECTS): ../../../include/config.h diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c new file mode 100644 index 0000000..5e1980b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c @@ -0,0 +1,2073 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * FTP User Program -- Command Routines. + */ + +#include "ftp_locl.h" +RCSID("$Id: cmds.c,v 1.23 1997/06/01 22:52:37 assar Exp $"); + +typedef void (*sighand)(int); + +jmp_buf jabort; +char *mname; +char *home = "/"; + +/* + * `Another' gets another argument, and stores the new argc and argv. + * It reverts to the top level (via main.c's intr()) on EOF/error. + * + * Returns false if no new arguments have been added. + */ +int +another(int *pargc, char ***pargv, char *prompt) +{ + int len = strlen(line), ret; + + if (len >= sizeof(line) - 3) { + printf("sorry, arguments too long\n"); + intr(0); + } + printf("(%s) ", prompt); + line[len++] = ' '; + if (fgets(&line[len], sizeof(line) - len, stdin) == NULL) + intr(0); + len += strlen(&line[len]); + if (len > 0 && line[len - 1] == '\n') + line[len - 1] = '\0'; + makeargv(); + ret = margc > *pargc; + *pargc = margc; + *pargv = margv; + return (ret); +} + +/* + * Connect to peer server and + * auto-login, if possible. + */ +void +setpeer(int argc, char **argv) +{ + char *host; + short port; + struct servent *sp; + + if (connected) { + printf("Already connected to %s, use close first.\n", + hostname); + code = -1; + return; + } + if (argc < 2) + another(&argc, &argv, "to"); + if (argc < 2 || argc > 3) { + printf("usage: %s host-name [port]\n", argv[0]); + code = -1; + return; + } + sp = getservbyname("ftp", "tcp"); + if (sp == NULL) + errx(1, "You bastard. You removed ftp/tcp from services"); + port = sp->s_port; + if (argc > 2) { + port = atoi(argv[2]); + if (port <= 0) { + printf("%s: bad port number-- %s\n", argv[1], argv[2]); + printf ("usage: %s host-name [port]\n", argv[0]); + code = -1; + return; + } + port = htons(port); + } + host = hookup(argv[1], port); + if (host) { + int overbose; + + connected = 1; + /* + * Set up defaults for FTP. + */ + strcpy(typename, "ascii"), type = TYPE_A; + curtype = TYPE_A; + strcpy(formname, "non-print"), form = FORM_N; + strcpy(modename, "stream"), mode = MODE_S; + strcpy(structname, "file"), stru = STRU_F; + strcpy(bytename, "8"), bytesize = 8; + if (autologin) + login(argv[1]); + +#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)) && NBBY == 8 +/* + * this ifdef is to keep someone form "porting" this to an incompatible + * system and not checking this out. This way they have to think about it. + */ + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("SYST") == COMPLETE && overbose) { + char *cp, c; + cp = strchr(reply_string+4, ' '); + if (cp == NULL) + cp = strchr(reply_string+4, '\r'); + if (cp) { + if (cp[-1] == '.') + cp--; + c = *cp; + *cp = '\0'; + } + + printf("Remote system type is %s.\n", + reply_string+4); + if (cp) + *cp = c; + } + if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) { + if (proxy) + unix_proxy = 1; + else + unix_server = 1; + /* + * Set type to 0 (not specified by user), + * meaning binary by default, but don't bother + * telling server. We can use binary + * for text files unless changed by the user. + */ + type = 0; + strcpy(typename, "binary"); + if (overbose) + printf("Using %s mode to transfer files.\n", + typename); + } else { + if (proxy) + unix_proxy = 0; + else + unix_server = 0; + if (overbose && + !strncmp(reply_string, "215 TOPS20", 10)) + printf( +"Remember to set tenex mode when transfering binary files from this machine.\n"); + } + verbose = overbose; +#endif /* unix */ + } +} + +struct types { + char *t_name; + char *t_mode; + int t_type; + char *t_arg; +} types[] = { + { "ascii", "A", TYPE_A, 0 }, + { "binary", "I", TYPE_I, 0 }, + { "image", "I", TYPE_I, 0 }, + { "ebcdic", "E", TYPE_E, 0 }, + { "tenex", "L", TYPE_L, bytename }, + { NULL } +}; + +/* + * Set transfer type. + */ +void +settype(int argc, char **argv) +{ + struct types *p; + int comret; + + if (argc > 2) { + char *sep; + + printf("usage: %s [", argv[0]); + sep = " "; + for (p = types; p->t_name; p++) { + printf("%s%s", sep, p->t_name); + sep = " | "; + } + printf(" ]\n"); + code = -1; + return; + } + if (argc < 2) { + printf("Using %s mode to transfer files.\n", typename); + code = 0; + return; + } + for (p = types; p->t_name; p++) + if (strcmp(argv[1], p->t_name) == 0) + break; + if (p->t_name == 0) { + printf("%s: unknown mode\n", argv[1]); + code = -1; + return; + } + if ((p->t_arg != NULL) && (*(p->t_arg) != '\0')) + comret = command ("TYPE %s %s", p->t_mode, p->t_arg); + else + comret = command("TYPE %s", p->t_mode); + if (comret == COMPLETE) { + strcpy(typename, p->t_name); + curtype = type = p->t_type; + } +} + +/* + * Internal form of settype; changes current type in use with server + * without changing our notion of the type for data transfers. + * Used to change to and from ascii for listings. + */ +void +changetype(int newtype, int show) +{ + struct types *p; + int comret, oldverbose = verbose; + + if (newtype == 0) + newtype = TYPE_I; + if (newtype == curtype) + return; + if (debug == 0 && show == 0) + verbose = 0; + for (p = types; p->t_name; p++) + if (newtype == p->t_type) + break; + if (p->t_name == 0) { + printf("ftp: internal error: unknown type %d\n", newtype); + return; + } + if (newtype == TYPE_L && bytename[0] != '\0') + comret = command("TYPE %s %s", p->t_mode, bytename); + else + comret = command("TYPE %s", p->t_mode); + if (comret == COMPLETE) + curtype = newtype; + verbose = oldverbose; +} + +char *stype[] = { + "type", + "", + 0 +}; + +/* + * Set binary transfer type. + */ +/*VARARGS*/ +void +setbinary(int argc, char **argv) +{ + + stype[1] = "binary"; + settype(2, stype); +} + +/* + * Set ascii transfer type. + */ +/*VARARGS*/ +void +setascii(int argc, char **argv) +{ + + stype[1] = "ascii"; + settype(2, stype); +} + +/* + * Set tenex transfer type. + */ +/*VARARGS*/ +void +settenex(int argc, char **argv) +{ + + stype[1] = "tenex"; + settype(2, stype); +} + +/* + * Set file transfer mode. + */ +/*ARGSUSED*/ +void +setftmode(int argc, char **argv) +{ + + printf("We only support %s mode, sorry.\n", modename); + code = -1; +} + +/* + * Set file transfer format. + */ +/*ARGSUSED*/ +void +setform(int argc, char **argv) +{ + + printf("We only support %s format, sorry.\n", formname); + code = -1; +} + +/* + * Set file transfer structure. + */ +/*ARGSUSED*/ +void +setstruct(int argc, char **argv) +{ + + printf("We only support %s structure, sorry.\n", structname); + code = -1; +} + +/* + * Send a single file. + */ +void +put(int argc, char **argv) +{ + char *cmd; + int loc = 0; + char *oldargv1, *oldargv2; + + if (argc == 2) { + argc++; + argv[2] = argv[1]; + loc++; + } + if (argc < 2 && !another(&argc, &argv, "local-file")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "remote-file")) { +usage: + printf("usage: %s local-file remote-file\n", argv[0]); + code = -1; + return; + } + oldargv1 = argv[1]; + oldargv2 = argv[2]; + if (!globulize(&argv[1])) { + code = -1; + return; + } + /* + * If "globulize" modifies argv[1], and argv[2] is a copy of + * the old argv[1], make it a copy of the new argv[1]. + */ + if (argv[1] != oldargv1 && argv[2] == oldargv1) { + argv[2] = argv[1]; + } + cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR"); + if (loc && ntflag) { + argv[2] = dotrans(argv[2]); + } + if (loc && mapflag) { + argv[2] = domap(argv[2]); + } + sendrequest(cmd, argv[1], argv[2], + argv[1] != oldargv1 || argv[2] != oldargv2); +} + +/* ARGSUSED */ +static RETSIGTYPE +mabort(int signo) +{ + int ointer; + + printf("\n"); + fflush(stdout); + if (mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", mname)) { + interactive = ointer; + longjmp(jabort,0); + } + interactive = ointer; + } + mflag = 0; + longjmp(jabort,0); +} + +/* + * Send multiple files. + */ +void +mput(int argc, char **argv) +{ + int i; + RETSIGTYPE (*oldintr)(); + int ointer; + char *tp; + + if (argc < 2 && !another(&argc, &argv, "local-files")) { + printf("usage: %s local-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + if (proxy) { + char *cp, *tp2, tmpbuf[MaxPathLen]; + + while ((cp = remglob(argv,0)) != NULL) { + if (*cp == 0) { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + tp = cp; + if (mcase) { + while (*tp && !islower(*tp)) { + tp++; + } + if (!*tp) { + tp = cp; + tp2 = tmpbuf; + while ((*tp2 = *tp) != '\0') { + if (isupper(*tp2)) { + *tp2 = 'a' + *tp2 - 'A'; + } + tp++; + tp2++; + } + } + tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); + } + if (mapflag) { + tp = domap(tp); + } + sendrequest((sunique) ? "STOU" : "STOR", + cp, tp, cp != tp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT, oldintr); + mflag = 0; + return; + } + for (i = 1; i < argc; i++) { + char **cpp; + glob_t gl; + int flags; + + if (!doglob) { + if (mflag && confirm(argv[0], argv[i])) { + tp = (ntflag) ? dotrans(argv[i]) : argv[i]; + tp = (mapflag) ? domap(tp) : tp; + sendrequest((sunique) ? "STOU" : "STOR", + argv[i], tp, tp != argv[i] || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + continue; + } + + memset(&gl, 0, sizeof(gl)); + flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) { + warnx("%s: not found", argv[i]); + globfree(&gl); + continue; + } + for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) { + if (mflag && confirm(argv[0], *cpp)) { + tp = (ntflag) ? dotrans(*cpp) : *cpp; + tp = (mapflag) ? domap(tp) : tp; + sendrequest((sunique) ? "STOU" : "STOR", + *cpp, tp, *cpp != tp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + } + globfree(&gl); + } + signal(SIGINT, oldintr); + mflag = 0; +} + +void +reget(int argc, char **argv) +{ + + getit(argc, argv, 1, "r+w"); +} + +void +get(int argc, char **argv) +{ + + getit(argc, argv, 0, restart_point ? "r+w" : "w" ); +} + +/* + * Receive one file. + */ +int +getit(int argc, char **argv, int restartit, char *mode) +{ + int loc = 0; + char *oldargv1, *oldargv2; + + if (argc == 2) { + argc++; + argv[2] = argv[1]; + loc++; + } + if (argc < 2 && !another(&argc, &argv, "remote-file")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "local-file")) { +usage: + printf("usage: %s remote-file [ local-file ]\n", argv[0]); + code = -1; + return (0); + } + oldargv1 = argv[1]; + oldargv2 = argv[2]; + if (!globulize(&argv[2])) { + code = -1; + return (0); + } + if (loc && mcase) { + char *tp = argv[1], *tp2, tmpbuf[MaxPathLen]; + + while (*tp && !islower(*tp)) { + tp++; + } + if (!*tp) { + tp = argv[2]; + tp2 = tmpbuf; + while ((*tp2 = *tp) != '\0') { + if (isupper(*tp2)) { + *tp2 = 'a' + *tp2 - 'A'; + } + tp++; + tp2++; + } + argv[2] = tmpbuf; + } + } + if (loc && ntflag) + argv[2] = dotrans(argv[2]); + if (loc && mapflag) + argv[2] = domap(argv[2]); + if (restartit) { + struct stat stbuf; + int ret; + + ret = stat(argv[2], &stbuf); + if (restartit == 1) { + if (ret < 0) { + warn("local: %s", argv[2]); + return (0); + } + restart_point = stbuf.st_size; + } else { + if (ret == 0) { + int overbose; + + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("MDTM %s", argv[1]) == COMPLETE) { + int yy, mo, day, hour, min, sec; + struct tm *tm; + verbose = overbose; + sscanf(reply_string, + "%*s %04d%02d%02d%02d%02d%02d", + &yy, &mo, &day, &hour, &min, &sec); + tm = gmtime(&stbuf.st_mtime); + tm->tm_mon++; + if (tm->tm_year > yy%100) + return (1); + if ((tm->tm_year == yy%100 && + tm->tm_mon > mo) || + (tm->tm_mon == mo && + tm->tm_mday > day) || + (tm->tm_mday == day && + tm->tm_hour > hour) || + (tm->tm_hour == hour && + tm->tm_min > min) || + (tm->tm_min == min && + tm->tm_sec > sec)) + return (1); + } else { + printf("%s\n", reply_string); + verbose = overbose; + return (0); + } + } + } + } + + recvrequest("RETR", argv[2], argv[1], mode, + argv[1] != oldargv1 || argv[2] != oldargv2); + restart_point = 0; + return (0); +} + +/* + * Get multiple files. + */ +void +mget(int argc, char **argv) +{ + sighand oldintr; + int ch, ointer; + char *cp, *tp, *tp2, tmpbuf[MaxPathLen]; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) { + printf("usage: %s remote-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + while ((cp = remglob(argv,proxy)) != NULL) { + if (*cp == '\0') { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + tp = cp; + if (mcase) { + for (tp2 = tmpbuf; (ch = *tp++);) + *tp2++ = isupper(ch) ? tolower(ch) : ch; + *tp2 = '\0'; + tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); + } + if (mapflag) { + tp = domap(tp); + } + recvrequest("RETR", tp, cp, "w", + tp != cp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mget")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT,oldintr); + mflag = 0; +} + +char * +remglob(char **argv, int doswitch) +{ + char temp[16]; + static char buf[MaxPathLen]; + static FILE *ftemp = NULL; + static char **args; + int oldverbose, oldhash; + char *cp, *mode; + + if (!mflag) { + if (!doglob) { + args = NULL; + } + else { + if (ftemp) { + fclose(ftemp); + ftemp = NULL; + } + } + return (NULL); + } + if (!doglob) { + if (args == NULL) + args = argv; + if ((cp = *++args) == NULL) + args = NULL; + return (cp); + } + if (ftemp == NULL) { + strcpy(temp, _PATH_TMP_XXX); + mktemp(temp); + oldverbose = verbose, verbose = 0; + oldhash = hash, hash = 0; + if (doswitch) { + pswitch(!proxy); + } + for (mode = "w"; *++argv != NULL; mode = "a") + recvrequest ("NLST", temp, *argv, mode, 0); + if (doswitch) { + pswitch(!proxy); + } + verbose = oldverbose; hash = oldhash; + ftemp = fopen(temp, "r"); + unlink(temp); + if (ftemp == NULL) { + printf("can't find list of remote files, oops\n"); + return (NULL); + } + } + if (fgets(buf, sizeof (buf), ftemp) == NULL) { + fclose(ftemp); + ftemp = NULL; + return (NULL); + } + if ((cp = strchr(buf, '\n')) != NULL) + *cp = '\0'; + return (buf); +} + +char * +onoff(int bool) +{ + + return (bool ? "on" : "off"); +} + +/* + * Show status. + */ +/*ARGSUSED*/ +void +status(int argc, char **argv) +{ + int i; + + if (connected) + printf("Connected to %s.\n", hostname); + else + printf("Not connected.\n"); + if (!proxy) { + pswitch(1); + if (connected) { + printf("Connected for proxy commands to %s.\n", hostname); + } + else { + printf("No proxy connection.\n"); + } + pswitch(0); + } + sec_status(); + printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n", + modename, typename, formname, structname); + printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", + onoff(verbose), onoff(bell), onoff(interactive), + onoff(doglob)); + printf("Store unique: %s; Receive unique: %s\n", onoff(sunique), + onoff(runique)); + printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag)); + if (ntflag) { + printf("Ntrans: (in) %s (out) %s\n", ntin,ntout); + } + else { + printf("Ntrans: off\n"); + } + if (mapflag) { + printf("Nmap: (in) %s (out) %s\n", mapin, mapout); + } + else { + printf("Nmap: off\n"); + } + printf("Hash mark printing: %s; Use of PORT cmds: %s\n", + onoff(hash), onoff(sendport)); + if (macnum > 0) { + printf("Macros:\n"); + for (i=0; i 1) { + val = atoi(argv[1]); + if (val < 0) { + printf("%s: bad debugging value.\n", argv[1]); + code = -1; + return; + } + } else + val = !debug; + debug = val; + if (debug) + options |= SO_DEBUG; + else + options &= ~SO_DEBUG; + printf("Debugging %s (debug=%d).\n", onoff(debug), debug); + code = debug > 0; +} + +/* + * Set current working directory + * on remote machine. + */ +void +cd(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "remote-directory")) { + printf("usage: %s remote-directory\n", argv[0]); + code = -1; + return; + } + if (command("CWD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("CWD command not recognized, trying XCWD\n"); + command("XCWD %s", argv[1]); + } +} + +/* + * Set current working directory + * on local machine. + */ +void +lcd(int argc, char **argv) +{ + char buf[MaxPathLen]; + + if (argc < 2) + argc++, argv[1] = home; + if (argc != 2) { + printf("usage: %s local-directory\n", argv[0]); + code = -1; + return; + } + if (!globulize(&argv[1])) { + code = -1; + return; + } + if (chdir(argv[1]) < 0) { + warn("local: %s", argv[1]); + code = -1; + return; + } + if (getcwd(buf, sizeof(buf)) != NULL) + printf("Local directory now %s\n", buf); + else + warnx("getwd: %s", buf); + code = 0; +} + +/* + * Delete a single file. + */ +void +delete(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "remote-file")) { + printf("usage: %s remote-file\n", argv[0]); + code = -1; + return; + } + command("DELE %s", argv[1]); +} + +/* + * Delete multiple files. + */ +void +mdelete(int argc, char **argv) +{ + sighand oldintr; + int ointer; + char *cp; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) { + printf("usage: %s remote-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + while ((cp = remglob(argv,0)) != NULL) { + if (*cp == '\0') { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + command("DELE %s", cp); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", "mdelete")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT, oldintr); + mflag = 0; +} + +/* + * Rename a remote file. + */ +void +renamefile(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "from-name")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "to-name")) { +usage: + printf("%s from-name to-name\n", argv[0]); + code = -1; + return; + } + if (command("RNFR %s", argv[1]) == CONTINUE) + command("RNTO %s", argv[2]); +} + +/* + * Get a directory listing + * of remote files. + */ +void +ls(int argc, char **argv) +{ + char *cmd; + + if (argc < 2) + argc++, argv[1] = NULL; + if (argc < 3) + argc++, argv[2] = "-"; + if (argc > 3) { + printf("usage: %s remote-directory local-file\n", argv[0]); + code = -1; + return; + } + cmd = argv[0][0] == 'n' ? "NLST" : "LIST"; + if (strcmp(argv[2], "-") && !globulize(&argv[2])) { + code = -1; + return; + } + if (strcmp(argv[2], "-") && *argv[2] != '|') + if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) { + code = -1; + return; + } + recvrequest(cmd, argv[2], argv[1], "w", 0); +} + +/* + * Get a directory listing + * of multiple remote files. + */ +void +mls(int argc, char **argv) +{ + sighand oldintr; + int ointer, i; + char *cmd, mode[1], *dest; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "local-file")) { +usage: + printf("usage: %s remote-files local-file\n", argv[0]); + code = -1; + return; + } + dest = argv[argc - 1]; + argv[argc - 1] = NULL; + if (strcmp(dest, "-") && *dest != '|') + if (!globulize(&dest) || + !confirm("output to local-file:", dest)) { + code = -1; + return; + } + cmd = argv[0][1] == 'l' ? "NLST" : "LIST"; + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + for (i = 1; mflag && i < argc-1; ++i) { + *mode = (i == 1) ? 'w' : 'a'; + recvrequest(cmd, dest, argv[i], mode, 0); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", argv[0])) { + mflag ++; + } + interactive = ointer; + } + } + signal(SIGINT, oldintr); + mflag = 0; +} + +/* + * Do a shell escape + */ +/*ARGSUSED*/ +void +shell(int argc, char **argv) +{ + pid_t pid; + RETSIGTYPE (*old1)(), (*old2)(); + char shellnam[40], *shell, *namep; + int status; + + old1 = signal (SIGINT, SIG_IGN); + old2 = signal (SIGQUIT, SIG_IGN); + if ((pid = fork()) == 0) { + for (pid = 3; pid < 20; pid++) + close(pid); + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + shell = getenv("SHELL"); + if (shell == NULL) + shell = _PATH_BSHELL; + namep = strrchr(shell,'/'); + if (namep == NULL) + namep = shell; + strcpy(shellnam,"-"); + strcat(shellnam, ++namep); + if (strcmp(namep, "sh") != 0) + shellnam[0] = '+'; + if (debug) { + printf ("%s\n", shell); + fflush (stdout); + } + if (argc > 1) { + execl(shell,shellnam,"-c",altarg,(char *)0); + } + else { + execl(shell,shellnam,(char *)0); + } + warn("%s", shell); + code = -1; + exit(1); + } + if (pid > 0) + while (waitpid(-1, &status, 0) != pid) + ; + signal(SIGINT, old1); + signal(SIGQUIT, old2); + if (pid == -1) { + warn("%s", "Try again later"); + code = -1; + } + else { + code = 0; + } +} + +/* + * Send new user information (re-login) + */ +void +user(int argc, char **argv) +{ + char acct[80]; + int n, aflag = 0; + char tmp[256]; + + if (argc < 2) + another(&argc, &argv, "username"); + if (argc < 2 || argc > 4) { + printf("usage: %s username [password] [account]\n", argv[0]); + code = -1; + return; + } + n = command("USER %s", argv[1]); + if (n == CONTINUE) { + if (argc < 3 ) { + des_read_pw_string (tmp, + sizeof(tmp), + "Password: ", 0); + argv[2] = tmp; + argc++; + } + n = command("PASS %s", argv[2]); + } + if (n == CONTINUE) { + if (argc < 4) { + printf("Account: "); fflush(stdout); + fgets(acct, sizeof(acct) - 1, stdin); + acct[strlen(acct) - 1] = '\0'; + argv[3] = acct; argc++; + } + n = command("ACCT %s", argv[3]); + aflag++; + } + if (n != COMPLETE) { + fprintf(stdout, "Login failed.\n"); + return; + } + if (!aflag && argc == 4) { + command("ACCT %s", argv[3]); + } +} + +/* + * Print working directory. + */ +/*VARARGS*/ +void +pwd(int argc, char **argv) +{ + int oldverbose = verbose; + + /* + * If we aren't verbose, this doesn't do anything! + */ + verbose = 1; + if (command("PWD") == ERROR && code == 500) { + printf("PWD command not recognized, trying XPWD\n"); + command("XPWD"); + } + verbose = oldverbose; +} + +/* + * Make a directory. + */ +void +makedir(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "directory-name")) { + printf("usage: %s directory-name\n", argv[0]); + code = -1; + return; + } + if (command("MKD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("MKD command not recognized, trying XMKD\n"); + command("XMKD %s", argv[1]); + } +} + +/* + * Remove a directory. + */ +void +removedir(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "directory-name")) { + printf("usage: %s directory-name\n", argv[0]); + code = -1; + return; + } + if (command("RMD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("RMD command not recognized, trying XRMD\n"); + command("XRMD %s", argv[1]); + } +} + +/* + * Send a line, verbatim, to the remote machine. + */ +void +quote(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "command line to send")) { + printf("usage: %s line-to-send\n", argv[0]); + code = -1; + return; + } + quote1("", argc, argv); +} + +/* + * Send a SITE command to the remote machine. The line + * is sent verbatim to the remote machine, except that the + * word "SITE" is added at the front. + */ +void +site(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) { + printf("usage: %s line-to-send\n", argv[0]); + code = -1; + return; + } + quote1("SITE ", argc, argv); +} + +/* + * Turn argv[1..argc) into a space-separated string, then prepend initial text. + * Send the result as a one-line command and get response. + */ +void +quote1(char *initial, int argc, char **argv) +{ + int i, len; + char buf[BUFSIZ]; /* must be >= sizeof(line) */ + + strcpy(buf, initial); + if (argc > 1) { + len = strlen(buf); + len += strlen(strcpy(&buf[len], argv[1])); + for (i = 2; i < argc; i++) { + buf[len++] = ' '; + len += strlen(strcpy(&buf[len], argv[i])); + } + } + if (command(buf) == PRELIM) { + while (getreply(0) == PRELIM) + continue; + } +} + +void +do_chmod(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "mode")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "file-name")) { +usage: + printf("usage: %s mode file-name\n", argv[0]); + code = -1; + return; + } + command("SITE CHMOD %s %s", argv[1], argv[2]); +} + +void +do_umask(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]); + verbose = oldverbose; +} + +void +ftp_idle(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]); + verbose = oldverbose; +} + +/* + * Ask the other side for help. + */ +void +rmthelp(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "HELP" : "HELP %s", argv[1]); + verbose = oldverbose; +} + +/* + * Terminate session and exit. + */ +/*VARARGS*/ +void +quit(int argc, char **argv) +{ + + if (connected) + disconnect(0, 0); + pswitch(1); + if (connected) { + disconnect(0, 0); + } + exit(0); +} + +/* + * Terminate session, but don't exit. + */ +void +disconnect(int argc, char **argv) +{ + + if (!connected) + return; + command("QUIT"); + if (cout) { + fclose(cout); + } + cout = NULL; + connected = 0; + krb4_quit(); + data = -1; + if (!proxy) { + macnum = 0; + } +} + +int +confirm(char *cmd, char *file) +{ + char line[BUFSIZ]; + + if (!interactive) + return (1); + printf("%s %s? ", cmd, file); + fflush(stdout); + if (fgets(line, sizeof line, stdin) == NULL) + return (0); + return (*line != 'n' && *line != 'N'); +} + +void +fatal(char *msg) +{ + + errx(1, "%s", msg); +} + +/* + * Glob a local file name specification with + * the expectation of a single return value. + * Can't control multiple values being expanded + * from the expression, we return only the first. + */ +int +globulize(char **cpp) +{ + glob_t gl; + int flags; + + if (!doglob) + return (1); + + flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + memset(&gl, 0, sizeof(gl)); + if (glob(*cpp, flags, NULL, &gl) || + gl.gl_pathc == 0) { + warnx("%s: not found", *cpp); + globfree(&gl); + return (0); + } + *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */ + globfree(&gl); + return (1); +} + +void +account(int argc, char **argv) +{ + char acct[50]; + + if (argc > 1) { + ++argv; + --argc; + strncpy(acct,*argv,49); + acct[49] = '\0'; + while (argc > 1) { + --argc; + ++argv; + strncat(acct,*argv, 49-strlen(acct)); + } + } + else { + des_read_pw_string(acct, sizeof(acct), "Account:", 0); + } + command("ACCT %s", acct); +} + +jmp_buf abortprox; + +static RETSIGTYPE +proxabort(int sig) +{ + + if (!proxy) { + pswitch(1); + } + if (connected) { + proxflag = 1; + } + else { + proxflag = 0; + } + pswitch(0); + longjmp(abortprox,1); +} + +void +doproxy(int argc, char **argv) +{ + struct cmd *c; + RETSIGTYPE (*oldintr)(); + + if (argc < 2 && !another(&argc, &argv, "command")) { + printf("usage: %s command\n", argv[0]); + code = -1; + return; + } + c = getcmd(argv[1]); + if (c == (struct cmd *) -1) { + printf("?Ambiguous command\n"); + fflush(stdout); + code = -1; + return; + } + if (c == 0) { + printf("?Invalid command\n"); + fflush(stdout); + code = -1; + return; + } + if (!c->c_proxy) { + printf("?Invalid proxy command\n"); + fflush(stdout); + code = -1; + return; + } + if (setjmp(abortprox)) { + code = -1; + return; + } + oldintr = signal(SIGINT, proxabort); + pswitch(1); + if (c->c_conn && !connected) { + printf("Not connected\n"); + fflush(stdout); + pswitch(0); + signal(SIGINT, oldintr); + code = -1; + return; + } + (*c->c_handler)(argc-1, argv+1); + if (connected) { + proxflag = 1; + } + else { + proxflag = 0; + } + pswitch(0); + signal(SIGINT, oldintr); +} + +void +setcase(int argc, char **argv) +{ + + mcase = !mcase; + printf("Case mapping %s.\n", onoff(mcase)); + code = mcase; +} + +void +setcr(int argc, char **argv) +{ + + crflag = !crflag; + printf("Carriage Return stripping %s.\n", onoff(crflag)); + code = crflag; +} + +void +setntrans(int argc, char **argv) +{ + if (argc == 1) { + ntflag = 0; + printf("Ntrans off.\n"); + code = ntflag; + return; + } + ntflag++; + code = ntflag; + strncpy(ntin, argv[1], 16); + ntin[16] = '\0'; + if (argc == 2) { + ntout[0] = '\0'; + return; + } + strncpy(ntout, argv[2], 16); + ntout[16] = '\0'; +} + +char * +dotrans(char *name) +{ + static char new[MaxPathLen]; + char *cp1, *cp2 = new; + int i, ostop, found; + + for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++) + continue; + for (cp1 = name; *cp1; cp1++) { + found = 0; + for (i = 0; *(ntin + i) && i < 16; i++) { + if (*cp1 == *(ntin + i)) { + found++; + if (i < ostop) { + *cp2++ = *(ntout + i); + } + break; + } + } + if (!found) { + *cp2++ = *cp1; + } + } + *cp2 = '\0'; + return (new); +} + +void +setnmap(int argc, char **argv) +{ + char *cp; + + if (argc == 1) { + mapflag = 0; + printf("Nmap off.\n"); + code = mapflag; + return; + } + if (argc < 3 && !another(&argc, &argv, "mapout")) { + printf("Usage: %s [mapin mapout]\n",argv[0]); + code = -1; + return; + } + mapflag = 1; + code = 1; + cp = strchr(altarg, ' '); + if (proxy) { + while(*++cp == ' ') + continue; + altarg = cp; + cp = strchr(altarg, ' '); + } + *cp = '\0'; + strncpy(mapin, altarg, MaxPathLen - 1); + while (*++cp == ' ') + continue; + strncpy(mapout, cp, MaxPathLen - 1); +} + +char * +domap(char *name) +{ + static char new[MaxPathLen]; + char *cp1 = name, *cp2 = mapin; + char *tp[9], *te[9]; + int i, toks[9], toknum = 0, match = 1; + + for (i=0; i < 9; ++i) { + toks[i] = 0; + } + while (match && *cp1 && *cp2) { + switch (*cp2) { + case '\\': + if (*++cp2 != *cp1) { + match = 0; + } + break; + case '$': + if (*(cp2+1) >= '1' && (*cp2+1) <= '9') { + if (*cp1 != *(++cp2+1)) { + toks[toknum = *cp2 - '1']++; + tp[toknum] = cp1; + while (*++cp1 && *(cp2+1) + != *cp1); + te[toknum] = cp1; + } + cp2++; + break; + } + /* FALLTHROUGH */ + default: + if (*cp2 != *cp1) { + match = 0; + } + break; + } + if (match && *cp1) { + cp1++; + } + if (match && *cp2) { + cp2++; + } + } + if (!match && *cp1) /* last token mismatch */ + { + toks[toknum] = 0; + } + cp1 = new; + *cp1 = '\0'; + cp2 = mapout; + while (*cp2) { + match = 0; + switch (*cp2) { + case '\\': + if (*(cp2 + 1)) { + *cp1++ = *++cp2; + } + break; + case '[': +LOOP: + if (*++cp2 == '$' && isdigit(*(cp2+1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + match = 1; + } + else if (toks[toknum = *cp2 - '1']) { + char *cp3 = tp[toknum]; + + while (cp3 != te[toknum]) { + *cp1++ = *cp3++; + } + match = 1; + } + } + else { + while (*cp2 && *cp2 != ',' && + *cp2 != ']') { + if (*cp2 == '\\') { + cp2++; + } + else if (*cp2 == '$' && + isdigit(*(cp2+1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + } + else if (toks[toknum = + *cp2 - '1']) { + char *cp3=tp[toknum]; + + while (cp3 != + te[toknum]) { + *cp1++ = *cp3++; + } + } + } + else if (*cp2) { + *cp1++ = *cp2++; + } + } + if (!*cp2) { + printf("nmap: unbalanced brackets\n"); + return (name); + } + match = 1; + cp2--; + } + if (match) { + while (*++cp2 && *cp2 != ']') { + if (*cp2 == '\\' && *(cp2 + 1)) { + cp2++; + } + } + if (!*cp2) { + printf("nmap: unbalanced brackets\n"); + return (name); + } + break; + } + switch (*++cp2) { + case ',': + goto LOOP; + case ']': + break; + default: + cp2--; + goto LOOP; + } + break; + case '$': + if (isdigit(*(cp2 + 1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + } + else if (toks[toknum = *cp2 - '1']) { + char *cp3 = tp[toknum]; + + while (cp3 != te[toknum]) { + *cp1++ = *cp3++; + } + } + break; + } + /* intentional drop through */ + default: + *cp1++ = *cp2; + break; + } + cp2++; + } + *cp1 = '\0'; + if (!*new) { + return (name); + } + return (new); +} + +void +setpassive(int argc, char **argv) +{ + + passivemode = !passivemode; + printf("Passive mode %s.\n", onoff(passivemode)); + code = passivemode; +} + +void +setsunique(int argc, char **argv) +{ + + sunique = !sunique; + printf("Store unique %s.\n", onoff(sunique)); + code = sunique; +} + +void +setrunique(int argc, char **argv) +{ + + runique = !runique; + printf("Receive unique %s.\n", onoff(runique)); + code = runique; +} + +/* change directory to perent directory */ +void +cdup(int argc, char **argv) +{ + + if (command("CDUP") == ERROR && code == 500) { + if (verbose) + printf("CDUP command not recognized, trying XCUP\n"); + command("XCUP"); + } +} + +/* restart transfer at specific point */ +void +restart(int argc, char **argv) +{ + + if (argc != 2) + printf("restart: offset not specified\n"); + else { + restart_point = atol(argv[1]); + printf("restarting at %ld. %s\n", (long)restart_point, + "execute get, put or append to initiate transfer"); + } +} + +/* show remote system type */ +void +syst(int argc, char **argv) +{ + + command("SYST"); +} + +void +macdef(int argc, char **argv) +{ + char *tmp; + int c; + + if (macnum == 16) { + printf("Limit of 16 macros have already been defined\n"); + code = -1; + return; + } + if (argc < 2 && !another(&argc, &argv, "macro name")) { + printf("Usage: %s macro_name\n",argv[0]); + code = -1; + return; + } + if (interactive) { + printf("Enter macro line by line, terminating it with a null line\n"); + } + strncpy(macros[macnum].mac_name, argv[1], 8); + if (macnum == 0) { + macros[macnum].mac_start = macbuf; + } + else { + macros[macnum].mac_start = macros[macnum - 1].mac_end + 1; + } + tmp = macros[macnum].mac_start; + while (tmp != macbuf+4096) { + if ((c = getchar()) == EOF) { + printf("macdef:end of file encountered\n"); + code = -1; + return; + } + if ((*tmp = c) == '\n') { + if (tmp == macros[macnum].mac_start) { + macros[macnum++].mac_end = tmp; + code = 0; + return; + } + if (*(tmp-1) == '\0') { + macros[macnum++].mac_end = tmp - 1; + code = 0; + return; + } + *tmp = '\0'; + } + tmp++; + } + while (1) { + while ((c = getchar()) != '\n' && c != EOF) + /* LOOP */; + if (c == EOF || getchar() == '\n') { + printf("Macro not defined - 4k buffer exceeded\n"); + code = -1; + return; + } + } +} + +/* + * get size of file on remote machine + */ +void +sizecmd(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "filename")) { + printf("usage: %s filename\n", argv[0]); + code = -1; + return; + } + command("SIZE %s", argv[1]); +} + +/* + * get last modification time of file on remote machine + */ +void +modtime(int argc, char **argv) +{ + int overbose; + + if (argc < 2 && !another(&argc, &argv, "filename")) { + printf("usage: %s filename\n", argv[0]); + code = -1; + return; + } + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("MDTM %s", argv[1]) == COMPLETE) { + int yy, mo, day, hour, min, sec; + sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo, + &day, &hour, &min, &sec); + /* might want to print this in local time */ + printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1], + mo, day, yy, hour, min, sec); + } else + printf("%s\n", reply_string); + verbose = overbose; +} + +/* + * show status on reomte machine + */ +void +rmtstatus(int argc, char **argv) +{ + + command(argc > 1 ? "STAT %s" : "STAT" , argv[1]); +} + +/* + * get file if modtime is more recent than current file + */ +void +newer(int argc, char **argv) +{ + + if (getit(argc, argv, -1, "w")) + printf("Local file \"%s\" is newer than remote file \"%s\"\n", + argv[2], argv[1]); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c new file mode 100644 index 0000000..9567e3c --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c @@ -0,0 +1,193 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" + +/* + * User FTP -- Command Tables. + */ + +char accounthelp[] = "send account command to remote server"; +char appendhelp[] = "append to a file"; +char asciihelp[] = "set ascii transfer type"; +char beephelp[] = "beep when command completed"; +char binaryhelp[] = "set binary transfer type"; +char casehelp[] = "toggle mget upper/lower case id mapping"; +char cdhelp[] = "change remote working directory"; +char cduphelp[] = "change remote working directory to parent directory"; +char chmodhelp[] = "change file permissions of remote file"; +char connecthelp[] = "connect to remote tftp"; +char crhelp[] = "toggle carriage return stripping on ascii gets"; +char deletehelp[] = "delete remote file"; +char debughelp[] = "toggle/set debugging mode"; +char dirhelp[] = "list contents of remote directory"; +char disconhelp[] = "terminate ftp session"; +char domachelp[] = "execute macro"; +char formhelp[] = "set file transfer format"; +char globhelp[] = "toggle metacharacter expansion of local file names"; +char hashhelp[] = "toggle printing `#' for each buffer transferred"; +char helphelp[] = "print local help information"; +char idlehelp[] = "get (set) idle timer on remote side"; +char lcdhelp[] = "change local working directory"; +char lshelp[] = "list contents of remote directory"; +char macdefhelp[] = "define a macro"; +char mdeletehelp[] = "delete multiple files"; +char mdirhelp[] = "list contents of multiple remote directories"; +char mgethelp[] = "get multiple files"; +char mkdirhelp[] = "make directory on the remote machine"; +char mlshelp[] = "list contents of multiple remote directories"; +char modtimehelp[] = "show last modification time of remote file"; +char modehelp[] = "set file transfer mode"; +char mputhelp[] = "send multiple files"; +char newerhelp[] = "get file if remote file is newer than local file "; +char nlisthelp[] = "nlist contents of remote directory"; +char nmaphelp[] = "set templates for default file name mapping"; +char ntranshelp[] = "set translation table for default file name mapping"; +char porthelp[] = "toggle use of PORT cmd for each data connection"; +char prompthelp[] = "force interactive prompting on multiple commands"; +char proxyhelp[] = "issue command on alternate connection"; +char pwdhelp[] = "print working directory on remote machine"; +char quithelp[] = "terminate ftp session and exit"; +char quotehelp[] = "send arbitrary ftp command"; +char receivehelp[] = "receive file"; +char regethelp[] = "get file restarting at end of local file"; +char remotehelp[] = "get help from remote server"; +char renamehelp[] = "rename file"; +char restarthelp[]= "restart file transfer at bytecount"; +char rmdirhelp[] = "remove directory on the remote machine"; +char rmtstatushelp[]="show status of remote machine"; +char runiquehelp[] = "toggle store unique for local files"; +char resethelp[] = "clear queued command replies"; +char sendhelp[] = "send one file"; +char passivehelp[] = "enter passive transfer mode"; +char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information"; +char shellhelp[] = "escape to the shell"; +char sizecmdhelp[] = "show size of remote file"; +char statushelp[] = "show current status"; +char structhelp[] = "set file transfer structure"; +char suniquehelp[] = "toggle store unique on remote machine"; +char systemhelp[] = "show remote system type"; +char tenexhelp[] = "set tenex file transfer type"; +char tracehelp[] = "toggle packet tracing"; +char typehelp[] = "set file transfer type"; +char umaskhelp[] = "get (set) umask on remote side"; +char userhelp[] = "send new user information"; +char verbosehelp[] = "toggle verbose mode"; + +char prothelp[] = "set protection level"; +char kauthhelp[] = "get remote tokens"; +char klisthelp[] = "show remote tickets"; +char aklog[] = "obtain remote AFS tokens"; + +struct cmd cmdtab[] = { + { "!", shellhelp, 0, 0, 0, shell }, + { "$", domachelp, 1, 0, 0, domacro }, + { "account", accounthelp, 0, 1, 1, account}, + { "append", appendhelp, 1, 1, 1, put }, + { "ascii", asciihelp, 0, 1, 1, setascii }, + { "bell", beephelp, 0, 0, 0, setbell }, + { "binary", binaryhelp, 0, 1, 1, setbinary }, + { "bye", quithelp, 0, 0, 0, quit }, + { "case", casehelp, 0, 0, 1, setcase }, + { "cd", cdhelp, 0, 1, 1, cd }, + { "cdup", cduphelp, 0, 1, 1, cdup }, + { "chmod", chmodhelp, 0, 1, 1, do_chmod }, + { "close", disconhelp, 0, 1, 1, disconnect }, + { "cr", crhelp, 0, 0, 0, setcr }, + { "delete", deletehelp, 0, 1, 1, delete }, + { "debug", debughelp, 0, 0, 0, setdebug }, + { "dir", dirhelp, 1, 1, 1, ls }, + { "disconnect", disconhelp, 0, 1, 1, disconnect }, + { "form", formhelp, 0, 1, 1, setform }, + { "get", receivehelp, 1, 1, 1, get }, + { "glob", globhelp, 0, 0, 0, setglob }, + { "hash", hashhelp, 0, 0, 0, sethash }, + { "help", helphelp, 0, 0, 1, help }, + { "idle", idlehelp, 0, 1, 1, ftp_idle }, + { "image", binaryhelp, 0, 1, 1, setbinary }, + { "lcd", lcdhelp, 0, 0, 0, lcd }, + { "ls", lshelp, 1, 1, 1, ls }, + { "macdef", macdefhelp, 0, 0, 0, macdef }, + { "mdelete", mdeletehelp, 1, 1, 1, mdelete }, + { "mdir", mdirhelp, 1, 1, 1, mls }, + { "mget", mgethelp, 1, 1, 1, mget }, + { "mkdir", mkdirhelp, 0, 1, 1, makedir }, + { "mls", mlshelp, 1, 1, 1, mls }, + { "mode", modehelp, 0, 1, 1, setftmode }, + { "modtime", modtimehelp, 0, 1, 1, modtime }, + { "mput", mputhelp, 1, 1, 1, mput }, + { "newer", newerhelp, 1, 1, 1, newer }, + { "nmap", nmaphelp, 0, 0, 1, setnmap }, + { "nlist", nlisthelp, 1, 1, 1, ls }, + { "ntrans", ntranshelp, 0, 0, 1, setntrans }, + { "open", connecthelp, 0, 0, 1, setpeer }, + { "passive", passivehelp, 0, 0, 0, setpassive }, + { "prompt", prompthelp, 0, 0, 0, setprompt }, + { "proxy", proxyhelp, 0, 0, 1, doproxy }, + { "sendport", porthelp, 0, 0, 0, setport }, + { "put", sendhelp, 1, 1, 1, put }, + { "pwd", pwdhelp, 0, 1, 1, pwd }, + { "quit", quithelp, 0, 0, 0, quit }, + { "quote", quotehelp, 1, 1, 1, quote }, + { "recv", receivehelp, 1, 1, 1, get }, + { "reget", regethelp, 1, 1, 1, reget }, + { "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus }, + { "rhelp", remotehelp, 0, 1, 1, rmthelp }, + { "rename", renamehelp, 0, 1, 1, renamefile }, + { "reset", resethelp, 0, 1, 1, reset }, + { "restart", restarthelp, 1, 1, 1, restart }, + { "rmdir", rmdirhelp, 0, 1, 1, removedir }, + { "runique", runiquehelp, 0, 0, 1, setrunique }, + { "send", sendhelp, 1, 1, 1, put }, + { "site", sitehelp, 0, 1, 1, site }, + { "size", sizecmdhelp, 1, 1, 1, sizecmd }, + { "status", statushelp, 0, 0, 1, status }, + { "struct", structhelp, 0, 1, 1, setstruct }, + { "system", systemhelp, 0, 1, 1, syst }, + { "sunique", suniquehelp, 0, 0, 1, setsunique }, + { "tenex", tenexhelp, 0, 1, 1, settenex }, + { "trace", tracehelp, 0, 0, 0, settrace }, + { "type", typehelp, 0, 1, 1, settype }, + { "user", userhelp, 0, 1, 1, user }, + { "umask", umaskhelp, 0, 1, 1, do_umask }, + { "verbose", verbosehelp, 0, 0, 0, setverbose }, + { "?", helphelp, 0, 0, 1, help }, + + { "prot", prothelp, 0, 1, 0, sec_prot }, + { "kauth", kauthhelp, 0, 1, 0, kauth }, + { "klist", klisthelp, 0, 1, 0, klist }, + + { 0 }, +}; + +int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1; diff --git a/crypto/kerberosIV/appl/ftp/ftp/domacro.c b/crypto/kerberosIV/appl/ftp/ftp/domacro.c new file mode 100644 index 0000000..f5a89b9 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/domacro.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 1985, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: domacro.c,v 1.5 1996/11/17 20:23:10 assar Exp $"); + +void +domacro(int argc, char **argv) +{ + int i, j, count = 2, loopflg = 0; + char *cp1, *cp2, line2[200]; + struct cmd *c; + + if (argc < 2 && !another(&argc, &argv, "macro name")) { + printf("Usage: %s macro_name.\n", argv[0]); + code = -1; + return; + } + for (i = 0; i < macnum; ++i) { + if (!strncmp(argv[1], macros[i].mac_name, 9)) { + break; + } + } + if (i == macnum) { + printf("'%s' macro not found.\n", argv[1]); + code = -1; + return; + } + strcpy(line2, line); +TOP: + cp1 = macros[i].mac_start; + while (cp1 != macros[i].mac_end) { + while (isspace(*cp1)) { + cp1++; + } + cp2 = line; + while (*cp1 != '\0') { + switch(*cp1) { + case '\\': + *cp2++ = *++cp1; + break; + case '$': + if (isdigit(*(cp1+1))) { + j = 0; + while (isdigit(*++cp1)) { + j = 10*j + *cp1 - '0'; + } + cp1--; + if (argc - 2 >= j) { + strcpy(cp2, argv[j+1]); + cp2 += strlen(argv[j+1]); + } + break; + } + if (*(cp1+1) == 'i') { + loopflg = 1; + cp1++; + if (count < argc) { + strcpy(cp2, argv[count]); + cp2 += strlen(argv[count]); + } + break; + } + /* intentional drop through */ + default: + *cp2++ = *cp1; + break; + } + if (*cp1 != '\0') { + cp1++; + } + } + *cp2 = '\0'; + makeargv(); + c = getcmd(margv[0]); + if (c == (struct cmd *)-1) { + printf("?Ambiguous command\n"); + code = -1; + } + else if (c == 0) { + printf("?Invalid command\n"); + code = -1; + } + else if (c->c_conn && !connected) { + printf("Not connected.\n"); + code = -1; + } + else { + if (verbose) { + printf("%s\n",line); + } + (*c->c_handler)(margc, margv); + if (bell && c->c_bell) { + putchar('\007'); + } + strcpy(line, line2); + makeargv(); + argc = margc; + argv = margv; + } + if (cp1 != macros[i].mac_end) { + cp1++; + } + } + if (loopflg && ++count < argc) { + goto TOP; + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/extern.h b/crypto/kerberosIV/appl/ftp/ftp/extern.h new file mode 100644 index 0000000..b830999 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/extern.h @@ -0,0 +1,167 @@ +/*- + * Copyright (c) 1994 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)extern.h 8.3 (Berkeley) 10/9/94 + */ + +/* $Id: extern.h,v 1.13 1997/04/20 05:46:48 assar Exp $ */ + +#include +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +void abort_remote (FILE *); +void abortpt (int); +void abortrecv (int); +void account (int, char **); +int another (int *, char ***, char *); +void blkfree (char **); +void cd (int, char **); +void cdup (int, char **); +void changetype (int, int); +void cmdabort (int); +void cmdscanner (int); +int command (char *fmt, ...); +int confirm (char *, char *); +FILE *dataconn (char *); +void delete (int, char **); +void disconnect (int, char **); +void do_chmod (int, char **); +void do_umask (int, char **); +void domacro (int, char **); +char *domap (char *); +void doproxy (int, char **); +char *dotrans (char *); +int empty (fd_set *, int); +void fatal (char *); +void get (int, char **); +struct cmd *getcmd (char *); +int getit (int, char **, int, char *); +int getreply (int); +int globulize (char **); +char *gunique (char *); +void help (int, char **); +char *hookup (char *, int); +void ftp_idle (int, char **); +int initconn (void); +void intr (int); +void lcd (int, char **); +int login (char *); +RETSIGTYPE lostpeer (int); +void ls (int, char **); +void macdef (int, char **); +void makeargv (void); +void makedir (int, char **); +void mdelete (int, char **); +void mget (int, char **); +void mls (int, char **); +void modtime (int, char **); +void mput (int, char **); +char *onoff (int); +void newer (int, char **); +void proxtrans (char *, char *, char *); +void psabort (int); +void pswitch (int); +void ptransfer (char *, long, struct timeval *, struct timeval *); +void put (int, char **); +void pwd (int, char **); +void quit (int, char **); +void quote (int, char **); +void quote1 (char *, int, char **); +void recvrequest (char *, char *, char *, char *, int); +void reget (int, char **); +char *remglob (char **, int); +void removedir (int, char **); +void renamefile (int, char **); +void reset (int, char **); +void restart (int, char **); +void rmthelp (int, char **); +void rmtstatus (int, char **); +int ruserpass (char *, char **, char **, char **); +void sendrequest (char *, char *, char *, int); +void setascii (int, char **); +void setbell (int, char **); +void setbinary (int, char **); +void setcase (int, char **); +void setcr (int, char **); +void setdebug (int, char **); +void setform (int, char **); +void setftmode (int, char **); +void setglob (int, char **); +void sethash (int, char **); +void setnmap (int, char **); +void setntrans (int, char **); +void setpassive (int, char **); +void setpeer (int, char **); +void setport (int, char **); +void setprompt (int, char **); +void setrunique (int, char **); +void setstruct (int, char **); +void setsunique (int, char **); +void settenex (int, char **); +void settrace (int, char **); +void settype (int, char **); +void setverbose (int, char **); +void shell (int, char **); +void site (int, char **); +void sizecmd (int, char **); +char *slurpstring (void); +void status (int, char **); +void syst (int, char **); +void tvsub (struct timeval *, struct timeval *, struct timeval *); +void user (int, char **); + +extern jmp_buf abortprox; +extern int abrtflag; +extern struct cmd cmdtab[]; +extern FILE *cout; +extern int data; +extern char *home; +extern jmp_buf jabort; +extern int proxy; +extern char reply_string[]; +extern off_t restart_point; +extern int NCMDS; + +extern char username[32]; +extern char myhostname[]; +extern char *mydomain; diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c new file mode 100644 index 0000000..cfabda6 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c @@ -0,0 +1,1658 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: ftp.c,v 1.44 1997/05/18 20:00:31 assar Exp $"); + +struct sockaddr_in hisctladdr; +struct sockaddr_in data_addr; +int data = -1; +int abrtflag = 0; +jmp_buf ptabort; +int ptabflg; +int ptflag = 0; +struct sockaddr_in myctladdr; +off_t restart_point = 0; + + +FILE *cin, *cout; + +typedef void (*sighand)(int); + +char * +hookup(char *host, int port) +{ + struct hostent *hp = 0; + int s, len, tos; + static char hostnamebuf[80]; + + memset(&hisctladdr, 0, sizeof (hisctladdr)); + if(inet_aton(host, &hisctladdr.sin_addr)){ + hisctladdr.sin_family = AF_INET; + strncpy(hostnamebuf, host, sizeof(hostnamebuf)); + } else { + hp = gethostbyname(host); + if (hp == NULL) { +#ifdef HAVE_H_ERRNO + warnx("%s: %s", host, hstrerror(h_errno)); +#else + warnx("%s: %s", host, "unknown error"); +#endif + code = -1; + return NULL; + } + hisctladdr.sin_family = hp->h_addrtype; + memmove(&hisctladdr.sin_addr, + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); + strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); + hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; + } + hostname = hostnamebuf; + s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + code = -1; + return (0); + } + hisctladdr.sin_port = port; + while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) { + if (hp && hp->h_addr_list[1]) { + int oerrno = errno; + char *ia; + + ia = inet_ntoa(hisctladdr.sin_addr); + errno = oerrno; + warn("connect to address %s", ia); + hp->h_addr_list++; + memmove(&hisctladdr.sin_addr, + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); + fprintf(stdout, "Trying %s...\n", + inet_ntoa(hisctladdr.sin_addr)); + close(s); + s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + code = -1; + return (0); + } + continue; + } + warn("connect"); + code = -1; + goto bad; + } + len = sizeof (myctladdr); + if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) { + warn("getsockname"); + code = -1; + goto bad; + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_LOWDELAY; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + cin = fdopen(s, "r"); + cout = fdopen(s, "w"); + if (cin == NULL || cout == NULL) { + warnx("fdopen failed."); + if (cin) + fclose(cin); + if (cout) + fclose(cout); + code = -1; + goto bad; + } + if (verbose) + printf("Connected to %s.\n", hostname); + if (getreply(0) > 2) { /* read startup message from server */ + if (cin) + fclose(cin); + if (cout) + fclose(cout); + code = -1; + goto bad; + } +#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) + { + int on = 1; + + if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) + < 0 && debug) { + warn("setsockopt"); + } + } +#endif /* SO_OOBINLINE */ + + return (hostname); +bad: + close(s); + return NULL; +} + +int +login(char *host) +{ + char tmp[80]; + char defaultpass[128]; + char *user, *pass, *acct; + int n, aflag = 0; + + char *myname = NULL; + struct passwd *pw = k_getpwuid(getuid()); + if (pw != NULL) + myname = pw->pw_name; + + user = pass = acct = 0; + + if(do_klogin(host)) + printf("\n*** Using plaintext user and password ***\n\n"); + else{ + printf("Kerberos authentication successful.\n\n"); + } + + if (ruserpass(host, &user, &pass, &acct) < 0) { + code = -1; + return (0); + } + while (user == NULL) { + if (myname) + printf("Name (%s:%s): ", host, myname); + else + printf("Name (%s): ", host); + fgets(tmp, sizeof(tmp) - 1, stdin); + tmp[strlen(tmp) - 1] = '\0'; + if (*tmp == '\0') + user = myname; + else + user = tmp; + } + strcpy(username, user); + n = command("USER %s", user); + if (n == CONTINUE) { + if(auth_complete) + pass = myname; + else if (pass == NULL) { + char prompt[128]; + if(myname && + (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){ + snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain); + snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass); + }else{ + strcpy(defaultpass, ""); + snprintf(prompt, sizeof(prompt), "Password: "); + } + pass = defaultpass; + des_read_pw_string (tmp, sizeof(tmp), prompt, 0); + if(tmp[0]) + pass = tmp; + } + n = command("PASS %s", pass); + } + if (n == CONTINUE) { + aflag++; + acct = tmp; + des_read_pw_string(acct, 128, "Account:", 0); + n = command("ACCT %s", acct); + } + if (n != COMPLETE) { + warnx("Login failed."); + return (0); + } + if (!aflag && acct != NULL) + command("ACCT %s", acct); + if (proxy) + return (1); + for (n = 0; n < macnum; ++n) { + if (!strcmp("init", macros[n].mac_name)) { + strcpy(line, "$init"); + makeargv(); + domacro(margc, margv); + break; + } + } + sec_set_protection_level(); + return (1); +} + +void +cmdabort(int sig) +{ + + printf("\n"); + fflush(stdout); + abrtflag++; + if (ptflag) + longjmp(ptabort,1); +} + +int +command(char *fmt, ...) +{ + va_list ap; + int r; + sighand oldintr; + + abrtflag = 0; + if (cout == NULL) { + warn("No control connection for command"); + code = -1; + return (0); + } + oldintr = signal(SIGINT, cmdabort); + va_start(ap, fmt); + if(debug){ + printf("---> "); + if (strncmp("PASS ", fmt, 5) == 0) + printf("PASS XXXX"); + else + vfprintf(stdout, fmt, ap); + va_start(ap, fmt); + } + if(auth_complete) + krb4_write_enc(cout, fmt, ap); + else + vfprintf(cout, fmt, ap); + va_end(ap); + if(debug){ + printf("\n"); + fflush(stdout); + } + fprintf(cout, "\r\n"); + fflush(cout); + cpend = 1; + r = getreply(!strcmp(fmt, "QUIT")); + if (abrtflag && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + signal(SIGINT, oldintr); + return (r); +} + +char reply_string[BUFSIZ]; /* last line of previous reply */ + +int +getreply(int expecteof) +{ + char *p; + char *lead_string; + int c; + struct sigaction sa, osa; + char buf[1024]; + + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = cmdabort; + sigaction(SIGINT, &sa, &osa); + + p = buf; + + while(1){ + c = getc(cin); + switch(c){ + case EOF: + if (expecteof) { + sigaction(SIGINT,&osa, NULL); + code = 221; + return 0; + } + lostpeer(0); + if (verbose) { + printf("421 Service not available, " + "remote server has closed connection\n"); + fflush(stdout); + } + code = 421; + return (4); + break; + case IAC: + c = getc(cin); + if(c == WILL || c == WONT) + fprintf(cout, "%c%c%c", IAC, DONT, getc(cin)); + if(c == DO || c == DONT) + fprintf(cout, "%c%c%c", IAC, WONT, getc(cin)); + continue; + case '\n': + *p++ = 0; + if(isdigit(buf[0])){ + sscanf(buf, "%d", &code); + if(code == 631){ + krb4_read_mic(buf); + sscanf(buf, "%d", &code); + lead_string = "S:"; + } else if(code == 632){ + krb4_read_enc(buf); + sscanf(buf, "%d", &code); + lead_string = "P:"; + }else if(code == 633){ + printf("Received confidential reply!\n"); + }else if(auth_complete) + lead_string = "!!"; + else + lead_string = ""; + if(verbose > 0 || (verbose > -1 && code > 499)) + fprintf(stdout, "%s%s\n", lead_string, buf); + if(buf[3] == ' '){ + strcpy(reply_string, buf); + if (code >= 200) + cpend = 0; + sigaction(SIGINT, &osa, NULL); + if (code == 421) + lostpeer(0); +#if 1 + if (abrtflag && + osa.sa_handler != cmdabort && + osa.sa_handler != SIG_IGN) + osa.sa_handler(SIGINT); +#endif + if(code == 227){ + char *p, *q; + pasv[0] = 0; + p = strchr(reply_string, '('); + if(p){ + p++; + q = strchr(p, ')'); + if(q){ + strncpy(pasv, p, q - p); + pasv[q - p] = 0; + } + } + } + return code / 100; + } + }else{ + if(verbose > 0 || (verbose > -1 && code > 499)){ + if(auth_complete) + fprintf(stdout, "!!"); + fprintf(stdout, "%s\n", buf); + } + } + p = buf; + continue; + default: + *p++ = c; + } + } + +} + + +#if 0 +int +getreply(int expecteof) +{ + int c, n; + int dig; + int originalcode = 0, continuation = 0; + sighand oldintr; + int pflag = 0; + char *cp, *pt = pasv; + + oldintr = signal(SIGINT, cmdabort); + for (;;) { + dig = n = code = 0; + cp = reply_string; + while ((c = getc(cin)) != '\n') { + if (c == IAC) { /* handle telnet commands */ + switch (c = getc(cin)) { + case WILL: + case WONT: + c = getc(cin); + fprintf(cout, "%c%c%c", IAC, DONT, c); + fflush(cout); + break; + case DO: + case DONT: + c = getc(cin); + fprintf(cout, "%c%c%c", IAC, WONT, c); + fflush(cout); + break; + default: + break; + } + continue; + } + dig++; + if (c == EOF) { + if (expecteof) { + signal(SIGINT,oldintr); + code = 221; + return (0); + } + lostpeer(0); + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + fflush(stdout); + } + code = 421; + return (4); + } + if (c != '\r' && (verbose > 0 || + (verbose > -1 && n == '5' && dig > 4))) { + if (proxflag && + (dig == 1 || dig == 5 && verbose == 0)) + printf("%s:",hostname); + putchar(c); + } + if (dig < 4 && isdigit(c)) + code = code * 10 + (c - '0'); + if (!pflag && code == 227) + pflag = 1; + if (dig > 4 && pflag == 1 && isdigit(c)) + pflag = 2; + if (pflag == 2) { + if (c != '\r' && c != ')') + *pt++ = c; + else { + *pt = '\0'; + pflag = 3; + } + } + if (dig == 4 && c == '-') { + if (continuation) + code = 0; + continuation++; + } + if (n == 0) + n = c; + if (cp < &reply_string[sizeof(reply_string) - 1]) + *cp++ = c; + } + if (verbose > 0 || verbose > -1 && n == '5') { + putchar(c); + fflush (stdout); + } + if (continuation && code != originalcode) { + if (originalcode == 0) + originalcode = code; + continue; + } + *cp = '\0'; + if(auth_complete){ + if(code == 631) + krb4_read_mic(reply_string); + else + krb4_read_enc(reply_string); + n = code / 100 + '0'; + } + + if (n != '1') + cpend = 0; + signal(SIGINT,oldintr); + if (code == 421 || originalcode == 421) + lostpeer(0); + if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + return (n - '0'); + } +} +#endif + +int +empty(fd_set *mask, int sec) +{ + struct timeval t; + + t.tv_sec = (long) sec; + t.tv_usec = 0; + return (select(32, mask, NULL, NULL, &t)); +} + +jmp_buf sendabort; + +static RETSIGTYPE +abortsend(int sig) +{ + + mflag = 0; + abrtflag = 0; + printf("\nsend aborted\nwaiting for remote to finish abort\n"); + fflush(stdout); + longjmp(sendabort, 1); +} + +#define HASHBYTES 1024 + +static int +copy_stream(FILE *from, FILE *to) +{ + static size_t bufsize; + static char *buf; + int n; + int bytes = 0; + int werr; + int hashbytes = HASHBYTES; + struct stat st; + +#ifdef HAVE_MMAP + void *chunk; + +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + + if(fstat(fileno(from), &st) == 0 && S_ISREG(st.st_mode)){ + chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fileno(from), 0); + if (chunk != (void *)MAP_FAILED) { + int res; + + res = sec_write(fileno(to), chunk, st.st_size); + if (munmap(chunk, st.st_size) < 0) + warn ("munmap"); + sec_fflush(to); + return res; + } + } +#endif + + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(from), &st) >= 0 ? &st : NULL); + if (buf == NULL) + return -1; + + while((n = read(fileno(from), buf, bufsize)) > 0){ + werr = sec_write(fileno(to), buf, n); + if(werr < 0) + break; + bytes += werr; + while(hash && bytes > hashbytes){ + putchar('#'); + hashbytes += HASHBYTES; + } + } + sec_fflush(to); + if(n < 0) + warn("local"); + + if(werr < 0){ + if(errno != EPIPE) + warn("netout"); + bytes = -1; + } + return bytes; +} + +void +sendrequest(char *cmd, char *local, char *remote, int printnames) +{ + struct stat st; + struct timeval start, stop; + int c, d; + FILE *fin, *dout = 0; + int (*closefunc) (FILE *); + RETSIGTYPE (*oldintr)(), (*oldintp)(); + long bytes = 0, hashbytes = HASHBYTES; + char *lmode; + + if (verbose && printnames) { + if (local && *local != '-') + printf("local: %s ", local); + if (remote) + printf("remote: %s\n", remote); + } + if (proxy) { + proxtrans(cmd, local, remote); + return; + } + if (curtype != type) + changetype(type, 0); + closefunc = NULL; + oldintr = NULL; + oldintp = NULL; + lmode = "w"; + if (setjmp(sendabort)) { + while (cpend) { + getreply(0); + } + if (data >= 0) { + close(data); + data = -1; + } + if (oldintr) + signal(SIGINT,oldintr); + if (oldintp) + signal(SIGPIPE,oldintp); + code = -1; + return; + } + oldintr = signal(SIGINT, abortsend); + if (strcmp(local, "-") == 0) + fin = stdin; + else if (*local == '|') { + oldintp = signal(SIGPIPE,SIG_IGN); + fin = popen(local + 1, "r"); + if (fin == NULL) { + warn("%s", local + 1); + signal(SIGINT, oldintr); + signal(SIGPIPE, oldintp); + code = -1; + return; + } + closefunc = pclose; + } else { + fin = fopen(local, "r"); + if (fin == NULL) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + closefunc = fclose; + if (fstat(fileno(fin), &st) < 0 || + (st.st_mode&S_IFMT) != S_IFREG) { + fprintf(stdout, "%s: not a plain file.\n", local); + signal(SIGINT, oldintr); + fclose(fin); + code = -1; + return; + } + } + if (initconn()) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + code = -1; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + if (setjmp(sendabort)) + goto abort; + + if (restart_point && + (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) { + int rc; + + switch (curtype) { + case TYPE_A: + rc = fseek(fin, (long) restart_point, SEEK_SET); + break; + case TYPE_I: + case TYPE_L: + rc = lseek(fileno(fin), restart_point, SEEK_SET); + break; + } + if (rc < 0) { + warn("local: %s", local); + restart_point = 0; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + if (command("REST %ld", (long) restart_point) + != CONTINUE) { + restart_point = 0; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + restart_point = 0; + lmode = "r+w"; + } + if (remote) { + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + } else + if (command("%s", cmd) != PRELIM) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + dout = dataconn(lmode); + if (dout == NULL) + goto abort; + set_buffer_size(fileno(dout), 0); + gettimeofday(&start, (struct timezone *)0); + oldintp = signal(SIGPIPE, SIG_IGN); + switch (curtype) { + + case TYPE_I: + case TYPE_L: + errno = d = c = 0; + bytes = copy_stream(fin, dout); + break; + + case TYPE_A: + while ((c = getc(fin)) != EOF) { + if (c == '\n') { + while (hash && (bytes >= hashbytes)) { + putchar('#'); + fflush(stdout); + hashbytes += HASHBYTES; + } + if (ferror(dout)) + break; + sec_putc('\r', dout); + bytes++; + } + sec_putc(c, dout); + bytes++; + } + sec_fflush(dout); + if (hash) { + if (bytes < hashbytes) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (ferror(fin)) + warn("local: %s", local); + if (ferror(dout)) { + if (errno != EPIPE) + warn("netout"); + bytes = -1; + } + break; + } + if (closefunc != NULL) + (*closefunc)(fin); + fclose(dout); + gettimeofday(&stop, (struct timezone *)0); + getreply(0); + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (bytes > 0) + ptransfer("sent", bytes, &start, &stop); + return; +abort: + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (!cpend) { + code = -1; + return; + } + if (data >= 0) { + close(data); + data = -1; + } + if (dout) + fclose(dout); + getreply(0); + code = -1; + if (closefunc != NULL && fin != NULL) + (*closefunc)(fin); + gettimeofday(&stop, (struct timezone *)0); + if (bytes > 0) + ptransfer("sent", bytes, &start, &stop); +} + +jmp_buf recvabort; + +void +abortrecv(int sig) +{ + + mflag = 0; + abrtflag = 0; + printf("\nreceive aborted\nwaiting for remote to finish abort\n"); + fflush(stdout); + longjmp(recvabort, 1); +} + +void +recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames) +{ + FILE *fout, *din = 0; + int (*closefunc) (FILE *); + sighand oldintr, oldintp; + int c, d, is_retr, tcrflag, bare_lfs = 0; + static size_t bufsize; + static char *buf; + long bytes = 0, hashbytes = HASHBYTES; + struct timeval start, stop; + struct stat st; + + is_retr = strcmp(cmd, "RETR") == 0; + if (is_retr && verbose && printnames) { + if (local && *local != '-') + printf("local: %s ", local); + if (remote) + printf("remote: %s\n", remote); + } + if (proxy && is_retr) { + proxtrans(cmd, local, remote); + return; + } + closefunc = NULL; + oldintr = NULL; + oldintp = NULL; + tcrflag = !crflag && is_retr; + if (setjmp(recvabort)) { + while (cpend) { + getreply(0); + } + if (data >= 0) { + close(data); + data = -1; + } + if (oldintr) + signal(SIGINT, oldintr); + code = -1; + return; + } + oldintr = signal(SIGINT, abortrecv); + if (strcmp(local, "-") && *local != '|') { + if (access(local, 2) < 0) { + char *dir = strrchr(local, '/'); + + if (errno != ENOENT && errno != EACCES) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (dir != NULL) + *dir = 0; + d = access(dir ? local : ".", 2); + if (dir != NULL) + *dir = '/'; + if (d < 0) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (!runique && errno == EACCES && + chmod(local, 0600) < 0) { + warn("local: %s", local); + signal(SIGINT, oldintr); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (runique && errno == EACCES && + (local = gunique(local)) == NULL) { + signal(SIGINT, oldintr); + code = -1; + return; + } + } + else if (runique && (local = gunique(local)) == NULL) { + signal(SIGINT, oldintr); + code = -1; + return; + } + } + if (!is_retr) { + if (curtype != TYPE_A) + changetype(TYPE_A, 0); + } else if (curtype != type) + changetype(type, 0); + if (initconn()) { + signal(SIGINT, oldintr); + code = -1; + return; + } + if (setjmp(recvabort)) + goto abort; + if (is_retr && restart_point && + command("REST %ld", (long) restart_point) != CONTINUE) + return; + if (remote) { + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + return; + } + } else { + if (command("%s", cmd) != PRELIM) { + signal(SIGINT, oldintr); + return; + } + } + din = dataconn("r"); + if (din == NULL) + goto abort; + set_buffer_size(fileno(din), 1); + if (strcmp(local, "-") == 0) + fout = stdout; + else if (*local == '|') { + oldintp = signal(SIGPIPE, SIG_IGN); + fout = popen(local + 1, "w"); + if (fout == NULL) { + warn("%s", local+1); + goto abort; + } + closefunc = pclose; + } else { + fout = fopen(local, lmode); + if (fout == NULL) { + warn("local: %s", local); + goto abort; + } + closefunc = fclose; + } + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(fout), &st) >= 0 ? &st : NULL); + if (buf == NULL) + goto abort; + + gettimeofday(&start, (struct timezone *)0); + switch (curtype) { + + case TYPE_I: + case TYPE_L: + if (restart_point && + lseek(fileno(fout), restart_point, SEEK_SET) < 0) { + warn("local: %s", local); + if (closefunc != NULL) + (*closefunc)(fout); + return; + } + errno = d = 0; + while ((c = sec_read(fileno(din), buf, bufsize)) > 0) { + if ((d = write(fileno(fout), buf, c)) != c) + break; + bytes += c; + if (hash) { + while (bytes >= hashbytes) { + putchar('#'); + hashbytes += HASHBYTES; + } + fflush(stdout); + } + } + if (hash && bytes > 0) { + if (bytes < HASHBYTES) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (c < 0) { + if (errno != EPIPE) + warn("netin"); + bytes = -1; + } + if (d < c) { + if (d < 0) + warn("local: %s", local); + else + warnx("%s: short write", local); + } + break; + + case TYPE_A: + if (restart_point) { + int i, n, ch; + + if (fseek(fout, 0L, SEEK_SET) < 0) + goto done; + n = restart_point; + for (i = 0; i++ < n;) { + if ((ch = sec_getc(fout)) == EOF) + goto done; + if (ch == '\n') + i++; + } + if (fseek(fout, 0L, SEEK_CUR) < 0) { + done: + warn("local: %s", local); + if (closefunc != NULL) + (*closefunc)(fout); + return; + } + } + + while ((c = sec_getc(din)) != EOF) { + if (c == '\n') + bare_lfs++; + while (c == '\r') { + while (hash && (bytes >= hashbytes)) { + putchar('#'); + fflush(stdout); + hashbytes += HASHBYTES; + } + bytes++; + if ((c = sec_getc(din)) != '\n' || tcrflag) { + if (ferror(fout)) + goto break2; + putc('\r', fout); + if (c == '\0') { + bytes++; + goto contin2; + } + if (c == EOF) + goto contin2; + } + } + putc(c, fout); + bytes++; + contin2: ; + } + break2: + if (bare_lfs) { + printf("WARNING! %d bare linefeeds received in ASCII mode\n", + bare_lfs); + printf("File may not have transferred correctly.\n"); + } + if (hash) { + if (bytes < hashbytes) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (ferror(din)) { + if (errno != EPIPE) + warn("netin"); + bytes = -1; + } + if (ferror(fout)) + warn("local: %s", local); + break; + } + if (closefunc != NULL) + (*closefunc)(fout); + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + fclose(din); + gettimeofday(&stop, (struct timezone *)0); + getreply(0); + if (bytes > 0 && is_retr) + ptransfer("received", bytes, &start, &stop); + return; +abort: + + /* abort using RFC959 recommended IP,SYNC sequence */ + + if (oldintp) + signal(SIGPIPE, oldintr); + signal(SIGINT, SIG_IGN); + if (!cpend) { + code = -1; + signal(SIGINT, oldintr); + return; + } + + abort_remote(din); + code = -1; + if (data >= 0) { + close(data); + data = -1; + } + if (closefunc != NULL && fout != NULL) + (*closefunc)(fout); + if (din) + fclose(din); + gettimeofday(&stop, (struct timezone *)0); + if (bytes > 0) + ptransfer("received", bytes, &start, &stop); + signal(SIGINT, oldintr); +} + +/* + * Need to start a listen on the data channel before we send the command, + * otherwise the server's connect may fail. + */ +int +initconn(void) +{ + int result, len, tmpno = 0; + int on = 1; + int a0, a1, a2, a3, p0, p1; + + if (passivemode) { + data = socket(AF_INET, SOCK_STREAM, 0); + if (data < 0) { + perror("ftp: socket"); + return(1); + } +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if ((options & SO_DEBUG) && + setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, + sizeof (on)) < 0) + perror("ftp: setsockopt (ignored)"); +#endif + if (command("PASV") != COMPLETE) { + printf("Passive mode refused.\n"); + goto bad; + } + + /* + * What we've got at this point is a string of comma + * separated one-byte unsigned integer values. + * The first four are the an IP address. The fifth is + * the MSB of the port number, the sixth is the LSB. + * From that we'll prepare a sockaddr_in. + */ + + if (sscanf(pasv,"%d,%d,%d,%d,%d,%d", + &a0, &a1, &a2, &a3, &p0, &p1) != 6) { + printf("Passive mode address scan failure. " + "Shouldn't happen!\n"); + goto bad; + } + if(a0 < 0 || a0 > 255 || + a1 < 0 || a1 > 255 || + a2 < 0 || a2 > 255 || + a3 < 0 || a3 > 255 || + p0 < 0 || p0 > 255 || + p1 < 0 || p1 > 255){ + printf("Can't parse passive mode string.\n"); + goto bad; + } + + memset(&data_addr, 0, sizeof(data_addr)); + data_addr.sin_family = AF_INET; + data_addr.sin_addr.s_addr = htonl((a0 << 24) | (a1 << 16) | + (a2 << 8) | a3); + data_addr.sin_port = htons((p0 << 8) | p1); + + if (connect(data, (struct sockaddr *)&data_addr, + sizeof(data_addr)) < 0) { + perror("ftp: connect"); + goto bad; + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, + sizeof(int)) < 0) + perror("ftp: setsockopt TOS (ignored)"); +#endif + return(0); + } + +noport: + data_addr = myctladdr; + if (sendport) + data_addr.sin_port = 0; /* let system pick one */ + if (data != -1) + close(data); + data = socket(AF_INET, SOCK_STREAM, 0); + if (data < 0) { + warn("socket"); + if (tmpno) + sendport = 1; + return (1); + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (!sendport) + if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) { + warn("setsockopt (reuse address)"); + goto bad; + } +#endif + if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) { + warn("bind"); + goto bad; + } +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if (options & SO_DEBUG && + setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0) + warn("setsockopt (ignored)"); +#endif + len = sizeof (data_addr); + if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) { + warn("getsockname"); + goto bad; + } + if (listen(data, 1) < 0) + warn("listen"); + if (sendport) { + unsigned int a = ntohl(data_addr.sin_addr.s_addr); + unsigned int p = ntohs(data_addr.sin_port); + result = command("PORT %d,%d,%d,%d,%d,%d", + (a >> 24) & 0xff, + (a >> 16) & 0xff, + (a >> 8) & 0xff, + a & 0xff, + (p >> 8) & 0xff, + p & 0xff); + if (result == ERROR && sendport == -1) { + sendport = 0; + tmpno = 1; + goto noport; + } + return (result != COMPLETE); + } + if (tmpno) + sendport = 1; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + return (0); +bad: + close(data), data = -1; + if (tmpno) + sendport = 1; + return (1); +} + +FILE * +dataconn(char *lmode) +{ + struct sockaddr_in from; + int s, fromlen = sizeof (from), tos; + + if (passivemode) + return (fdopen(data, lmode)); + + s = accept(data, (struct sockaddr *) &from, &fromlen); + if (s < 0) { + warn("accept"); + close(data), data = -1; + return (NULL); + } + close(data); + data = s; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + return (fdopen(data, lmode)); +} + +void +ptransfer(char *direction, long int bytes, + struct timeval *t0, struct timeval *t1) +{ + struct timeval td; + float s; + float bs; + int prec; + char *unit; + + if (verbose) { + td.tv_sec = t1->tv_sec - t0->tv_sec; + td.tv_usec = t1->tv_usec - t0->tv_usec; + if(td.tv_usec < 0){ + td.tv_sec--; + td.tv_usec += 1000000; + } + s = td.tv_sec + (td.tv_usec / 1000000.); + bs = bytes / (s?s:1); + if(bs >= 1048576){ + bs /= 1048576; + unit = "M"; + prec = 2; + }else if(bs >= 1024){ + bs /= 1024; + unit = "k"; + prec = 1; + }else{ + unit = ""; + prec = 0; + } + + printf("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n", + bytes, direction, s, prec, bs, unit); + } +} + +void +psabort(int sig) +{ + + abrtflag++; +} + +void +pswitch(int flag) +{ + sighand oldintr; + static struct comvars { + int connect; + char name[MaxHostNameLen]; + struct sockaddr_in mctl; + struct sockaddr_in hctl; + FILE *in; + FILE *out; + int tpe; + int curtpe; + int cpnd; + int sunqe; + int runqe; + int mcse; + int ntflg; + char nti[17]; + char nto[17]; + int mapflg; + char mi[MaxPathLen]; + char mo[MaxPathLen]; + } proxstruct, tmpstruct; + struct comvars *ip, *op; + + abrtflag = 0; + oldintr = signal(SIGINT, psabort); + if (flag) { + if (proxy) + return; + ip = &tmpstruct; + op = &proxstruct; + proxy++; + } else { + if (!proxy) + return; + ip = &proxstruct; + op = &tmpstruct; + proxy = 0; + } + ip->connect = connected; + connected = op->connect; + if (hostname) { + strncpy(ip->name, hostname, sizeof(ip->name) - 1); + ip->name[strlen(ip->name)] = '\0'; + } else + ip->name[0] = 0; + hostname = op->name; + ip->hctl = hisctladdr; + hisctladdr = op->hctl; + ip->mctl = myctladdr; + myctladdr = op->mctl; + ip->in = cin; + cin = op->in; + ip->out = cout; + cout = op->out; + ip->tpe = type; + type = op->tpe; + ip->curtpe = curtype; + curtype = op->curtpe; + ip->cpnd = cpend; + cpend = op->cpnd; + ip->sunqe = sunique; + sunique = op->sunqe; + ip->runqe = runique; + runique = op->runqe; + ip->mcse = mcase; + mcase = op->mcse; + ip->ntflg = ntflag; + ntflag = op->ntflg; + strncpy(ip->nti, ntin, 16); + (ip->nti)[strlen(ip->nti)] = '\0'; + strcpy(ntin, op->nti); + strncpy(ip->nto, ntout, 16); + (ip->nto)[strlen(ip->nto)] = '\0'; + strcpy(ntout, op->nto); + ip->mapflg = mapflag; + mapflag = op->mapflg; + strncpy(ip->mi, mapin, MaxPathLen - 1); + (ip->mi)[strlen(ip->mi)] = '\0'; + strcpy(mapin, op->mi); + strncpy(ip->mo, mapout, MaxPathLen - 1); + (ip->mo)[strlen(ip->mo)] = '\0'; + strcpy(mapout, op->mo); + signal(SIGINT, oldintr); + if (abrtflag) { + abrtflag = 0; + (*oldintr)(SIGINT); + } +} + +void +abortpt(int sig) +{ + + printf("\n"); + fflush(stdout); + ptabflg++; + mflag = 0; + abrtflag = 0; + longjmp(ptabort, 1); +} + +void +proxtrans(char *cmd, char *local, char *remote) +{ + sighand oldintr; + int secndflag = 0, prox_type, nfnd; + char *cmd2; + fd_set mask; + + if (strcmp(cmd, "RETR")) + cmd2 = "RETR"; + else + cmd2 = runique ? "STOU" : "STOR"; + if ((prox_type = type) == 0) { + if (unix_server && unix_proxy) + prox_type = TYPE_I; + else + prox_type = TYPE_A; + } + if (curtype != prox_type) + changetype(prox_type, 1); + if (command("PASV") != COMPLETE) { + printf("proxy server does not support third party transfers.\n"); + return; + } + pswitch(0); + if (!connected) { + printf("No primary connection\n"); + pswitch(1); + code = -1; + return; + } + if (curtype != prox_type) + changetype(prox_type, 1); + if (command("PORT %s", pasv) != COMPLETE) { + pswitch(1); + return; + } + if (setjmp(ptabort)) + goto abort; + oldintr = signal(SIGINT, abortpt); + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + pswitch(1); + return; + } + sleep(2); + pswitch(1); + secndflag++; + if (command("%s %s", cmd2, local) != PRELIM) + goto abort; + ptflag++; + getreply(0); + pswitch(0); + getreply(0); + signal(SIGINT, oldintr); + pswitch(1); + ptflag = 0; + printf("local: %s remote: %s\n", local, remote); + return; +abort: + signal(SIGINT, SIG_IGN); + ptflag = 0; + if (strcmp(cmd, "RETR") && !proxy) + pswitch(1); + else if (!strcmp(cmd, "RETR") && proxy) + pswitch(0); + if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */ + if (command("%s %s", cmd2, local) != PRELIM) { + pswitch(0); + if (cpend) + abort_remote((FILE *) NULL); + } + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); + return; + } + if (cpend) + abort_remote((FILE *) NULL); + pswitch(!proxy); + if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */ + if (command("%s %s", cmd2, local) != PRELIM) { + pswitch(0); + if (cpend) + abort_remote((FILE *) NULL); + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); + return; + } + } + if (cpend) + abort_remote((FILE *) NULL); + pswitch(!proxy); + if (cpend) { + FD_ZERO(&mask); + FD_SET(fileno(cin), &mask); + if ((nfnd = empty(&mask, 10)) <= 0) { + if (nfnd < 0) { + warn("abort"); + } + if (ptabflg) + code = -1; + lostpeer(0); + } + getreply(0); + getreply(0); + } + if (proxy) + pswitch(0); + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); +} + +void +reset(int argc, char **argv) +{ + fd_set mask; + int nfnd = 1; + + FD_ZERO(&mask); + while (nfnd > 0) { + FD_SET(fileno(cin), &mask); + if ((nfnd = empty(&mask,0)) < 0) { + warn("reset"); + code = -1; + lostpeer(0); + } + else if (nfnd) { + getreply(0); + } + } +} + +char * +gunique(char *local) +{ + static char new[MaxPathLen]; + char *cp = strrchr(local, '/'); + int d, count=0; + char ext = '1'; + + if (cp) + *cp = '\0'; + d = access(cp ? local : ".", 2); + if (cp) + *cp = '/'; + if (d < 0) { + warn("local: %s", local); + return NULL; + } + strcpy(new, local); + cp = new + strlen(new); + *cp++ = '.'; + while (!d) { + if (++count == 100) { + printf("runique: can't find unique file name.\n"); + return NULL; + } + *cp++ = ext; + *cp = '\0'; + if (ext == '9') + ext = '0'; + else + ext++; + if ((d = access(new, 0)) < 0) + break; + if (ext != '0') + cp--; + else if (*(cp - 2) == '.') + *(cp - 1) = '1'; + else { + *(cp - 2) = *(cp - 2) + 1; + cp--; + } + } + return (new); +} + +void +abort_remote(FILE *din) +{ + char buf[BUFSIZ]; + int nfnd; + fd_set mask; + + /* + * send IAC in urgent mode instead of DM because 4.3BSD places oob mark + * after urgent byte rather than before as is protocol now + */ + snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC); + if (send(fileno(cout), buf, 3, MSG_OOB) != 3) + warn("abort"); + fprintf(cout,"%cABOR\r\n", DM); + fflush(cout); + FD_ZERO(&mask); + FD_SET(fileno(cin), &mask); + if (din) { + FD_SET(fileno(din), &mask); + } + if ((nfnd = empty(&mask, 10)) <= 0) { + if (nfnd < 0) { + warn("abort"); + } + if (ptabflg) + code = -1; + lostpeer(0); + } + if (din && FD_ISSET(fileno(din), &mask)) { + while (read(fileno(din), buf, BUFSIZ) > 0) + /* LOOP */; + } + if (getreply(0) == ERROR && code == 552) { + /* 552 needed for nic style abort */ + getreply(0); + } + getreply(0); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h new file mode 100644 index 0000000..6ead793 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h @@ -0,0 +1,145 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: ftp_locl.h,v 1.29 1997/05/20 18:40:28 bg Exp $ */ + +#ifndef __FTP_LOCL_H__ +#define __FTP_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#ifdef HAVE_PWD_H +#include +#endif +#include +#include +#include +#include +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif + +#ifdef HAVE_ARPA_FTP_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_ARPA_TELNET_H +#include +#endif + +#include +#include +#include +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_SYS_MMAN_H +#include +#endif + +#include + +#ifdef SOCKS +#include +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +#include "ftp_var.h" +#include "extern.h" +#include "common.h" +#include "pathnames.h" + +#include + +#include + +#include "krb4.h" + +#include "roken.h" + +#if defined(__sun__) && !defined(__svr4) +int fclose(FILE*); +int pclose(FILE*); +#endif + +#endif /* __FTP_LOCL_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h new file mode 100644 index 0000000..ffac59a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h @@ -0,0 +1,127 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ftp_var.h 8.4 (Berkeley) 10/9/94 + */ + +/* + * FTP global variables. + */ + +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#include + +/* + * Options and other state info. + */ +extern int trace; /* trace packets exchanged */ +extern int hash; /* print # for each buffer transferred */ +extern int sendport; /* use PORT cmd for each data connection */ +extern int verbose; /* print messages coming back from server */ +extern int connected; /* connected to server */ +extern int fromatty; /* input is from a terminal */ +extern int interactive; /* interactively prompt on m* cmds */ +extern int debug; /* debugging level */ +extern int bell; /* ring bell on cmd completion */ +extern int doglob; /* glob local file names */ +extern int autologin; /* establish user account on connection */ +extern int proxy; /* proxy server connection active */ +extern int proxflag; /* proxy connection exists */ +extern int sunique; /* store files on server with unique name */ +extern int runique; /* store local files with unique name */ +extern int mcase; /* map upper to lower case for mget names */ +extern int ntflag; /* use ntin ntout tables for name translation */ +extern int mapflag; /* use mapin mapout templates on file names */ +extern int code; /* return/reply code for ftp command */ +extern int crflag; /* if 1, strip car. rets. on ascii gets */ +extern char pasv[64]; /* passive port for proxy data connection */ +extern int passivemode; /* passive mode enabled */ +extern char *altarg; /* argv[1] with no shell-like preprocessing */ +extern char ntin[17]; /* input translation table */ +extern char ntout[17]; /* output translation table */ +extern char mapin[MaxPathLen]; /* input map template */ +extern char mapout[MaxPathLen]; /* output map template */ +extern char typename[32]; /* name of file transfer type */ +extern int type; /* requested file transfer type */ +extern int curtype; /* current file transfer type */ +extern char structname[32]; /* name of file transfer structure */ +extern int stru; /* file transfer structure */ +extern char formname[32]; /* name of file transfer format */ +extern int form; /* file transfer format */ +extern char modename[32]; /* name of file transfer mode */ +extern int mode; /* file transfer mode */ +extern char bytename[32]; /* local byte size in ascii */ +extern int bytesize; /* local byte size in binary */ + +extern char *hostname; /* name of host connected to */ +extern int unix_server; /* server is unix, can use binary for ascii */ +extern int unix_proxy; /* proxy is unix, can use binary for ascii */ + +extern jmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +extern char line[200]; /* input line buffer */ +extern char *stringbase; /* current scan point in line buffer */ +extern char argbuf[200]; /* argument storage buffer */ +extern char *argbase; /* current storage point in arg buffer */ +extern int margc; /* count of arguments on input line */ +extern char **margv; /* args parsed from input line */ +extern int margvlen; /* how large margv is currently */ +extern int cpend; /* flag: if != 0, then pending server reply */ +extern int mflag; /* flag: if != 0, then active multi command */ + +extern int options; /* used during socket creation */ + +/* + * Format of command table. + */ +struct cmd { + char *c_name; /* name of command */ + char *c_help; /* help string */ + char c_bell; /* give bell when command completes */ + char c_conn; /* must be connected to use command */ + char c_proxy; /* proxy server may execute */ + void (*c_handler) (int, char **); /* function to call */ +}; + +struct macel { + char mac_name[9]; /* macro name */ + char *mac_start; /* start of macro in macbuf */ + char *mac_end; /* end of macro in macbuf */ +}; + +extern int macnum; /* number of defined macros */ +extern struct macel macros[16]; +extern char macbuf[4096]; + + diff --git a/crypto/kerberosIV/appl/ftp/ftp/globals.c b/crypto/kerberosIV/appl/ftp/ftp/globals.c new file mode 100644 index 0000000..7199e65 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/globals.c @@ -0,0 +1,76 @@ +#include "ftp_locl.h" +RCSID("$Id: globals.c,v 1.6 1996/08/26 22:46:26 assar Exp $"); + +/* + * Options and other state info. + */ +int trace; /* trace packets exchanged */ +int hash; /* print # for each buffer transferred */ +int sendport; /* use PORT cmd for each data connection */ +int verbose; /* print messages coming back from server */ +int connected; /* connected to server */ +int fromatty; /* input is from a terminal */ +int interactive; /* interactively prompt on m* cmds */ +int debug; /* debugging level */ +int bell; /* ring bell on cmd completion */ +int doglob; /* glob local file names */ +int autologin; /* establish user account on connection */ +int proxy; /* proxy server connection active */ +int proxflag; /* proxy connection exists */ +int sunique; /* store files on server with unique name */ +int runique; /* store local files with unique name */ +int mcase; /* map upper to lower case for mget names */ +int ntflag; /* use ntin ntout tables for name translation */ +int mapflag; /* use mapin mapout templates on file names */ +int code; /* return/reply code for ftp command */ +int crflag; /* if 1, strip car. rets. on ascii gets */ +char pasv[64]; /* passive port for proxy data connection */ +int passivemode; /* passive mode enabled */ +char *altarg; /* argv[1] with no shell-like preprocessing */ +char ntin[17]; /* input translation table */ +char ntout[17]; /* output translation table */ +char mapin[MaxPathLen]; /* input map template */ +char mapout[MaxPathLen]; /* output map template */ +char typename[32]; /* name of file transfer type */ +int type; /* requested file transfer type */ +int curtype; /* current file transfer type */ +char structname[32]; /* name of file transfer structure */ +int stru; /* file transfer structure */ +char formname[32]; /* name of file transfer format */ +int form; /* file transfer format */ +char modename[32]; /* name of file transfer mode */ +int mode; /* file transfer mode */ +char bytename[32]; /* local byte size in ascii */ +int bytesize; /* local byte size in binary */ + +char *hostname; /* name of host connected to */ +int unix_server; /* server is unix, can use binary for ascii */ +int unix_proxy; /* proxy is unix, can use binary for ascii */ + +jmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +char line[200]; /* input line buffer */ +char *stringbase; /* current scan point in line buffer */ +char argbuf[200]; /* argument storage buffer */ +char *argbase; /* current storage point in arg buffer */ +int margc; /* count of arguments on input line */ +char **margv; /* args parsed from input line */ +int margvlen; /* how large margv is currently */ +int cpend; /* flag: if != 0, then pending server reply */ +int mflag; /* flag: if != 0, then active multi command */ + +int options; /* used during socket creation */ + +/* + * Format of command table. + */ + +int macnum; /* number of defined macros */ +struct macel macros[16]; +char macbuf[4096]; + +char username[32]; + +/* these are set in ruserpass */ +char myhostname[MaxHostNameLen]; +char *mydomain; diff --git a/crypto/kerberosIV/appl/ftp/ftp/kauth.c b/crypto/kerberosIV/appl/ftp/ftp/kauth.c new file mode 100644 index 0000000..8bc9b9b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/kauth.c @@ -0,0 +1,145 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: kauth.c,v 1.14 1997/05/11 04:08:04 assar Exp $"); + +void kauth(int argc, char **argv) +{ + int ret; + char buf[1024]; + des_cblock key; + des_key_schedule schedule; + KTEXT_ST tkt, tktcopy; + char *name; + char *p; + int overbose; + char passwd[100]; + int tmp; + + if(argc > 2){ + printf("usage: %s [principal]\n", argv[0]); + code = -1; + return; + } + if(argc == 2) + name = argv[1]; + else + name = username; + + overbose = verbose; + verbose = 0; + + ret = command("SITE KAUTH %s", name); + if(ret != CONTINUE){ + verbose = overbose; + code = -1; + return; + } + verbose = overbose; + p = strstr(reply_string, "T="); + if(!p){ + printf("Bad reply from server.\n"); + code = -1; + return; + } + p += 2; + tmp = base64_decode(p, &tkt.dat); + if(tmp < 0){ + printf("Failed to decode base64 in reply.\n"); + code = -1; + return; + } + tkt.length = tmp; + tktcopy.length = tkt.length; + + p = strstr(reply_string, "P="); + if(!p){ + printf("Bad reply from server.\n"); + verbose = overbose; + code = -1; + return; + } + name = p + 2; + for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); + *p = 0; + + snprintf(buf, sizeof(buf), "Password for %s:", name); + if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) + *passwd = '\0'; + des_string_to_key (passwd, &key); + + des_key_sched(&key, schedule); + + des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, + tkt.length, + schedule, &key, DES_DECRYPT); + if (strcmp ((char*)tktcopy.dat + 8, + KRB_TICKET_GRANTING_TICKET) != 0) { + afs_string_to_key (passwd, krb_realmofhost(hostname), &key); + des_key_sched (&key, schedule); + des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, + tkt.length, + schedule, &key, DES_DECRYPT); + } + memset(key, 0, sizeof(key)); + memset(schedule, 0, sizeof(schedule)); + memset(passwd, 0, sizeof(passwd)); + base64_encode(tktcopy.dat, tktcopy.length, &p); + memset (tktcopy.dat, 0, tktcopy.length); + ret = command("SITE KAUTH %s %s", name, p); + free(p); + if(ret != COMPLETE){ + code = -1; + return; + } + code = 0; +} + +void klist(int argc, char **argv) +{ + int ret; + if(argc != 1){ + printf("usage: %s\n", argv[0]); + code = -1; + return; + } + + ret = command("SITE KLIST"); + code = (ret == COMPLETE); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.c b/crypto/kerberosIV/appl/ftp/ftp/krb4.c new file mode 100644 index 0000000..872c5bc --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.c @@ -0,0 +1,567 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" + +RCSID("$Id: krb4.c,v 1.18 1997/05/11 04:08:05 assar Exp $"); + +static KTEXT_ST krb4_adat; + +static des_cblock key; +static des_key_schedule schedule; + +static char *data_buffer; + +extern struct sockaddr_in hisctladdr, myctladdr; + +int auth_complete; + +static int command_prot; + +static int auth_pbsz; +static int data_prot; + +static int request_data_prot; + + +static struct { + int level; + char *name; +} level_names[] = { + { prot_clear, "clear" }, + { prot_safe, "safe" }, + { prot_confidential, "confidential" }, + { prot_private, "private" } +}; + +static char *level_to_name(int level) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(level_names[i].level == level) + return level_names[i].name; + return "unknown"; +} + +static int name_to_level(char *name) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(!strncasecmp(level_names[i].name, name, strlen(name))) + return level_names[i].level; + return -1; +} + +void sec_status(void) +{ + if(auth_complete){ + printf("Using KERBEROS_V4 for authentication.\n"); + + command_prot = prot_private; /* this variable is not used */ + + printf("Using %s command channel.\n", + level_to_name(command_prot)); + + printf("Using %s data channel.\n", + level_to_name(data_prot)); + if(auth_pbsz > 0) + printf("Protection buffer size: %d.\n", auth_pbsz); + }else{ + printf("Not using any security mechanism.\n"); + } +} + +static int +sec_prot_internal(int level) +{ + int ret; + char *p; + int s = 1048576; + + int old_verbose = verbose; + verbose = 0; + + if(!auth_complete){ + printf("No security data exchange has taken place.\n"); + return -1; + } + + if(level){ + ret = command("PBSZ %d", s); + if(ret != COMPLETE){ + printf("Failed to set protection buffer size.\n"); + return -1; + } + auth_pbsz = s; + p = strstr(reply_string, "PBSZ="); + if(p) + sscanf(p, "PBSZ=%d", &s); + if(s < auth_pbsz) + auth_pbsz = s; + if(data_buffer) + free(data_buffer); + data_buffer = malloc(auth_pbsz); + } + verbose = old_verbose; + ret = command("PROT %c", level["CSEP"]); /* XXX :-) */ + if(ret != COMPLETE){ + printf("Failed to set protection level.\n"); + return -1; + } + + data_prot = level; + return 0; +} + + +void +sec_prot(int argc, char **argv) +{ + int level = -1; + + if(argc != 2){ + printf("usage: %s (clear | safe | confidential | private)\n", + argv[0]); + code = -1; + return; + } + if(!auth_complete){ + printf("No security data exchange has taken place.\n"); + code = -1; + return; + } + level = name_to_level(argv[1]); + + if(level == -1){ + printf("usage: %s (clear | safe | confidential | private)\n", + argv[0]); + code = -1; + return; + } + + if(level == prot_confidential){ + printf("Confidential protection is not defined with Kerberos.\n"); + code = -1; + return; + } + + if(sec_prot_internal(level) < 0){ + code = -1; + return; + } + code = 0; +} + +void +sec_set_protection_level(void) +{ + if(auth_complete && data_prot != request_data_prot) + sec_prot_internal(request_data_prot); +} + + +int +sec_request_prot(char *level) +{ + int l = name_to_level(level); + if(l == -1) + return -1; + request_data_prot = l; + return 0; +} + + +int sec_getc(FILE *F) +{ + if(auth_complete && data_prot) + return krb4_getc(F); + else + return getc(F); +} + +int sec_read(int fd, void *data, int length) +{ + if(auth_complete && data_prot) + return krb4_read(fd, data, length); + else + return read(fd, data, length); +} + +static int +krb4_recv(int fd) +{ + int len; + MSG_DAT m; + int kerror; + + krb_net_read(fd, &len, sizeof(len)); + len = ntohl(len); + krb_net_read(fd, data_buffer, len); + if(data_prot == prot_safe) + kerror = krb_rd_safe(data_buffer, len, &key, + &hisctladdr, &myctladdr, &m); + else + kerror = krb_rd_priv(data_buffer, len, schedule, &key, + &hisctladdr, &myctladdr, &m); + if(kerror){ + return -1; + } + memmove(data_buffer, m.app_data, m.app_length); + return m.app_length; +} + + +int krb4_getc(FILE *F) +{ + static int bytes; + static int index; + if(bytes == 0){ + bytes = krb4_recv(fileno(F)); + index = 0; + } + if(bytes){ + bytes--; + return (unsigned char)data_buffer[index++]; + } + return EOF; +} + +int krb4_read(int fd, char *data, int length) +{ + static int left; + static int index; + static int eof; + int len = left; + int rx = 0; + + if(eof){ + eof = 0; + return 0; + } + + if(left){ + if(length < len) + len = length; + memmove(data, data_buffer + index, len); + length -= len; + index += len; + rx += len; + left -= len; + } + + while(length){ + len = krb4_recv(fd); + if(len == 0){ + if(rx) + eof = 1; + return rx; + } + if(len > length){ + left = len - length; + len = index = length; + } + memmove(data, data_buffer, len); + length -= len; + data += len; + rx += len; + } + return rx; +} + + +static int +krb4_encode(char *from, char *to, int length) +{ + if(data_prot == prot_safe) + return krb_mk_safe(from, to, length, &key, + &myctladdr, &hisctladdr); + else + return krb_mk_priv(from, to, length, schedule, &key, + &myctladdr, &hisctladdr); +} + +static int +krb4_overhead(int len) +{ + if(data_prot == prot_safe) + return 31; + else + return 26; +} + +static char p_buf[1024]; +static int p_index; + +int +sec_putc(int c, FILE *F) +{ + if(data_prot){ + if((c == '\n' && p_index) || p_index == sizeof(p_buf)){ + sec_write(fileno(F), p_buf, p_index); + p_index = 0; + } + p_buf[p_index++] = c; + return c; + } + return putc(c, F); +} + +static int +sec_send(int fd, char *from, int length) +{ + int bytes; + bytes = krb4_encode(from, data_buffer, length); + bytes = htonl(bytes); + krb_net_write(fd, &bytes, sizeof(bytes)); + krb_net_write(fd, data_buffer, ntohl(bytes)); + return length; +} + +int +sec_fflush(FILE *F) +{ + if(data_prot){ + if(p_index){ + sec_write(fileno(F), p_buf, p_index); + p_index = 0; + } + sec_send(fileno(F), NULL, 0); + } + fflush(F); + return 0; +} + +int +sec_write(int fd, char *data, int length) +{ + int len = auth_pbsz; + int tx = 0; + + if(data_prot == prot_clear) + return write(fd, data, length); + + len -= krb4_overhead(len); + while(length){ + if(length < len) + len = length; + sec_send(fd, data, len); + length -= len; + data += len; + tx += len; + } + return tx; +} + +static int +do_auth(char *service, char *host, int checksum) +{ + int ret; + CREDENTIALS cred; + char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; + strcpy(sname, service); + strcpy(inst, krb_get_phost(host)); + strcpy(realm, krb_realmofhost(host)); + ret = krb_mk_req(&krb4_adat, sname, inst, realm, checksum); + if(ret) + return ret; + strcpy(sname, service); + strcpy(inst, krb_get_phost(host)); + strcpy(realm, krb_realmofhost(host)); + ret = krb_get_cred(sname, inst, realm, &cred); + memmove(&key, &cred.session, sizeof(des_cblock)); + des_key_sched(&key, schedule); + memset(&cred, 0, sizeof(cred)); + return ret; +} + + +int +do_klogin(char *host) +{ + int ret; + char *p; + int len; + char adat[1024]; + MSG_DAT msg_data; + int checksum; + + int old_verbose = verbose; + + verbose = 0; + printf("Trying KERBEROS_V4...\n"); + ret = command("AUTH KERBEROS_V4"); + if(ret != CONTINUE){ + if(code == 504){ + printf("Kerberos 4 is not supported by the server.\n"); + }else if(code == 534){ + printf("KERBEROS_V4 rejected as security mechanism.\n"); + }else if(ret == ERROR) + printf("The server doesn't understand the FTP " + "security extensions.\n"); + verbose = old_verbose; + return -1; + } + + checksum = getpid(); + ret = do_auth("ftp", host, checksum); + if(ret == KDC_PR_UNKNOWN) + ret = do_auth("rcmd", host, checksum); + if(ret){ + printf("%s\n", krb_get_err_text(ret)); + verbose = old_verbose; + return ret; + } + + base64_encode(krb4_adat.dat, krb4_adat.length, &p); + ret = command("ADAT %s", p); + free(p); + + if(ret != COMPLETE){ + printf("Server didn't accept auth data.\n"); + verbose = old_verbose; + return -1; + } + + p = strstr(reply_string, "ADAT="); + if(!p){ + printf("Remote host didn't send adat reply.\n"); + verbose = old_verbose; + return -1; + } + p+=5; + len = base64_decode(p, adat); + if(len < 0){ + printf("Failed to decode base64 from server.\n"); + verbose = old_verbose; + return -1; + } + ret = krb_rd_safe(adat, len, &key, + &hisctladdr, &myctladdr, &msg_data); + if(ret){ + printf("Error reading reply from server: %s.\n", + krb_get_err_text(ret)); + verbose = old_verbose; + return -1; + } + { + /* the draft doesn't tell what size the return has */ + int i; + u_int32_t cs = 0; + for(i = 0; i < msg_data.app_length; i++) + cs = (cs<<8) + msg_data.app_data[i]; + if(cs - checksum != 1){ + printf("Bad checksum returned from server.\n"); + verbose = old_verbose; + return -1; + } + } + auth_complete = 1; + verbose = old_verbose; + return 0; +} + +void +krb4_quit(void) +{ + auth_complete = 0; +} + +int krb4_write_enc(FILE *F, char *fmt, va_list ap) +{ + int len; + char *p; + char buf[1024]; + char enc[1024]; + + vsnprintf(buf, sizeof(buf), fmt, ap); + len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key, + &myctladdr, &hisctladdr); + base64_encode(enc, len, &p); + + fprintf(F, "ENC %s", p); + free (p); + return 0; +} + + +int krb4_read_msg(char *s, int priv) +{ + int len; + int ret; + char buf[1024]; + MSG_DAT m; + int code; + + len = base64_decode(s + 4, buf); + if(priv) + ret = krb_rd_priv(buf, len, schedule, &key, + &hisctladdr, &myctladdr, &m); + else + ret = krb_rd_safe(buf, len, &key, &hisctladdr, &myctladdr, &m); + if(ret){ + printf("%s\n", krb_get_err_text(ret)); + return -1; + } + + m.app_data[m.app_length] = 0; + if(m.app_data[3] == '-') + code = 0; + else + sscanf((char*)m.app_data, "%d", &code); + strncpy(s, (char*)m.app_data, strlen((char*)m.app_data)); + + s[m.app_length] = 0; + len = strlen(s); + if(s[len-1] == '\n') + s[len-1] = 0; + + return code; +} + +int +krb4_read_mic(char *s) +{ + return krb4_read_msg(s, 0); +} + +int +krb4_read_enc(char *s) +{ + return krb4_read_msg(s, 1); +} + diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.h b/crypto/kerberosIV/appl/ftp/ftp/krb4.h new file mode 100644 index 0000000..7cf8cec --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb4.h,v 1.10 1997/04/01 08:17:22 joda Exp $ */ + +#ifndef __KRB4_H__ +#define __KRB4_H__ + +#include +#include + +extern int auth_complete; + +void sec_status(void); + +enum { prot_clear, prot_safe, prot_confidential, prot_private }; + +void sec_prot(int, char**); + +int sec_getc(FILE *F); +int sec_putc(int c, FILE *F); +int sec_fflush(FILE *F); +int sec_read(int fd, void *data, int length); +int sec_write(int fd, char *data, int length); + +int krb4_getc(FILE *F); +int krb4_read(int fd, char *data, int length); + + + +void sec_set_protection_level(void); +int sec_request_prot(char *level); + +void kauth(int, char **); +void klist(int, char **); + +void krb4_quit(void); + +int krb4_write_enc(FILE *F, char *fmt, va_list ap); +int krb4_read_msg(char *s, int priv); +int krb4_read_mic(char *s); +int krb4_read_enc(char *s); + +int do_klogin(char *host); + +#endif /* __KRB4_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c new file mode 100644 index 0000000..4d1b6a5 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/main.c @@ -0,0 +1,542 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * FTP User Program -- Command Interface. + */ + +#include "ftp_locl.h" +RCSID("$Id: main.c,v 1.20 1997/04/20 16:14:55 joda Exp $"); + +int +main(int argc, char **argv) +{ + int ch, top; + struct passwd *pw = NULL; + char homedir[MaxPathLen]; + struct servent *sp; + + set_progname(argv[0]); + + sp = getservbyname("ftp", "tcp"); + if (sp == 0) + errx(1, "ftp/tcp: unknown service"); + doglob = 1; + interactive = 1; + autologin = 1; + + while ((ch = getopt(argc, argv, "dgintv")) != EOF) { + switch (ch) { + case 'd': + options |= SO_DEBUG; + debug++; + break; + + case 'g': + doglob = 0; + break; + + case 'i': + interactive = 0; + break; + + case 'n': + autologin = 0; + break; + + case 't': + trace++; + break; + + case 'v': + verbose++; + break; + + default: + fprintf(stderr, + "usage: ftp [-dgintv] [host [port]]\n"); + exit(1); + } + } + argc -= optind; + argv += optind; + + fromatty = isatty(fileno(stdin)); + if (fromatty) + verbose++; + cpend = 0; /* no pending replies */ + proxy = 0; /* proxy not active */ + passivemode = 0; /* passive mode not active */ + crflag = 1; /* strip c.r. on ascii gets */ + sendport = -1; /* not using ports */ + /* + * Set up the home directory in case we're globbing. + */ + pw = k_getpwuid(getuid()); + if (pw != NULL) { + home = homedir; + strcpy(home, pw->pw_dir); + } + if (argc > 0) { + char *xargv[5]; + + if (setjmp(toplevel)) + exit(0); + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); + xargv[0] = (char*)__progname; + xargv[1] = argv[0]; + xargv[2] = argv[1]; + xargv[3] = argv[2]; + xargv[4] = NULL; + setpeer(argc+1, xargv); + } + if(setjmp(toplevel) == 0) + top = 1; + else + top = 0; + if (top) { + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); + } + for (;;) { + cmdscanner(top); + top = 1; + } +} + +void +intr(int sig) +{ + + longjmp(toplevel, 1); +} + +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + +RETSIGTYPE +lostpeer(int sig) +{ + + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), SHUT_RDWR); + fclose(cout); + cout = NULL; + } + if (data >= 0) { + shutdown(data, SHUT_RDWR); + close(data); + data = -1; + } + connected = 0; + } + pswitch(1); + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), SHUT_RDWR); + fclose(cout); + cout = NULL; + } + connected = 0; + } + proxflag = 0; + pswitch(0); + SIGRETURN(0); +} + +/* +char * +tail(filename) + char *filename; +{ + char *s; + + while (*filename) { + s = strrchr(filename, '/'); + if (s == NULL) + break; + if (s[1]) + return (s + 1); + *s = '\0'; + } + return (filename); +} +*/ + +#ifndef HAVE_READLINE + +static char * +readline(char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + return strdup(buf); +} + +static void +add_history(char *p) +{ +} + +#else + +/* These should not really be here */ + +char *readline(char *); +void add_history(char *); + +#endif + +/* + * Command parser. + */ +void +cmdscanner(int top) +{ + struct cmd *c; + int l; + + if (!top) + putchar('\n'); + for (;;) { + if (fromatty) { + char *p; + p = readline("ftp> "); + if(p == NULL) + quit(0, 0); + strncpy(line, p, sizeof(line)); + line[sizeof(line) - 1] = 0; + add_history(p); + free(p); + } else{ + if (fgets(line, sizeof line, stdin) == NULL) + quit(0, 0); + } + /* XXX will break on long lines */ + l = strlen(line); + if (l == 0) + break; + if (line[--l] == '\n') { + if (l == 0) + break; + line[l] = '\0'; + } else if (l == sizeof(line) - 2) { + printf("sorry, input line too long\n"); + while ((l = getchar()) != '\n' && l != EOF) + /* void */; + break; + } /* else it was a line without a newline */ + makeargv(); + if (margc == 0) { + continue; + } + c = getcmd(margv[0]); + if (c == (struct cmd *)-1) { + printf("?Ambiguous command\n"); + continue; + } + if (c == 0) { + printf("?Invalid command\n"); + continue; + } + if (c->c_conn && !connected) { + printf("Not connected.\n"); + continue; + } + (*c->c_handler)(margc, margv); + if (bell && c->c_bell) + putchar('\007'); + if (c->c_handler != help) + break; + } + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); +} + +struct cmd * +getcmd(char *name) +{ + char *p, *q; + struct cmd *c, *found; + int nmatches, longest; + + longest = 0; + nmatches = 0; + found = 0; + for (c = cmdtab; (p = c->c_name); c++) { + for (q = name; *q == *p++; q++) + if (*q == 0) /* exact match? */ + return (c); + if (!*q) { /* the name was a prefix */ + if (q - name > longest) { + longest = q - name; + nmatches = 1; + found = c; + } else if (q - name == longest) + nmatches++; + } + } + if (nmatches > 1) + return ((struct cmd *)-1); + return (found); +} + +/* + * Slice a string up into argc/argv. + */ + +int slrflag; + +void +makeargv(void) +{ + char **argp; + + argp = margv; + stringbase = line; /* scan from first of buffer */ + argbase = argbuf; /* store from first of buffer */ + slrflag = 0; + for (margc = 0; ; margc++) { + /* Expand array if necessary */ + if (margc == margvlen) { + margv = (margvlen == 0) + ? (char **)malloc(20 * sizeof(char *)) + : (char **)realloc(margv, + (margvlen + 20)*sizeof(char *)); + if (margv == NULL) + errx(1, "cannot realloc argv array"); + margvlen += 20; + argp = margv + margc; + } + + if ((*argp++ = slurpstring()) == NULL) + break; + } + +} + +/* + * Parse string into argbuf; + * implemented with FSM to + * handle quoting and strings + */ +char * +slurpstring(void) +{ + int got_one = 0; + char *sb = stringbase; + char *ap = argbase; + char *tmp = argbase; /* will return this if token found */ + + if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */ + switch (slrflag) { /* and $ as token for macro invoke */ + case 0: + slrflag++; + stringbase++; + return ((*sb == '!') ? "!" : "$"); + /* NOTREACHED */ + case 1: + slrflag++; + altarg = stringbase; + break; + default: + break; + } + } + +S0: + switch (*sb) { + + case '\0': + goto OUT; + + case ' ': + case '\t': + sb++; goto S0; + + default: + switch (slrflag) { + case 0: + slrflag++; + break; + case 1: + slrflag++; + altarg = sb; + break; + default: + break; + } + goto S1; + } + +S1: + switch (*sb) { + + case ' ': + case '\t': + case '\0': + goto OUT; /* end of token */ + + case '\\': + sb++; goto S2; /* slurp next character */ + + case '"': + sb++; goto S3; /* slurp quoted string */ + + default: + *ap++ = *sb++; /* add character to token */ + got_one = 1; + goto S1; + } + +S2: + switch (*sb) { + + case '\0': + goto OUT; + + default: + *ap++ = *sb++; + got_one = 1; + goto S1; + } + +S3: + switch (*sb) { + + case '\0': + goto OUT; + + case '"': + sb++; goto S1; + + default: + *ap++ = *sb++; + got_one = 1; + goto S3; + } + +OUT: + if (got_one) + *ap++ = '\0'; + argbase = ap; /* update storage pointer */ + stringbase = sb; /* update scan pointer */ + if (got_one) { + return (tmp); + } + switch (slrflag) { + case 0: + slrflag++; + break; + case 1: + slrflag++; + altarg = (char *) 0; + break; + default: + break; + } + return NULL; +} + +#define HELPINDENT ((int) sizeof ("directory")) + +/* + * Help command. + * Call each command handler with argc == 0 and argv[0] == name. + */ +void +help(int argc, char **argv) +{ + struct cmd *c; + + if (argc == 1) { + int i, j, w, k; + int columns, width = 0, lines; + + printf("Commands may be abbreviated. Commands are:\n\n"); + for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { + int len = strlen(c->c_name); + + if (len > width) + width = len; + } + width = (width + 8) &~ 7; + columns = 80 / width; + if (columns == 0) + columns = 1; + lines = (NCMDS + columns - 1) / columns; + for (i = 0; i < lines; i++) { + for (j = 0; j < columns; j++) { + c = cmdtab + j * lines + i; + if (c->c_name && (!proxy || c->c_proxy)) { + printf("%s", c->c_name); + } + else if (c->c_name) { + for (k=0; k < strlen(c->c_name); k++) { + putchar(' '); + } + } + if (c + lines >= &cmdtab[NCMDS]) { + printf("\n"); + break; + } + w = strlen(c->c_name); + while (w < width) { + w = (w + 8) &~ 7; + putchar('\t'); + } + } + } + return; + } + while (--argc > 0) { + char *arg; + arg = *++argv; + c = getcmd(arg); + if (c == (struct cmd *)-1) + printf("?Ambiguous help command %s\n", arg); + else if (c == (struct cmd *)0) + printf("?Invalid help command %s\n", arg); + else + printf("%-*s\t%s\n", HELPINDENT, + c->c_name, c->c_help); + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/pathnames.h b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h new file mode 100644 index 0000000..f7c1fb3 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/6/93 + */ + +#ifdef HAVE_PATHS_H +#include +#endif + +#define _PATH_TMP_XXX "/tmp/ftpXXXXXX" + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif diff --git a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c new file mode 100644 index 0000000..8cea6d4 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 1985, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: ruserpass.c,v 1.10 1997/05/02 14:27:55 assar Exp $"); + +static int token (void); +static FILE *cfile; + +#define DEFAULT 1 +#define LOGIN 2 +#define PASSWD 3 +#define ACCOUNT 4 +#define MACDEF 5 +#define PROT 6 +#define ID 10 +#define MACH 11 + +static char tokval[100]; + +static struct toktab { + char *tokstr; + int tval; +} toktab[]= { + { "default", DEFAULT }, + { "login", LOGIN }, + { "password", PASSWD }, + { "passwd", PASSWD }, + { "account", ACCOUNT }, + { "machine", MACH }, + { "macdef", MACDEF }, + { "prot", PROT }, + { NULL, 0 } +}; + +int +ruserpass(char *host, char **aname, char **apass, char **aacct) +{ + char *hdir, buf[BUFSIZ], *tmp; + int t, i, c, usedefault = 0; + struct stat stb; + + if(k_gethostname(myhostname, MaxHostNameLen) < 0) + strcpy(myhostname, ""); + if((mydomain = strchr(myhostname, '.')) == NULL) + mydomain = myhostname; + else + mydomain++; + hdir = getenv("HOME"); + if (hdir == NULL) + hdir = "."; + snprintf(buf, sizeof(buf), "%s/.netrc", hdir); + cfile = fopen(buf, "r"); + if (cfile == NULL) { + if (errno != ENOENT) + warn("%s", buf); + return (0); + } + +next: + while ((t = token())) switch(t) { + + case DEFAULT: + usedefault = 1; + /* FALL THROUGH */ + + case MACH: + if (!usedefault) { + if (token() != ID) + continue; + /* + * Allow match either for user's input host name + * or official hostname. Also allow match of + * incompletely-specified host in local domain. + */ + if (strcasecmp(host, tokval) == 0) + goto match; + if (strcasecmp(hostname, tokval) == 0) + goto match; + if ((tmp = strchr(hostname, '.')) != NULL && + tmp++ && + strcasecmp(tmp, mydomain) == 0 && + strncasecmp(hostname, tokval, tmp-hostname) == 0 && + tokval[tmp - hostname] == '\0') + goto match; + if ((tmp = strchr(host, '.')) != NULL && + tmp++ && + strcasecmp(tmp, mydomain) == 0 && + strncasecmp(host, tokval, tmp - host) == 0 && + tokval[tmp - host] == '\0') + goto match; + continue; + } + match: + while ((t = token()) && t != MACH && t != DEFAULT) switch(t) { + + case LOGIN: + if (token()) + if (*aname == 0) { + *aname = strdup(tokval); + } else { + if (strcmp(*aname, tokval)) + goto next; + } + break; + case PASSWD: + if ((*aname == NULL || strcmp(*aname, "anonymous")) && + fstat(fileno(cfile), &stb) >= 0 && + (stb.st_mode & 077) != 0) { + warnx("Error: .netrc file is readable by others."); + warnx("Remove password or make file unreadable by others."); + goto bad; + } + if (token() && *apass == 0) { + *apass = strdup(tokval); + } + break; + case ACCOUNT: + if (fstat(fileno(cfile), &stb) >= 0 + && (stb.st_mode & 077) != 0) { + warnx("Error: .netrc file is readable by others."); + warnx("Remove account or make file unreadable by others."); + goto bad; + } + if (token() && *aacct == 0) { + *aacct = strdup(tokval); + } + break; + case MACDEF: + if (proxy) { + fclose(cfile); + return (0); + } + while ((c=getc(cfile)) != EOF && c == ' ' || c == '\t'); + if (c == EOF || c == '\n') { + printf("Missing macdef name argument.\n"); + goto bad; + } + if (macnum == 16) { + printf("Limit of 16 macros have already been defined\n"); + goto bad; + } + tmp = macros[macnum].mac_name; + *tmp++ = c; + for (i=0; i < 8 && (c=getc(cfile)) != EOF && + !isspace(c); ++i) { + *tmp++ = c; + } + if (c == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + *tmp = '\0'; + if (c != '\n') { + while ((c=getc(cfile)) != EOF && c != '\n'); + } + if (c == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + if (macnum == 0) { + macros[macnum].mac_start = macbuf; + } + else { + macros[macnum].mac_start = macros[macnum-1].mac_end + 1; + } + tmp = macros[macnum].mac_start; + while (tmp != macbuf + 4096) { + if ((c=getc(cfile)) == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + *tmp = c; + if (*tmp == '\n') { + if (*(tmp-1) == '\0') { + macros[macnum++].mac_end = tmp - 1; + break; + } + *tmp = '\0'; + } + tmp++; + } + if (tmp == macbuf + 4096) { + printf("4K macro buffer exceeded\n"); + goto bad; + } + break; + case PROT: + token(); + if(sec_request_prot(tokval) < 0) + warnx("Unknown protection level \"%s\"", tokval); + break; + default: + warnx("Unknown .netrc keyword %s", tokval); + break; + } + goto done; + } +done: + fclose(cfile); + return (0); +bad: + fclose(cfile); + return (-1); +} + +static int +token(void) +{ + char *cp; + int c; + struct toktab *t; + + if (feof(cfile) || ferror(cfile)) + return (0); + while ((c = getc(cfile)) != EOF && + (c == '\n' || c == '\t' || c == ' ' || c == ',')) + continue; + if (c == EOF) + return (0); + cp = tokval; + if (c == '"') { + while ((c = getc(cfile)) != EOF && c != '"') { + if (c == '\\') + c = getc(cfile); + *cp++ = c; + } + } else { + *cp++ = c; + while ((c = getc(cfile)) != EOF + && c != '\n' && c != '\t' && c != ' ' && c != ',') { + if (c == '\\') + c = getc(cfile); + *cp++ = c; + } + } + *cp = 0; + if (tokval[0] == 0) + return (0); + for (t = toktab; t->tokstr; t++) + if (!strcmp(t->tokstr, tokval)) + return (t->tval); + return (ID); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in new file mode 100644 index 0000000..55981de --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.31 1997/05/02 17:49:27 assar Exp $ +# + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../../.. + +SHELL = /bin/sh + +CC = @CC@ +YACC = @YACC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ +MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +ATHENA = ../../.. + +INCTOP = $(ATHENA)/include + +LIBTOP = $(ATHENA)/lib + +LIBKAFS = @KRB_KAFS_LIB@ +LIBKRB = -L$(LIBTOP)/krb -lkrb +LIBDES = -L$(LIBTOP)/des -ldes +LIBOTP = -L$(LIBTOP)/otp -lotp +LIBROKEN= -L$(LIBTOP)/roken -lroken + +PROGS = ftpd$(EXECSUFFIX) + +ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c auth.c krb4.c kauth.c +ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o auth.o krb4.o kauth.o + +SOURCES = $(ftpd_SOURCES) +OBJECTS = $(ftpd_OBJS) + +all: $(PROGS) + +.c.o: + $(CC) -c $(CFLAGS) -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +ftpd$(EXECSUFFIX): $(ftpd_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +ftpcmd.c: ftpcmd.y + $(YACC) $(YFLAGS) $< + chmod a-w y.tab.c + mv -f y.tab.c ftpcmd.c + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o core ftpd ftpcmd.c \#* + +distclean: + rm -f Makefile diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.c b/crypto/kerberosIV/appl/ftp/ftpd/auth.c new file mode 100644 index 0000000..862eb6d --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.c @@ -0,0 +1,249 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: auth.c,v 1.11 1997/05/04 23:09:00 assar Exp $"); +#endif + +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "extern.h" +#include "krb4.h" +#include "auth.h" + +static struct at auth_types [] = { + { "KERBEROS_V4", krb4_auth, krb4_adat, krb4_pbsz, krb4_prot, krb4_ccc, + krb4_mic, krb4_conf, krb4_enc, krb4_read, krb4_write, krb4_userok, + krb4_vprintf }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0 } +}; + +struct at *ct; + +int data_protection; +int buffer_size; +unsigned char *data_buffer; +int auth_complete; + + +char *protection_names[] = { + "clear", "safe", + "confidential", "private" +}; + + +void auth_init(void) +{ +} + +char *ftp_command; +int prot_level; + +void new_ftp_command(char *command) +{ + ftp_command = command; +} + +void delete_ftp_command(void) +{ + if(ftp_command){ + free(ftp_command); + ftp_command = NULL; + } +} + +int auth_ok(void) +{ + return ct && auth_complete; +} + +void auth(char *auth) +{ + for(ct=auth_types; ct->name; ct++){ + if(!strcasecmp(auth, ct->name)){ + ct->auth(auth); + return; + } + } + reply(504, "%s is not a known security mechanism", auth); +} + +void adat(char *auth) +{ + if(ct && !auth_complete) + ct->adat(auth); + else + reply(503, "You must (re)issue an AUTH first."); +} + +void pbsz(int size) +{ + int old = buffer_size; + if(auth_ok()) + ct->pbsz(size); + else + reply(503, "Incomplete security data exchange."); + if(buffer_size != old){ + if(data_buffer) + free(data_buffer); + data_buffer = malloc(buffer_size + 4); + } +} + +void prot(char *pl) +{ + int p = -1; + + if(buffer_size == 0){ + reply(503, "No protection buffer size negotiated."); + return; + } + + if(!strcasecmp(pl, "C")) + p = prot_clear; + + if(!strcasecmp(pl, "S")) + p = prot_safe; + + if(!strcasecmp(pl, "E")) + p = prot_confidential; + + if(!strcasecmp(pl, "P")) + p = prot_private; + + if(p == -1){ + reply(504, "Unrecognized protection level."); + return; + } + + if(auth_ok()){ + if(ct->prot(p)){ + reply(536, "%s does not support %s protection.", + ct->name, protection_names[p]); + }else{ + data_protection = p; + reply(200, "Data protection is %s.", + protection_names[data_protection]); + } + }else{ + reply(503, "Incomplete security data exchange."); + } +} + +void ccc(void) +{ + if(auth_ok()){ + if(!ct->ccc()) + prot_level = prot_clear; + }else + reply(503, "Incomplete security data exchange."); +} + +void mic(char *msg) +{ + if(auth_ok()){ + if(!ct->mic(msg)) + prot_level = prot_safe; + }else + reply(503, "Incomplete security data exchange."); +} + +void conf(char *msg) +{ + if(auth_ok()){ + if(!ct->conf(msg)) + prot_level = prot_confidential; + }else + reply(503, "Incomplete security data exchange."); +} + +void enc(char *msg) +{ + if(auth_ok()){ + if(!ct->enc(msg)) + prot_level = prot_private; + }else + reply(503, "Incomplete security data exchange."); +} + +int auth_read(int fd, void *data, int length) +{ + if(auth_ok() && data_protection) + return ct->read(fd, data, length); + else + return read(fd, data, length); +} + +int auth_write(int fd, void *data, int length) +{ + if(auth_ok() && data_protection) + return ct->write(fd, data, length); + else + return write(fd, data, length); +} + +void auth_vprintf(const char *fmt, va_list ap) +{ + if(auth_ok() && prot_level){ + ct->vprintf(fmt, ap); + }else + vprintf(fmt, ap); +} + +void auth_printf(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + auth_vprintf(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.h b/crypto/kerberosIV/appl/ftp/ftpd/auth.h new file mode 100644 index 0000000..17d9a13 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: auth.h,v 1.9 1997/05/11 11:04:28 assar Exp $ */ + +#ifndef __AUTH_H__ +#define __AUTH_H__ + +#include + +struct at { + char *name; + int (*auth)(char*); + int (*adat)(char*); + int (*pbsz)(int); + int (*prot)(int); + int (*ccc)(void); + int (*mic)(char*); + int (*conf)(char*); + int (*enc)(char*); + int (*read)(int, void*, int); + int (*write)(int, void*, int); + int (*userok)(char*); + int (*vprintf)(const char*, va_list); +}; + +extern struct at *ct; + +enum protection_levels { + prot_clear, prot_safe, prot_confidential, prot_private +}; + +extern char *protection_names[]; + +extern char *ftp_command; +extern int prot_level; + +void delete_ftp_command(void); + +extern int data_protection; +extern int buffer_size; +extern unsigned char *data_buffer; +extern int auth_complete; + +void auth_init(void); + +int auth_ok(void); + +void auth(char*); +void adat(char*); +void pbsz(int); +void prot(char*); +void ccc(void); +void mic(char*); +void conf(char*); +void enc(char*); + +int auth_read(int, void*, int); +int auth_write(int, void*, int); + +void auth_vprintf(const char *fmt, va_list ap) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 0))) +#endif +; +void auth_printf(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void new_ftp_command(char *command); + +#endif /* __AUTH_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/extern.h b/crypto/kerberosIV/appl/ftp/ftpd/extern.h new file mode 100644 index 0000000..f9b800f --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/extern.h @@ -0,0 +1,141 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)extern.h 8.2 (Berkeley) 4/4/94 + */ + +#ifndef _EXTERN_H_ +#define _EXTERN_H_ + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#include +#include +#include +#ifdef HAVE_PWD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +void abor(void); +void blkfree(char **); +char **copyblk(char **); +void cwd(char *); +void do_delete(char *); +void dologout(int); +void fatal(char *); +int filename_check(char *); +int ftpd_pclose(FILE *); +FILE *ftpd_popen(char *, char *, int, int); +char *getline(char *, int); +void logwtmp(char *, char *, char *); +void lreply(int, const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +void makedir(char *); +void nack(char *); +void nreply(const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +void pass(char *); +void passive(void); +void perror_reply(int, char *); +void pwd(void); +void removedir(char *); +void renamecmd(char *, char *); +char *renamefrom(char *); +void reply(int, const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +void retrieve(char *, char *); +void send_file_list(char *); +void setproctitle(const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +void statcmd(void); +void statfilecmd(char *); +void do_store(char *, char *, int); +void upper(char *); +void user(char *); +void yyerror(char *); + +void kauth(char *, char*); +void klist(void); + +int find(char *); + +int do_login(int code, char *passwd); +int klogin(char *name, char *password); + +const char *ftp_rooted(const char *path); + +extern struct sockaddr_in ctrl_addr, his_addr; +extern char hostname[]; + +extern struct sockaddr_in data_dest; +extern int logged_in; +extern struct passwd *pw; +extern int guest; +extern int logging; +extern int type; +extern int oobflag; +extern off_t file_size; +extern off_t byte_count; +extern jmp_buf urgcatch; + +extern int form; +extern int debug; +extern int ftpd_timeout; +extern int maxtimeout; +extern int pdata; +extern char hostname[], remotehost[]; +extern char proctitle[]; +extern int usedefault; +extern int transflag; +extern char tmpline[]; + +#endif /* _EXTERN_H_ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y new file mode 100644 index 0000000..9368cdb --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y @@ -0,0 +1,1408 @@ +/* $NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $ */ + +/* + * Copyright (c) 1985, 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94 + */ + +/* + * Grammar for FTP commands. + * See RFC 959. + */ + +%{ + + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: ftpcmd.y,v 1.35 1997/05/25 14:38:49 assar Exp $"); + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_FTP_H +#include +#endif + +#include +#include +#include +#ifdef HAVE_PWD_H +#include +#endif +#include +#include +#include +#include +#include +#ifdef HAVE_SYSLOG_H +#include +#endif +#include +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_BSD_BSD_H +#include +#endif + +#include + +#ifdef SOCKS +#include +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +#include "extern.h" +#include "auth.h" + +off_t restart_point; + +static int cmd_type; +static int cmd_form; +static int cmd_bytesz; +char cbuf[512]; +char *fromname; + +struct tab { + char *name; + short token; + short state; + short implemented; /* 1 if command is implemented */ + char *help; +}; + +extern struct tab cmdtab[]; +extern struct tab sitetab[]; + +static char *copy (char *); +static void help (struct tab *, char *); +static struct tab * + lookup (struct tab *, char *); +static void sizecmd (char *); +static void toolong (int); +static int yylex (void); + +/* This is for bison */ + +#if !defined(alloca) && !defined(HAVE_ALLOCA) +#define alloca(x) malloc(x) +#endif + +%} + +%union { + int i; + char *s; +} + +%token + A B C E F I + L N P R S T + + SP CRLF COMMA + + USER PASS ACCT REIN QUIT PORT + PASV TYPE STRU MODE RETR STOR + APPE MLFL MAIL MSND MSOM MSAM + MRSQ MRCP ALLO REST RNFR RNTO + ABOR DELE CWD LIST NLST SITE + STAT HELP NOOP MKD RMD PWD + CDUP STOU SMNT SYST SIZE MDTM + + UMASK IDLE CHMOD + + AUTH ADAT PROT PBSZ CCC MIC + CONF ENC + + KAUTH KLIST FIND URL + + LEXERR + +%token STRING +%token NUMBER + +%type check_login check_login_no_guest octal_number byte_size +%type struct_code mode_code type_code form_code +%type pathstring pathname password username + +%start cmd_list + +%% + +cmd_list + : /* empty */ + | cmd_list cmd + { + fromname = (char *) 0; + restart_point = (off_t) 0; + } + | cmd_list rcmd + ; + +cmd + : USER SP username CRLF + { + user($3); + free($3); + } + | AUTH SP STRING CRLF + { + auth($3); + free($3); + } + | ADAT SP STRING CRLF + { + adat($3); + free($3); + } + | PBSZ SP NUMBER CRLF + { + pbsz($3); + } + | PROT SP STRING CRLF + { + prot($3); + } + | CCC CRLF + { + ccc(); + } + | MIC SP STRING CRLF + { + mic($3); + free($3); + } + | CONF SP STRING CRLF + { + conf($3); + free($3); + } + | PASS SP password CRLF + { + pass($3); + memset ($3, 0, strlen($3)); + free($3); + } + | PORT SP host_port CRLF + { + usedefault = 0; + if (pdata >= 0) { + close(pdata); + pdata = -1; + } + reply(200, "PORT command successful."); + } + | PASV CRLF + { + passive(); + } + | TYPE SP type_code CRLF + { + switch (cmd_type) { + + case TYPE_A: + if (cmd_form == FORM_N) { + reply(200, "Type set to A."); + type = cmd_type; + form = cmd_form; + } else + reply(504, "Form must be N."); + break; + + case TYPE_E: + reply(504, "Type E not implemented."); + break; + + case TYPE_I: + reply(200, "Type set to I."); + type = cmd_type; + break; + + case TYPE_L: +#if NBBY == 8 + if (cmd_bytesz == 8) { + reply(200, + "Type set to L (byte size 8)."); + type = cmd_type; + } else + reply(504, "Byte size must be 8."); +#else /* NBBY == 8 */ + UNIMPLEMENTED for NBBY != 8 +#endif /* NBBY == 8 */ + } + } + | STRU SP struct_code CRLF + { + switch ($3) { + + case STRU_F: + reply(200, "STRU F ok."); + break; + + default: + reply(504, "Unimplemented STRU type."); + } + } + | MODE SP mode_code CRLF + { + switch ($3) { + + case MODE_S: + reply(200, "MODE S ok."); + break; + + default: + reply(502, "Unimplemented MODE type."); + } + } + | ALLO SP NUMBER CRLF + { + reply(202, "ALLO command ignored."); + } + | ALLO SP NUMBER SP R SP NUMBER CRLF + { + reply(202, "ALLO command ignored."); + } + | RETR check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + retrieve((char *) 0, $4); + if ($4 != NULL) + free($4); + } + | STOR check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "w", 0); + if ($4 != NULL) + free($4); + } + | APPE check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "a", 0); + if ($4 != NULL) + free($4); + } + | NLST check_login CRLF + { + if ($2) + send_file_list("."); + } + | NLST check_login SP STRING CRLF + { + if ($2 && $4 != NULL) + send_file_list($4); + if ($4 != NULL) + free($4); + } + | LIST check_login CRLF + { +#ifdef HAVE_LS_A + char *cmd = "/bin/ls -lA"; +#else + char *cmd = "/bin/ls -la"; +#endif + if ($2) + retrieve(cmd, ""); + + } + | LIST check_login SP pathname CRLF + { +#ifdef HAVE_LS_A + char *cmd = "/bin/ls -lA %s"; +#else + char *cmd = "/bin/ls -la %s"; +#endif + if ($2 && $4 != NULL) + retrieve(cmd, $4); + if ($4 != NULL) + free($4); + } + | STAT check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + statfilecmd($4); + if ($4 != NULL) + free($4); + } + | STAT CRLF + { + if(oobflag){ + if (file_size != (off_t) -1) + reply(213, "Status: %ld of %ld bytes transferred", + byte_count, file_size); + else + reply(213, "Status: %ld bytes transferred", byte_count); + }else + statcmd(); + } + | DELE check_login_no_guest SP pathname CRLF + { + if ($2 && $4 != NULL) + do_delete($4); + if ($4 != NULL) + free($4); + } + | RNTO check_login_no_guest SP pathname CRLF + { + if($2){ + if (fromname) { + renamecmd(fromname, $4); + free(fromname); + fromname = (char *) 0; + } else { + reply(503, "Bad sequence of commands."); + } + } + if ($4 != NULL) + free($4); + } + | ABOR CRLF + { + if(oobflag){ + reply(426, "Transfer aborted. Data connection closed."); + reply(226, "Abort successful"); + oobflag = 0; + longjmp(urgcatch, 1); + }else + reply(225, "ABOR command successful."); + } + | CWD check_login CRLF + { + if ($2) + cwd(pw->pw_dir); + } + | CWD check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + cwd($4); + if ($4 != NULL) + free($4); + } + | HELP CRLF + { + help(cmdtab, (char *) 0); + } + | HELP SP STRING CRLF + { + char *cp = $3; + + if (strncasecmp(cp, "SITE", 4) == 0) { + cp = $3 + 4; + if (*cp == ' ') + cp++; + if (*cp) + help(sitetab, cp); + else + help(sitetab, (char *) 0); + } else + help(cmdtab, $3); + } + | NOOP CRLF + { + reply(200, "NOOP command successful."); + } + | MKD check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + makedir($4); + if ($4 != NULL) + free($4); + } + | RMD check_login_no_guest SP pathname CRLF + { + if ($2 && $4 != NULL) + removedir($4); + if ($4 != NULL) + free($4); + } + | PWD check_login CRLF + { + if ($2) + pwd(); + } + | CDUP check_login CRLF + { + if ($2) + cwd(".."); + } + | SITE SP HELP CRLF + { + help(sitetab, (char *) 0); + } + | SITE SP HELP SP STRING CRLF + { + help(sitetab, $5); + } + | SITE SP UMASK check_login CRLF + { + int oldmask; + + if ($4) { + oldmask = umask(0); + umask(oldmask); + reply(200, "Current UMASK is %03o", oldmask); + } + } + | SITE SP UMASK check_login_no_guest SP octal_number CRLF + { + int oldmask; + + if ($4) { + if (($6 == -1) || ($6 > 0777)) { + reply(501, "Bad UMASK value"); + } else { + oldmask = umask($6); + reply(200, + "UMASK set to %03o (was %03o)", + $6, oldmask); + } + } + } + | SITE SP CHMOD check_login_no_guest SP octal_number SP pathname CRLF + { + if ($4 && $8 != NULL) { + if ($6 > 0777) + reply(501, + "CHMOD: Mode value must be between 0 and 0777"); + else if (chmod($8, $6) < 0) + perror_reply(550, $8); + else + reply(200, "CHMOD command successful."); + } + if ($8 != NULL) + free($8); + } + | SITE SP IDLE CRLF + { + reply(200, + "Current IDLE time limit is %d seconds; max %d", + ftpd_timeout, maxtimeout); + } + | SITE SP IDLE SP NUMBER CRLF + { + if ($5 < 30 || $5 > maxtimeout) { + reply(501, + "Maximum IDLE time must be between 30 and %d seconds", + maxtimeout); + } else { + ftpd_timeout = $5; + alarm((unsigned) ftpd_timeout); + reply(200, + "Maximum IDLE time set to %d seconds", + ftpd_timeout); + } + } + + | SITE SP KAUTH check_login SP STRING CRLF + { + char *p; + + if(guest) + reply(500, "Can't be done as guest."); + else{ + if($4 && $6 != NULL){ + p = strpbrk($6, " \t"); + if(p){ + *p++ = 0; + kauth($6, p + strspn(p, " \t")); + }else + kauth($6, NULL); + } + } + if($6 != NULL) + free($6); + } + | SITE SP KLIST check_login CRLF + { + if($4) + klist(); + } + | SITE SP FIND check_login SP STRING CRLF + { + if($4 && $6 != NULL) + find($6); + if($6 != NULL) + free($6); + } + | SITE SP URL CRLF + { + reply(200, "http://www.pdc.kth.se/kth-krb/"); + } + | STOU check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "w", 1); + if ($4 != NULL) + free($4); + } + | SYST CRLF + { +#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) + reply(215, "UNIX Type: L%d", NBBY); +#else + reply(215, "UNKNOWN Type: L%d", NBBY); +#endif + } + + /* + * SIZE is not in RFC959, but Postel has blessed it and + * it will be in the updated RFC. + * + * Return size of file in a format suitable for + * using with RESTART (we just count bytes). + */ + | SIZE check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + sizecmd($4); + if ($4 != NULL) + free($4); + } + + /* + * MDTM is not in RFC959, but Postel has blessed it and + * it will be in the updated RFC. + * + * Return modification time of file as an ISO 3307 + * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx + * where xxx is the fractional second (of any precision, + * not necessarily 3 digits) + */ + | MDTM check_login SP pathname CRLF + { + if ($2 && $4 != NULL) { + struct stat stbuf; + if (stat($4, &stbuf) < 0) + reply(550, "%s: %s", + $4, strerror(errno)); + else if (!S_ISREG(stbuf.st_mode)) { + reply(550, "%s: not a plain file.", $4); + } else { + struct tm *t; + t = gmtime(&stbuf.st_mtime); + reply(213, + "%04d%02d%02d%02d%02d%02d", + t->tm_year + 1900, + t->tm_mon + 1, + t->tm_mday, + t->tm_hour, + t->tm_min, + t->tm_sec); + } + } + if ($4 != NULL) + free($4); + } + | QUIT CRLF + { + reply(221, "Goodbye."); + dologout(0); + } + | error CRLF + { + yyerrok; + } + ; +rcmd + : RNFR check_login_no_guest SP pathname CRLF + { + restart_point = (off_t) 0; + if ($2 && $4) { + fromname = renamefrom($4); + if (fromname == (char *) 0 && $4) { + free($4); + } + } + } + | REST SP byte_size CRLF + { + fromname = (char *) 0; + restart_point = $3; /* XXX $3 is only "int" */ + reply(350, "Restarting at %ld. %s", + (long)restart_point, + "Send STORE or RETRIEVE to initiate transfer."); + } + | ENC SP STRING CRLF + { + enc($3); + free($3); + } + ; + +username + : STRING + ; + +password + : /* empty */ + { + $$ = (char *)calloc(1, sizeof(char)); + } + | STRING + ; + +byte_size + : NUMBER + ; + +host_port + : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA + NUMBER COMMA NUMBER + { + data_dest.sin_family = AF_INET; + data_dest.sin_port = htons($9 * 256 + $11); + data_dest.sin_addr.s_addr = + htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7); + } + ; + +form_code + : N + { + $$ = FORM_N; + } + | T + { + $$ = FORM_T; + } + | C + { + $$ = FORM_C; + } + ; + +type_code + : A + { + cmd_type = TYPE_A; + cmd_form = FORM_N; + } + | A SP form_code + { + cmd_type = TYPE_A; + cmd_form = $3; + } + | E + { + cmd_type = TYPE_E; + cmd_form = FORM_N; + } + | E SP form_code + { + cmd_type = TYPE_E; + cmd_form = $3; + } + | I + { + cmd_type = TYPE_I; + } + | L + { + cmd_type = TYPE_L; + cmd_bytesz = NBBY; + } + | L SP byte_size + { + cmd_type = TYPE_L; + cmd_bytesz = $3; + } + /* this is for a bug in the BBN ftp */ + | L byte_size + { + cmd_type = TYPE_L; + cmd_bytesz = $2; + } + ; + +struct_code + : F + { + $$ = STRU_F; + } + | R + { + $$ = STRU_R; + } + | P + { + $$ = STRU_P; + } + ; + +mode_code + : S + { + $$ = MODE_S; + } + | B + { + $$ = MODE_B; + } + | C + { + $$ = MODE_C; + } + ; + +pathname + : pathstring + { + /* + * Problem: this production is used for all pathname + * processing, but only gives a 550 error reply. + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && *$1 == '~') { + glob_t gl; + int flags = + GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + if (glob($1, flags, NULL, &gl) || + gl.gl_pathc == 0) { + reply(550, "not found"); + $$ = NULL; + } else { + $$ = strdup(gl.gl_pathv[0]); + } + globfree(&gl); + free($1); + } else + $$ = $1; + } + ; + +pathstring + : STRING + ; + +octal_number + : NUMBER + { + int ret, dec, multby, digit; + + /* + * Convert a number that was read as decimal number + * to what it would be if it had been read as octal. + */ + dec = $1; + multby = 1; + ret = 0; + while (dec) { + digit = dec%10; + if (digit > 7) { + ret = -1; + break; + } + ret += digit * multby; + multby *= 8; + dec /= 10; + } + $$ = ret; + } + ; + + +check_login_no_guest : check_login + { + $$ = $1 && !guest; + if($1 && !$$) + reply(550, "Permission denied"); + } + ; + +check_login + : /* empty */ + { + if(auth_complete && prot_level == prot_clear){ + reply(533, "Command protection level denied for paranoid reasons."); + $$ = 0; + }else + if (logged_in) + $$ = 1; + else { + reply(530, "Please login with USER and PASS."); + $$ = 0; + } + } + ; + +%% + +extern jmp_buf errcatch; + +#define CMD 0 /* beginning of command */ +#define ARGS 1 /* expect miscellaneous arguments */ +#define STR1 2 /* expect SP followed by STRING */ +#define STR2 3 /* expect STRING */ +#define OSTR 4 /* optional SP then STRING */ +#define ZSTR1 5 /* SP then optional STRING */ +#define ZSTR2 6 /* optional STRING after SP */ +#define SITECMD 7 /* SITE command */ +#define NSTR 8 /* Number followed by a string */ + +struct tab cmdtab[] = { /* In order defined in RFC 765 */ + { "USER", USER, STR1, 1, " username" }, + { "PASS", PASS, ZSTR1, 1, " password" }, + { "ACCT", ACCT, STR1, 0, "(specify account)" }, + { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, + { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, + { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, + { "PORT", PORT, ARGS, 1, " b0, b1, b2, b3, b4" }, + { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, + { "TYPE", TYPE, ARGS, 1, " [ A | E | I | L ]" }, + { "STRU", STRU, ARGS, 1, "(specify file structure)" }, + { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, + { "RETR", RETR, STR1, 1, " file-name" }, + { "STOR", STOR, STR1, 1, " file-name" }, + { "APPE", APPE, STR1, 1, " file-name" }, + { "MLFL", MLFL, OSTR, 0, "(mail file)" }, + { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, + { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, + { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, + { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, + { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, + { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, + { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, + { "REST", REST, ARGS, 1, " offset (restart command)" }, + { "RNFR", RNFR, STR1, 1, " file-name" }, + { "RNTO", RNTO, STR1, 1, " file-name" }, + { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, + { "DELE", DELE, STR1, 1, " file-name" }, + { "CWD", CWD, OSTR, 1, "[ directory-name ]" }, + { "XCWD", CWD, OSTR, 1, "[ directory-name ]" }, + { "LIST", LIST, OSTR, 1, "[ path-name ]" }, + { "NLST", NLST, OSTR, 1, "[ path-name ]" }, + { "SITE", SITE, SITECMD, 1, "site-cmd [ arguments ]" }, + { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, + { "STAT", STAT, OSTR, 1, "[ path-name ]" }, + { "HELP", HELP, OSTR, 1, "[ ]" }, + { "NOOP", NOOP, ARGS, 1, "" }, + { "MKD", MKD, STR1, 1, " path-name" }, + { "XMKD", MKD, STR1, 1, " path-name" }, + { "RMD", RMD, STR1, 1, " path-name" }, + { "XRMD", RMD, STR1, 1, " path-name" }, + { "PWD", PWD, ARGS, 1, "(return current directory)" }, + { "XPWD", PWD, ARGS, 1, "(return current directory)" }, + { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, + { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, + { "STOU", STOU, STR1, 1, " file-name" }, + { "SIZE", SIZE, OSTR, 1, " path-name" }, + { "MDTM", MDTM, OSTR, 1, " path-name" }, + + /* extensions from draft-ietf-cat-ftpsec-08 */ + { "AUTH", AUTH, STR1, 1, " auth-type" }, + { "ADAT", ADAT, STR1, 1, " auth-data" }, + { "PBSZ", PBSZ, ARGS, 1, " buffer-size" }, + { "PROT", PROT, STR1, 1, " prot-level" }, + { "CCC", CCC, ARGS, 1, "" }, + { "MIC", MIC, STR1, 1, " integrity command" }, + { "CONF", CONF, STR1, 1, " confidentiality command" }, + { "ENC", ENC, STR1, 1, " privacy command" }, + + { NULL, 0, 0, 0, 0 } +}; + +struct tab sitetab[] = { + { "UMASK", UMASK, ARGS, 1, "[ umask ]" }, + { "IDLE", IDLE, ARGS, 1, "[ maximum-idle-time ]" }, + { "CHMOD", CHMOD, NSTR, 1, " mode file-name" }, + { "HELP", HELP, OSTR, 1, "[ ]" }, + + { "KAUTH", KAUTH, STR1, 1, " principal [ ticket ]" }, + { "KLIST", KLIST, ARGS, 1, "(show ticket file)" }, + + { "FIND", FIND, STR1, 1, " globexpr" }, + + { "URL", URL, ARGS, 1, "?" }, + + { NULL, 0, 0, 0, 0 } +}; + +static struct tab * +lookup(struct tab *p, char *cmd) +{ + + for (; p->name != NULL; p++) + if (strcmp(cmd, p->name) == 0) + return (p); + return (0); +} + +#include + +/* + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ +char * +getline(char *s, int n) +{ + int c; + char *cs; + + cs = s; +/* tmpline may contain saved command from urgent mode interruption */ + if(ftp_command){ + strncpy(s, ftp_command, n); + if (debug) + syslog(LOG_DEBUG, "command: %s", s); +#ifdef XXX + fprintf(stderr, "%s\n", s); +#endif + return s; + } + prot_level = prot_clear; + while ((c = getc(stdin)) != EOF) { + c &= 0377; + if (c == IAC) { + if ((c = getc(stdin)) != EOF) { + c &= 0377; + switch (c) { + case WILL: + case WONT: + c = getc(stdin); + printf("%c%c%c", IAC, DONT, 0377&c); + fflush(stdout); + continue; + case DO: + case DONT: + c = getc(stdin); + printf("%c%c%c", IAC, WONT, 0377&c); + fflush(stdout); + continue; + case IAC: + break; + default: + continue; /* ignore command */ + } + } + } + *cs++ = c; + if (--n <= 0 || c == '\n') + break; + } + if (c == EOF && cs == s) + return (NULL); + *cs++ = '\0'; + if (debug) { + if (!guest && strncasecmp("pass ", s, 5) == 0) { + /* Don't syslog passwords */ + syslog(LOG_DEBUG, "command: %.5s ???", s); + } else { + char *cp; + int len; + + /* Don't syslog trailing CR-LF */ + len = strlen(s); + cp = s + len - 1; + while (cp >= s && (*cp == '\n' || *cp == '\r')) { + --cp; + --len; + } + syslog(LOG_DEBUG, "command: %.*s", len, s); + } + } +#ifdef XXX + fprintf(stderr, "%s\n", s); +#endif + return (s); +} + +static RETSIGTYPE +toolong(int signo) +{ + + reply(421, + "Timeout (%d seconds): closing control connection.", + ftpd_timeout); + if (logging) + syslog(LOG_INFO, "User %s timed out after %d seconds", + (pw ? pw -> pw_name : "unknown"), ftpd_timeout); + dologout(1); + SIGRETURN(0); +} + +static int +yylex(void) +{ + static int cpos, state; + char *cp, *cp2; + struct tab *p; + int n; + char c; + + for (;;) { + switch (state) { + + case CMD: + signal(SIGALRM, toolong); + alarm((unsigned) ftpd_timeout); + if (getline(cbuf, sizeof(cbuf)-1) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } + alarm(0); +#ifdef HASSETPROCTITLE + if (strncasecmp(cbuf, "PASS", 4) != NULL) + setproctitle("%s: %s", proctitle, cbuf); +#endif /* HASSETPROCTITLE */ + if ((cp = strchr(cbuf, '\r'))) { + *cp++ = '\n'; + *cp = '\0'; + } + if ((cp = strpbrk(cbuf, " \n"))) + cpos = cp - cbuf; + if (cpos == 0) + cpos = 4; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + strupr(cbuf); + p = lookup(cmdtab, cbuf); + cbuf[cpos] = c; + if (p != 0) { + if (p->implemented == 0) { + nack(p->name); + longjmp(errcatch,0); + /* NOTREACHED */ + } + state = p->state; + yylval.s = p->name; + return (p->token); + } + break; + + case SITECMD: + if (cbuf[cpos] == ' ') { + cpos++; + return (SP); + } + cp = &cbuf[cpos]; + if ((cp2 = strpbrk(cp, " \n"))) + cpos = cp2 - cbuf; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + strupr(cp); + p = lookup(sitetab, cp); + cbuf[cpos] = c; + if (p != 0) { + if (p->implemented == 0) { + state = CMD; + nack(p->name); + longjmp(errcatch,0); + /* NOTREACHED */ + } + state = p->state; + yylval.s = p->name; + return (p->token); + } + state = CMD; + break; + + case OSTR: + if (cbuf[cpos] == '\n') { + state = CMD; + return (CRLF); + } + /* FALLTHROUGH */ + + case STR1: + case ZSTR1: + dostr1: + if (cbuf[cpos] == ' ') { + cpos++; + state = state == OSTR ? STR2 : ++state; + return (SP); + } + break; + + case ZSTR2: + if (cbuf[cpos] == '\n') { + state = CMD; + return (CRLF); + } + /* FALLTHROUGH */ + + case STR2: + cp = &cbuf[cpos]; + n = strlen(cp); + cpos += n - 1; + /* + * Make sure the string is nonempty and \n terminated. + */ + if (n > 1 && cbuf[cpos] == '\n') { + cbuf[cpos] = '\0'; + yylval.s = copy(cp); + cbuf[cpos] = '\n'; + state = ARGS; + return (STRING); + } + break; + + case NSTR: + if (cbuf[cpos] == ' ') { + cpos++; + return (SP); + } + if (isdigit(cbuf[cpos])) { + cp = &cbuf[cpos]; + while (isdigit(cbuf[++cpos])) + ; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + yylval.i = atoi(cp); + cbuf[cpos] = c; + state = STR1; + return (NUMBER); + } + state = STR1; + goto dostr1; + + case ARGS: + if (isdigit(cbuf[cpos])) { + cp = &cbuf[cpos]; + while (isdigit(cbuf[++cpos])) + ; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + yylval.i = atoi(cp); + cbuf[cpos] = c; + return (NUMBER); + } + switch (cbuf[cpos++]) { + + case '\n': + state = CMD; + return (CRLF); + + case ' ': + return (SP); + + case ',': + return (COMMA); + + case 'A': + case 'a': + return (A); + + case 'B': + case 'b': + return (B); + + case 'C': + case 'c': + return (C); + + case 'E': + case 'e': + return (E); + + case 'F': + case 'f': + return (F); + + case 'I': + case 'i': + return (I); + + case 'L': + case 'l': + return (L); + + case 'N': + case 'n': + return (N); + + case 'P': + case 'p': + return (P); + + case 'R': + case 'r': + return (R); + + case 'S': + case 's': + return (S); + + case 'T': + case 't': + return (T); + + } + break; + + default: + fatal("Unknown state in scanner."); + } + yyerror((char *) 0); + state = CMD; + longjmp(errcatch,0); + } +} + +static char * +copy(char *s) +{ + char *p; + + p = strdup(s); + if (p == NULL) + fatal("Ran out of memory."); + return p; +} + +static void +help(struct tab *ctab, char *s) +{ + struct tab *c; + int width, NCMDS; + char *type; + char buf[1024]; + + if (ctab == sitetab) + type = "SITE "; + else + type = ""; + width = 0, NCMDS = 0; + for (c = ctab; c->name != NULL; c++) { + int len = strlen(c->name); + + if (len > width) + width = len; + NCMDS++; + } + width = (width + 8) &~ 7; + if (s == 0) { + int i, j, w; + int columns, lines; + + lreply(214, "The following %scommands are recognized %s.", + type, "(* =>'s unimplemented)"); + columns = 76 / width; + if (columns == 0) + columns = 1; + lines = (NCMDS + columns - 1) / columns; + for (i = 0; i < lines; i++) { + strcpy (buf, " "); + for (j = 0; j < columns; j++) { + c = ctab + j * lines + i; + snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf), + "%s%c", c->name, c->implemented ? ' ' : '*'); + if (c + lines >= &ctab[NCMDS]) + break; + w = strlen(c->name) + 1; + while (w < width) { + strcat(buf, " "); + w++; + } + } + lreply(214, buf); + } + reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se"); + return; + } + strupr(s); + c = lookup(ctab, s); + if (c == (struct tab *)0) { + reply(502, "Unknown command %s.", s); + return; + } + if (c->implemented) + reply(214, "Syntax: %s%s %s", type, c->name, c->help); + else + reply(214, "%s%-*s\t%s; unimplemented.", type, width, + c->name, c->help); +} + +static void +sizecmd(char *filename) +{ + switch (type) { + case TYPE_L: + case TYPE_I: { + struct stat stbuf; + if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) + reply(550, "%s: not a plain file.", filename); + else + reply(213, "%lu", (unsigned long)stbuf.st_size); + break; } + case TYPE_A: { + FILE *fin; + int c; + off_t count; + struct stat stbuf; + fin = fopen(filename, "r"); + if (fin == NULL) { + perror_reply(550, filename); + return; + } + if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) { + reply(550, "%s: not a plain file.", filename); + fclose(fin); + return; + } + + count = 0; + while((c=getc(fin)) != EOF) { + if (c == '\n') /* will get expanded to \r\n */ + count++; + count++; + } + fclose(fin); + + reply(213, "%ld", count); + break; } + default: + reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]); + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c new file mode 100644 index 0000000..17cd3b9 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c @@ -0,0 +1,2076 @@ +/* + * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: ftpd.c,v 1.88 1997/06/01 03:13:48 assar Exp $"); +#endif + +/* + * FTP server. + */ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif + +#ifdef HAVE_SYS_MMAN_H +#include +#endif + +#define FTP_NAMES +#include +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_ARPA_TELNET_H +#include +#endif + +#include +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#ifdef HAVE_PWD_H +#include +#endif +#include +#include +#include +#include +#include +#include +#ifdef HAVE_SYSLOG_H +#include +#endif +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_GRP_H +#include +#endif + +#include + +#include "pathnames.h" +#include "extern.h" +#include "common.h" + +#include "auth.h" + +#include + +#include +#include "roken.h" + +#include + +#ifdef SOCKS +#include +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +void yyparse(); + +#ifndef LOG_FTP +#define LOG_FTP LOG_DAEMON +#endif + +static char version[] = "Version 6.00"; + +extern off_t restart_point; +extern char cbuf[]; + +struct sockaddr_in ctrl_addr; +struct sockaddr_in data_source; +struct sockaddr_in data_dest; +struct sockaddr_in his_addr; +struct sockaddr_in pasv_addr; + +int data; +jmp_buf errcatch, urgcatch; +int oobflag; +int logged_in; +struct passwd *pw; +int debug; +int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */ +int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ +int logging; +int guest; +int dochroot; +int type; +int form; +int stru; /* avoid C keyword */ +int mode; +int usedefault = 1; /* for data transfers */ +int pdata = -1; /* for passive mode */ +int transflag; +off_t file_size; +off_t byte_count; +#if !defined(CMASK) || CMASK == 0 +#undef CMASK +#define CMASK 027 +#endif +int defumask = CMASK; /* default umask value */ +int guest_umask = 0777; /* Paranoia for anonymous users */ +char tmpline[10240]; +char hostname[MaxHostNameLen]; +char remotehost[MaxHostNameLen]; +static char ttyline[20]; + +#define AUTH_PLAIN (1 << 0) /* allow sending passwords */ +#define AUTH_OTP (1 << 1) /* passwords are one-time */ +#define AUTH_FTP (1 << 2) /* allow anonymous login */ + +static int auth_level = 0; /* Only allow kerberos login by default */ + +/* + * Timeout intervals for retrying connections + * to hosts that don't accept PORT cmds. This + * is a kludge, but given the problems with TCP... + */ +#define SWAITMAX 90 /* wait at most 90 seconds */ +#define SWAITINT 5 /* interval between retries */ + +int swaitmax = SWAITMAX; +int swaitint = SWAITINT; + +#ifdef HAVE_SETPROCTITLE +char proctitle[BUFSIZ]; /* initial part of title */ +#endif /* HAVE_SETPROCTITLE */ + +#define LOGCMD(cmd, file) \ + if (logging > 1) \ + syslog(LOG_INFO,"%s %s%s", cmd, \ + *(file) == '/' ? "" : curdir(), file); +#define LOGCMD2(cmd, file1, file2) \ + if (logging > 1) \ + syslog(LOG_INFO,"%s %s%s %s%s", cmd, \ + *(file1) == '/' ? "" : curdir(), file1, \ + *(file2) == '/' ? "" : curdir(), file2); +#define LOGBYTES(cmd, file, cnt) \ + if (logging > 1) { \ + if (cnt == (off_t)-1) \ + syslog(LOG_INFO,"%s %s%s", cmd, \ + *(file) == '/' ? "" : curdir(), file); \ + else \ + syslog(LOG_INFO, "%s %s%s = %ld bytes", \ + cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \ + } + +static void ack (char *); +static void myoob (int); +static int checkuser (char *, char *); +static int checkaccess (char *); +static FILE *dataconn (char *, off_t, char *); +static void dolog (struct sockaddr_in *); +static void end_login (void); +static FILE *getdatasock (char *); +static char *gunique (char *); +static RETSIGTYPE lostconn (int); +static int receive_data (FILE *, FILE *); +static void send_data (FILE *, FILE *); +static struct passwd * sgetpwnam (char *); +static void usage(void); + +static char * +curdir(void) +{ + static char path[MaxPathLen+1+1]; /* path + '/' + '\0' */ + + if (getcwd(path, sizeof(path)-2) == NULL) + return (""); + if (path[1] != '\0') /* special case for root dir. */ + strcat(path, "/"); + /* For guest account, skip / since it's chrooted */ + return (guest ? path+1 : path); +} + +#ifndef LINE_MAX +#define LINE_MAX 1024 +#endif + +static int +parse_auth_level(char *str) +{ + char *p; + int ret = 0; + char *foo = NULL; + + for(p = strtok_r(str, ",", &foo); + p; + p = strtok_r(NULL, ",", &foo)) { + if(strcmp(p, "user") == 0) + ; + else if(strcmp(p, "otp") == 0) + ret |= AUTH_PLAIN|AUTH_OTP; + else if(strcmp(p, "ftp") == 0 || + strcmp(p, "safe") == 0) + ret |= AUTH_FTP; + else if(strcmp(p, "plain") == 0) + ret |= AUTH_PLAIN; + else if(strcmp(p, "none") == 0) + ret |= AUTH_PLAIN|AUTH_FTP; + else + warnx("bad value for -a: `%s'", p); + } + return ret; +} + +/* + * Print usage and die. + */ + +static void +usage (void) +{ + fprintf (stderr, + "Usage: %s [-d] [-i] [-g guest_umask] [-l] [-p port]" + " [-t timeout] [-T max_timeout] [-u umask] [-v]" + " [-a auth_level] \n", + __progname); + exit (1); +} + +int +main(int argc, char **argv) +{ + int addrlen, ch, on = 1, tos; + char *cp, line[LINE_MAX]; + FILE *fd; + int not_inetd = 0; + int port; + struct servent *sp; + char tkfile[1024]; + + set_progname (argv[0]); + + /* detach from any tickets and tokens */ + + snprintf(tkfile, sizeof(tkfile), + "/tmp/ftp_%u", (unsigned)getpid()); + krb_set_tkt_string(tkfile); + if(k_hasafs()) + k_setpag(); + + sp = getservbyname("ftp", "tcp"); + if(sp) + port = sp->s_port; + else + port = htons(21); + + while ((ch = getopt(argc, argv, "a:dg:ilp:t:T:u:v")) != EOF) { + switch (ch) { + case 'a': + auth_level = parse_auth_level(optarg); + break; + case 'd': + debug = 1; + break; + + case 'i': + not_inetd = 1; + break; + case 'g': + { + long val = 0; + + val = strtol(optarg, &optarg, 8); + if (*optarg != '\0' || val < 0) + warnx("bad value for -g"); + else + guest_umask = val; + break; + } + case 'l': + logging++; /* > 1 == extra logging */ + break; + + case 'p': + sp = getservbyname(optarg, "tcp"); + if(sp) + port = sp->s_port; + else + if(isdigit(optarg[0])) + port = htons(atoi(optarg)); + else + warnx("bad value for -p"); + break; + + case 't': + ftpd_timeout = atoi(optarg); + if (maxtimeout < ftpd_timeout) + maxtimeout = ftpd_timeout; + break; + + case 'T': + maxtimeout = atoi(optarg); + if (ftpd_timeout > maxtimeout) + ftpd_timeout = maxtimeout; + break; + + case 'u': + { + long val = 0; + + val = strtol(optarg, &optarg, 8); + if (*optarg != '\0' || val < 0) + warnx("bad value for -u"); + else + defumask = val; + break; + } + + case 'v': + debug = 1; + break; + + default: + usage (); + } + } + + if(not_inetd) + mini_inetd (port); + + /* + * LOG_NDELAY sets up the logging connection immediately, + * necessary for anonymous ftp's that chroot and can't do it later. + */ + openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); + addrlen = sizeof(his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); + exit(1); + } + addrlen = sizeof(ctrl_addr); + if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); + exit(1); + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_LOWDELAY; + if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif + data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1); + debug = 0; + + /* set this here so it can be put in wtmp */ + snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid()); + + + /* freopen(_PATH_DEVNULL, "w", stderr); */ + signal(SIGPIPE, lostconn); + signal(SIGCHLD, SIG_IGN); +#ifdef SIGURG + if (signal(SIGURG, myoob) == SIG_ERR) + syslog(LOG_ERR, "signal: %m"); +#endif + + auth_init(); + + /* Try to handle urgent data inline */ +#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_ERR, "setsockopt: %m"); +#endif + +#ifdef F_SETOWN + if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) + syslog(LOG_ERR, "fcntl F_SETOWN: %m"); +#endif + dolog(&his_addr); + /* + * Set up default state + */ + data = -1; + type = TYPE_A; + form = FORM_N; + stru = STRU_F; + mode = MODE_S; + tmpline[0] = '\0'; + + /* If logins are disabled, print out the message. */ + if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(530, "%s", line); + } + fflush(stdout); + fclose(fd); + reply(530, "System not available."); + exit(0); + } + if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(220, "%s", line); + } + fflush(stdout); + fclose(fd); + /* reply(220,) must follow */ + } + k_gethostname(hostname, sizeof(hostname)); + reply(220, "%s FTP server (%s+%s) ready.", hostname, + version, krb4_version); + setjmp(errcatch); + for (;;) + yyparse(); + /* NOTREACHED */ +} + +static RETSIGTYPE +lostconn(int signo) +{ + + if (debug) + syslog(LOG_DEBUG, "lost connection"); + dologout(-1); +} + +/* + * Helper function for sgetpwnam(). + */ +static char * +sgetsave(char *s) +{ + char *new = strdup(s); + + if (new == NULL) { + perror_reply(421, "Local resource failure: malloc"); + dologout(1); + /* NOTREACHED */ + } + return new; +} + +/* + * Save the result of a getpwnam. Used for USER command, since + * the data returned must not be clobbered by any other command + * (e.g., globbing). + */ +static struct passwd * +sgetpwnam(char *name) +{ + static struct passwd save; + struct passwd *p; + + if ((p = k_getpwnam(name)) == NULL) + return (p); + if (save.pw_name) { + free(save.pw_name); + free(save.pw_passwd); + free(save.pw_gecos); + free(save.pw_dir); + free(save.pw_shell); + } + save = *p; + save.pw_name = sgetsave(p->pw_name); + save.pw_passwd = sgetsave(p->pw_passwd); + save.pw_gecos = sgetsave(p->pw_gecos); + save.pw_dir = sgetsave(p->pw_dir); + save.pw_shell = sgetsave(p->pw_shell); + return (&save); +} + +static int login_attempts; /* number of failed login attempts */ +static int askpasswd; /* had user command, ask for passwd */ +static char curname[10]; /* current USER name */ +OtpContext otp_ctx; + +/* + * USER command. + * Sets global passwd pointer pw if named account exists and is acceptable; + * sets askpasswd if a PASS command is expected. If logged in previously, + * need to reset state. If name is "ftp" or "anonymous", the name is not in + * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return. + * If account doesn't exist, ask for passwd anyway. Otherwise, check user + * requesting login privileges. Disallow anyone who does not have a standard + * shell as returned by getusershell(). Disallow anyone mentioned in the file + * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. + */ +void +user(char *name) +{ + char *cp, *shell; + + if(auth_level == 0 && !auth_complete){ + reply(530, "No login allowed without authorization."); + return; + } + + if (logged_in) { + if (guest) { + reply(530, "Can't change user from guest login."); + return; + } else if (dochroot) { + reply(530, "Can't change user from chroot user."); + return; + } + end_login(); + } + + guest = 0; + if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { + if ((auth_level & AUTH_FTP) == 0 || + checkaccess("ftp") || + checkaccess("anonymous")) + reply(530, "User %s access denied.", name); + else if ((pw = sgetpwnam("ftp")) != NULL) { + guest = 1; + defumask = guest_umask; /* paranoia for incoming */ + askpasswd = 1; + reply(331, "Guest login ok, type your name as password."); + } else + reply(530, "User %s unknown.", name); + if (!askpasswd && logging) + syslog(LOG_NOTICE, + "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)", + remotehost, inet_ntoa(his_addr.sin_addr)); + return; + } + if((auth_level & AUTH_PLAIN) == 0 && !auth_complete){ + reply(530, "Only authorized and anonymous login allowed."); + return; + } + if ((pw = sgetpwnam(name))) { + if ((shell = pw->pw_shell) == NULL || *shell == 0) + shell = _PATH_BSHELL; + while ((cp = getusershell()) != NULL) + if (strcmp(cp, shell) == 0) + break; + endusershell(); + + if (cp == NULL || checkaccess(name)) { + reply(530, "User %s access denied.", name); + if (logging) + syslog(LOG_NOTICE, + "FTP LOGIN REFUSED FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + name); + pw = (struct passwd *) NULL; + return; + } + } + if (logging) + strncpy(curname, name, sizeof(curname)-1); + if(auth_ok()) + ct->userok(name); + else { + char ss[256]; + + if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) { + reply(331, "Password %s for %s required.", + ss, name); + askpasswd = 1; + } else if ((auth_level & AUTH_OTP) == 0) { + reply(331, "Password required for %s.", name); + askpasswd = 1; + } else { + char *s; + + if (s = otp_error (&otp_ctx)) + lreply(530, "OTP: %s", s); + reply(530, + "Only authorized, anonymous and OTP " + "login allowed."); + } + + } + /* + * Delay before reading passwd after first failed + * attempt to slow down passwd-guessing programs. + */ + if (login_attempts) + sleep(login_attempts); +} + +/* + * Check if a user is in the file "fname" + */ +static int +checkuser(char *fname, char *name) +{ + FILE *fd; + int found = 0; + char *p, line[BUFSIZ]; + + if ((fd = fopen(fname, "r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) + if ((p = strchr(line, '\n')) != NULL) { + *p = '\0'; + if (line[0] == '#') + continue; + if (strcmp(line, name) == 0) { + found = 1; + break; + } + } + fclose(fd); + } + return (found); +} + + +/* + * Determine whether a user has access, based on information in + * _PATH_FTPUSERS. The users are listed one per line, with `allow' + * or `deny' after the username. If anything other than `allow', or + * just nothing, is given after the username, `deny' is assumed. + * + * If the user is not found in the file, but the pseudo-user `*' is, + * the permission is taken from that line. + * + * This preserves the old semantics where if a user was listed in the + * file he was denied, otherwise he was allowed. + * + * Return 1 if the user is denied, or 0 if he is allowed. */ + +static int +match(const char *pattern, const char *string) +{ +#ifdef HAVE_FNMATCH + return fnmatch(pattern, string, FNM_NOESCAPE); +#else + return strcmp(pattern, "*") != 0 && strcmp(pattern, string) != 0; +#endif +} + +static int +checkaccess(char *name) +{ +#define ALLOWED 0 +#define NOT_ALLOWED 1 + FILE *fd; + int allowed = ALLOWED; + char *user, *perm, line[BUFSIZ]; + char *foo; + + fd = fopen(_PATH_FTPUSERS, "r"); + + if(fd == NULL) + return allowed; + + while (fgets(line, sizeof(line), fd) != NULL) { + foo = NULL; + user = strtok_r(line, " \t\n", &foo); + if (user == NULL || user[0] == '#') + continue; + perm = strtok_r(NULL, " \t\n", &foo); + if (match(user, name) == 0){ + if(perm && strcmp(perm, "allow") == 0) + allowed = ALLOWED; + else + allowed = NOT_ALLOWED; + break; + } + } + fclose(fd); + return allowed; +} +#undef ALLOWED +#undef NOT_ALLOWED + +int do_login(int code, char *passwd) +{ + FILE *fd; + login_attempts = 0; /* this time successful */ + if (setegid((gid_t)pw->pw_gid) < 0) { + reply(550, "Can't set gid."); + return -1; + } + initgroups(pw->pw_name, pw->pw_gid); + + /* open wtmp before chroot */ + logwtmp(ttyline, pw->pw_name, remotehost); + logged_in = 1; + + dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name); + if (guest) { + /* + * We MUST do a chdir() after the chroot. Otherwise + * the old current directory will be accessible as "." + * outside the new root! + */ + if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + reply(550, "Can't set guest privileges."); + return -1; + } + } else if (dochroot) { + if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + reply(550, "Can't change root."); + return -1; + } + } else if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", + pw->pw_name, pw->pw_dir); + return -1; + } else + lreply(code, "No directory! Logging in with home=/"); + } + if (seteuid((uid_t)pw->pw_uid) < 0) { + reply(550, "Can't set uid."); + return -1; + } + /* + * Display a login message, if it exists. + * N.B. reply(code,) must follow the message. + */ + if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) { + char *cp, line[LINE_MAX]; + + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(code, "%s", line); + } + } + if (guest) { + reply(code, "Guest login ok, access restrictions apply."); +#ifdef HAVE_SETPROCTITLE + snprintf (proctitle, sizeof(proctitle), + "%s: anonymous/%s", + remotehost, + passwd); +#endif /* HAVE_SETPROCTITLE */ + if (logging) + syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + passwd); + } else { + reply(code, "User %s logged in.", pw->pw_name); +#ifdef HAVE_SETPROCTITLE + snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); + setproctitle(proctitle); +#endif /* HAVE_SETPROCTITLE */ + if (logging) + syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + pw->pw_name); + } + umask(defumask); + return 0; +} + +/* + * Terminate login as previous user, if any, resetting state; + * used when USER command is given or login fails. + */ +static void +end_login(void) +{ + + seteuid((uid_t)0); + if (logged_in) + logwtmp(ttyline, "", ""); + pw = NULL; + logged_in = 0; + guest = 0; + dochroot = 0; +} + +void +pass(char *passwd) +{ + int rval; + + /* some clients insists on sending a password */ + if (logged_in && askpasswd == 0){ + reply(230, "Dumpucko!"); + return; + } + + if (logged_in || askpasswd == 0) { + reply(503, "Login with USER first."); + return; + } + askpasswd = 0; + rval = 1; + if (!guest) { /* "ftp" is only account allowed no password */ + if (pw == NULL) + rval = 1; /* failure below */ + else if (otp_verify_user (&otp_ctx, passwd) == 0) { + rval = 0; + } else if((auth_level & AUTH_OTP) == 0) { + char realm[REALM_SZ]; + if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) + rval = krb_verify_user(pw->pw_name, "", realm, + passwd, 1, NULL); + if (rval == KSUCCESS ){ + if(k_hasafs()) + k_afsklog(0, 0); + }else + rval = unix_verify_user(pw->pw_name, passwd); + } else { + char *s; + + if (s = otp_error(&otp_ctx)) + lreply(530, "OTP: %s", s); + } + memset (passwd, 0, strlen(passwd)); + + /* + * If rval == 1, the user failed the authentication + * check above. If rval == 0, either Kerberos or + * local authentication succeeded. + */ + if (rval) { + reply(530, "Login incorrect."); + if (logging) + syslog(LOG_NOTICE, + "FTP LOGIN FAILED FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + curname); + pw = NULL; + if (login_attempts++ >= 5) { + syslog(LOG_NOTICE, + "repeated login failures from %s(%s)", + remotehost, + inet_ntoa(his_addr.sin_addr)); + exit(0); + } + return; + } + } + if(!do_login(230, passwd)) + return; + + /* Forget all about it... */ + end_login(); +} + +void +retrieve(char *cmd, char *name) +{ + FILE *fin = NULL, *dout; + struct stat st; + int (*closefunc) (FILE *); + char line[BUFSIZ]; + + + if (cmd == 0) { + fin = fopen(name, "r"); + closefunc = fclose; + st.st_size = 0; + if(fin == NULL){ + struct cmds { + char *ext; + char *cmd; + } cmds[] = { + {".tar", "/bin/gtar cPf - %s"}, + {".tar.gz", "/bin/gtar zcPf - %s"}, + {".tar.Z", "/bin/gtar ZcPf - %s"}, + {".gz", "/bin/gzip -c %s"}, + {".Z", "/bin/compress -c %s"}, + {NULL, NULL} + }; + struct cmds *p; + for(p = cmds; p->ext; p++){ + char *tail = name + strlen(name) - strlen(p->ext); + char c = *tail; + + if(strcmp(tail, p->ext) == 0 && + (*tail = 0) == 0 && + access(name, R_OK) == 0){ + snprintf (line, sizeof(line), p->cmd, name); + *tail = c; + break; + } + *tail = c; + } + if(p->ext){ + fin = ftpd_popen(line, "r", 0, 0); + closefunc = ftpd_pclose; + st.st_size = -1; + cmd = line; + } + } + } else { + snprintf(line, sizeof(line), cmd, name); + name = line; + fin = ftpd_popen(line, "r", 1, 0); + closefunc = ftpd_pclose; + st.st_size = -1; + } + if (fin == NULL) { + if (errno != 0) { + perror_reply(550, name); + if (cmd == 0) { + LOGCMD("get", name); + } + } + return; + } + byte_count = -1; + if (cmd == 0){ + if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) { + reply(550, "%s: not a plain file.", name); + goto done; + } + } + if (restart_point) { + if (type == TYPE_A) { + off_t i, n; + int c; + + n = restart_point; + i = 0; + while (i++ < n) { + if ((c=getc(fin)) == EOF) { + perror_reply(550, name); + goto done; + } + if (c == '\n') + i++; + } + } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) { + perror_reply(550, name); + goto done; + } + } + dout = dataconn(name, st.st_size, "w"); + if (dout == NULL) + goto done; + set_buffer_size(fileno(dout), 0); + send_data(fin, dout); + fclose(dout); + data = -1; + pdata = -1; +done: + if (cmd == 0) + LOGBYTES("get", name, byte_count); + (*closefunc)(fin); +} + +/* filename sanity check */ + +int +filename_check(char *filename) +{ + static const char good_chars[] = "+-=_,."; + char *p; + + p = strrchr(filename, '/'); + if(p) + filename = p + 1; + + p = filename; + + if(isalnum(*p)){ + p++; + while(*p && (isalnum(*p) || strchr(good_chars, *p))) + p++; + if(*p == '\0') + return 0; + } + lreply(553, "\"%s\" is an illegal filename.", filename); + lreply(553, "The filename must start with an alphanumeric " + "character and must only"); + reply(553, "consist of alphanumeric characters or any of the following: %s", + good_chars); + return 1; +} + +void +do_store(char *name, char *mode, int unique) +{ + FILE *fout, *din; + struct stat st; + int (*closefunc) (FILE *); + + if(guest && filename_check(name)) + return; + if (unique && stat(name, &st) == 0 && + (name = gunique(name)) == NULL) { + LOGCMD(*mode == 'w' ? "put" : "append", name); + return; + } + + if (restart_point) + mode = "r+"; + fout = fopen(name, mode); + closefunc = fclose; + if (fout == NULL) { + perror_reply(553, name); + LOGCMD(*mode == 'w' ? "put" : "append", name); + return; + } + byte_count = -1; + if (restart_point) { + if (type == TYPE_A) { + off_t i, n; + int c; + + n = restart_point; + i = 0; + while (i++ < n) { + if ((c=getc(fout)) == EOF) { + perror_reply(550, name); + goto done; + } + if (c == '\n') + i++; + } + /* + * We must do this seek to "current" position + * because we are changing from reading to + * writing. + */ + if (fseek(fout, 0L, SEEK_CUR) < 0) { + perror_reply(550, name); + goto done; + } + } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) { + perror_reply(550, name); + goto done; + } + } + din = dataconn(name, (off_t)-1, "r"); + if (din == NULL) + goto done; + set_buffer_size(fileno(din), 1); + if (receive_data(din, fout) == 0) { + if (unique) + reply(226, "Transfer complete (unique file name:%s).", + name); + else + reply(226, "Transfer complete."); + } + fclose(din); + data = -1; + pdata = -1; +done: + LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count); + (*closefunc)(fout); +} + +static FILE * +getdatasock(char *mode) +{ + int on = 1, s, t, tries; + + if (data >= 0) + return (fdopen(data, mode)); + seteuid((uid_t)0); + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + goto bad; +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (void *) &on, sizeof(on)) < 0) + goto bad; +#endif + /* anchor socket to avoid multi-homing problems */ + data_source.sin_family = AF_INET; + data_source.sin_addr = ctrl_addr.sin_addr; + for (tries = 1; ; tries++) { + if (bind(s, (struct sockaddr *)&data_source, + sizeof(data_source)) >= 0) + break; + if (errno != EADDRINUSE || tries > 10) + goto bad; + sleep(tries); + } + seteuid((uid_t)pw->pw_uid); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif + return (fdopen(s, mode)); +bad: + /* Return the real value of errno (close may change it) */ + t = errno; + seteuid((uid_t)pw->pw_uid); + close(s); + errno = t; + return (NULL); +} + +static FILE * +dataconn(char *name, off_t size, char *mode) +{ + char sizebuf[32]; + FILE *file; + int retry = 0, tos; + + file_size = size; + byte_count = 0; + if (size != (off_t) -1) + snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size); + else + strcpy(sizebuf, ""); + if (pdata >= 0) { + struct sockaddr_in from; + int s, fromlen = sizeof(from); + + s = accept(pdata, (struct sockaddr *)&from, &fromlen); + if (s < 0) { + reply(425, "Can't open data connection."); + close(pdata); + pdata = -1; + return (NULL); + } + close(pdata); + pdata = s; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos, + sizeof(int)); +#endif + reply(150, "Opening %s mode data connection for '%s'%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + return (fdopen(pdata, mode)); + } + if (data >= 0) { + reply(125, "Using existing data connection for '%s'%s.", + name, sizebuf); + usedefault = 1; + return (fdopen(data, mode)); + } + if (usedefault) + data_dest = his_addr; + usedefault = 1; + file = getdatasock(mode); + if (file == NULL) { + reply(425, "Can't create data socket (%s,%d): %s.", + inet_ntoa(data_source.sin_addr), + ntohs(data_source.sin_port), strerror(errno)); + return (NULL); + } + data = fileno(file); + while (connect(data, (struct sockaddr *)&data_dest, + sizeof(data_dest)) < 0) { + if (errno == EADDRINUSE && retry < swaitmax) { + sleep((unsigned) swaitint); + retry += swaitint; + continue; + } + perror_reply(425, "Can't build data connection"); + fclose(file); + data = -1; + return (NULL); + } + reply(150, "Opening %s mode data connection for '%s'%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + return (file); +} + +/* + * Tranfer the contents of "instr" to "outstr" peer using the appropriate + * encapsulation of the data subject * to Mode, Structure, and Type. + * + * NB: Form isn't handled. + */ +static void +send_data(FILE *instr, FILE *outstr) +{ + int c, cnt, filefd, netfd; + static char *buf; + static size_t bufsize; + int i = 0; + char s[1024]; + + transflag++; + if (setjmp(urgcatch)) { + transflag = 0; + return; + } + switch (type) { + + case TYPE_A: + while ((c = getc(instr)) != EOF) { + byte_count++; + if(i > 1022){ + auth_write(fileno(outstr), s, i); + i = 0; + } + if(c == '\n') + s[i++] = '\r'; + s[i++] = c; + } + if(i) + auth_write(fileno(outstr), s, i); + auth_write(fileno(outstr), s, 0); + fflush(outstr); + transflag = 0; + if (ferror(instr)) + goto file_err; + if (ferror(outstr)) + goto data_err; + reply(226, "Transfer complete."); + return; + + case TYPE_I: + case TYPE_L: +#ifdef HAVE_MMAP +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + { + struct stat st; + char *chunk; + int in = fileno(instr); + if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)) { + chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, in, 0); + if(chunk != (void *)MAP_FAILED) { + cnt = st.st_size - restart_point; + auth_write(fileno(outstr), + chunk + restart_point, + cnt); + munmap(chunk, st.st_size); + auth_write(fileno(outstr), NULL, 0); + byte_count = cnt; + transflag = 0; + } + } + } + +#endif + if(transflag){ + struct stat st; + + netfd = fileno(outstr); + filefd = fileno(instr); + buf = alloc_buffer (buf, &bufsize, + fstat(filefd, &st) >= 0 ? &st : NULL); + if (buf == NULL) { + transflag = 0; + perror_reply(451, "Local resource failure: malloc"); + return; + } + while ((cnt = read(filefd, buf, bufsize)) > 0 && + auth_write(netfd, buf, cnt) == cnt) + byte_count += cnt; + auth_write(netfd, buf, 0); /* to end an encrypted stream */ + transflag = 0; + if (cnt != 0) { + if (cnt < 0) + goto file_err; + goto data_err; + } + } + reply(226, "Transfer complete."); + return; + default: + transflag = 0; + reply(550, "Unimplemented TYPE %d in send_data", type); + return; + } + +data_err: + transflag = 0; + perror_reply(426, "Data connection"); + return; + +file_err: + transflag = 0; + perror_reply(551, "Error on input file"); +} + +/* + * Transfer data from peer to "outstr" using the appropriate encapulation of + * the data subject to Mode, Structure, and Type. + * + * N.B.: Form isn't handled. + */ +static int +receive_data(FILE *instr, FILE *outstr) +{ + int cnt, bare_lfs = 0; + static char *buf; + static size_t bufsize; + struct stat st; + + transflag++; + if (setjmp(urgcatch)) { + transflag = 0; + return (-1); + } + + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(outstr), &st) >= 0 ? &st : NULL); + if (buf == NULL) { + transflag = 0; + perror_reply(451, "Local resource failure: malloc"); + return -1; + } + + switch (type) { + + case TYPE_I: + case TYPE_L: + while ((cnt = auth_read(fileno(instr), buf, bufsize)) > 0) { + if (write(fileno(outstr), buf, cnt) != cnt) + goto file_err; + byte_count += cnt; + } + if (cnt < 0) + goto data_err; + transflag = 0; + return (0); + + case TYPE_E: + reply(553, "TYPE E not implemented."); + transflag = 0; + return (-1); + + case TYPE_A: + { + char *p, *q; + int cr_flag = 0; + while ((cnt = auth_read(fileno(instr), + buf + cr_flag, + bufsize - cr_flag)) > 0){ + byte_count += cnt; + cnt += cr_flag; + cr_flag = 0; + for(p = buf, q = buf; p < buf + cnt;) { + if(*p == '\n') + bare_lfs++; + if(*p == '\r') + if(p == buf + cnt - 1){ + cr_flag = 1; + p++; + continue; + }else if(p[1] == '\n'){ + *q++ = '\n'; + p += 2; + continue; + } + *q++ = *p++; + } + fwrite(buf, q - buf, 1, outstr); + if(cr_flag) + buf[0] = '\r'; + } + if(cr_flag) + putc('\r', outstr); + fflush(outstr); + if (ferror(instr)) + goto data_err; + if (ferror(outstr)) + goto file_err; + transflag = 0; + if (bare_lfs) { + lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n" + " File may not have transferred correctly.\r\n", + bare_lfs); + } + return (0); + } + default: + reply(550, "Unimplemented TYPE %d in receive_data", type); + transflag = 0; + return (-1); + } + +data_err: + transflag = 0; + perror_reply(426, "Data Connection"); + return (-1); + +file_err: + transflag = 0; + perror_reply(452, "Error writing file"); + return (-1); +} + +void +statfilecmd(char *filename) +{ + FILE *fin; + int c; + char line[LINE_MAX]; + + snprintf(line, sizeof(line), "/bin/ls -la %s", filename); + fin = ftpd_popen(line, "r", 1, 0); + lreply(211, "status of %s:", filename); + while ((c = getc(fin)) != EOF) { + if (c == '\n') { + if (ferror(stdout)){ + perror_reply(421, "control connection"); + ftpd_pclose(fin); + dologout(1); + /* NOTREACHED */ + } + if (ferror(fin)) { + perror_reply(551, filename); + ftpd_pclose(fin); + return; + } + putc('\r', stdout); + } + putc(c, stdout); + } + ftpd_pclose(fin); + reply(211, "End of Status"); +} + +void +statcmd(void) +{ +#if 0 + struct sockaddr_in *sin; + u_char *a, *p; + + lreply(211, "%s FTP server status:", hostname, version); + printf(" %s\r\n", version); + printf(" Connected to %s", remotehost); + if (!isdigit(remotehost[0])) + printf(" (%s)", inet_ntoa(his_addr.sin_addr)); + printf("\r\n"); + if (logged_in) { + if (guest) + printf(" Logged in anonymously\r\n"); + else + printf(" Logged in as %s\r\n", pw->pw_name); + } else if (askpasswd) + printf(" Waiting for password\r\n"); + else + printf(" Waiting for user name\r\n"); + printf(" TYPE: %s", typenames[type]); + if (type == TYPE_A || type == TYPE_E) + printf(", FORM: %s", formnames[form]); + if (type == TYPE_L) +#if NBBY == 8 + printf(" %d", NBBY); +#else + printf(" %d", bytesize); /* need definition! */ +#endif + printf("; STRUcture: %s; transfer MODE: %s\r\n", + strunames[stru], modenames[mode]); + if (data != -1) + printf(" Data connection open\r\n"); + else if (pdata != -1) { + printf(" in Passive mode"); + sin = &pasv_addr; + goto printaddr; + } else if (usedefault == 0) { + printf(" PORT"); + sin = &data_dest; +printaddr: + a = (u_char *) &sin->sin_addr; + p = (u_char *) &sin->sin_port; +#define UC(b) (((int) b) & 0xff) + printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]), + UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); +#undef UC + } else + printf(" No data connection\r\n"); +#endif + reply(211, "End of status"); +} + +void +fatal(char *s) +{ + + reply(451, "Error in server: %s\n", s); + reply(221, "Closing connection due to server error."); + dologout(0); + /* NOTREACHED */ +} + +static void +int_reply(int, char *, const char *, va_list) +#ifdef __GNUC__ +__attribute__ ((format (printf, 3, 0))) +#endif +; + +static void +int_reply(int n, char *c, const char *fmt, va_list ap) +{ + char buf[10240]; + char *p; + p=buf; + if(n){ + snprintf(p, sizeof(buf), "%d%s", n, c); + p+=strlen(p); + } + vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap); + p+=strlen(p); + snprintf(p, sizeof(buf) - strlen(p), "\r\n"); + p+=strlen(p); + auth_printf("%s", buf); + fflush(stdout); + if (debug) + syslog(LOG_DEBUG, "<--- %s- ", buf); +} + +void +reply(int n, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(n, " ", fmt, ap); + delete_ftp_command(); + va_end(ap); +} + +void +lreply(int n, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(n, "-", fmt, ap); + va_end(ap); +} + +void +nreply(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(0, NULL, fmt, ap); + va_end(ap); +} + +static void +ack(char *s) +{ + + reply(250, "%s command successful.", s); +} + +void +nack(char *s) +{ + + reply(502, "%s command not implemented.", s); +} + +/* ARGSUSED */ +void +yyerror(char *s) +{ + char *cp; + + if ((cp = strchr(cbuf,'\n'))) + *cp = '\0'; + reply(500, "'%s': command not understood.", cbuf); +} + +void +do_delete(char *name) +{ + struct stat st; + + LOGCMD("delete", name); + if (stat(name, &st) < 0) { + perror_reply(550, name); + return; + } + if ((st.st_mode&S_IFMT) == S_IFDIR) { + if (rmdir(name) < 0) { + perror_reply(550, name); + return; + } + goto done; + } + if (unlink(name) < 0) { + perror_reply(550, name); + return; + } +done: + ack("DELE"); +} + +void +cwd(char *path) +{ + + if (chdir(path) < 0) + perror_reply(550, path); + else + ack("CWD"); +} + +void +makedir(char *name) +{ + + LOGCMD("mkdir", name); + if(guest && filename_check(name)) + return; + if (mkdir(name, 0777) < 0) + perror_reply(550, name); + else{ + if(guest) + chmod(name, 0700); /* guest has umask 777 */ + reply(257, "MKD command successful."); + } +} + +void +removedir(char *name) +{ + + LOGCMD("rmdir", name); + if (rmdir(name) < 0) + perror_reply(550, name); + else + ack("RMD"); +} + +void +pwd(void) +{ + char path[MaxPathLen + 1]; + char *ret; + + /* SunOS has a broken getcwd that does popen(pwd) (!!!), this + * failes miserably when running chroot + */ + ret = getcwd(path, sizeof(path)); + if (ret == NULL) + reply(550, "%s.", strerror(errno)); + else + reply(257, "\"%s\" is current directory.", path); +} + +char * +renamefrom(char *name) +{ + struct stat st; + + if (stat(name, &st) < 0) { + perror_reply(550, name); + return NULL; + } + reply(350, "File exists, ready for destination name"); + return (name); +} + +void +renamecmd(char *from, char *to) +{ + + LOGCMD2("rename", from, to); + if(guest && filename_check(to)) + return; + if (rename(from, to) < 0) + perror_reply(550, "rename"); + else + ack("RNTO"); +} + +static void +dolog(struct sockaddr_in *sin) +{ + inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost)); +#ifdef HAVE_SETPROCTITLE + snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); + setproctitle(proctitle); +#endif /* HAVE_SETPROCTITLE */ + + if (logging) + syslog(LOG_INFO, "connection from %s(%s)", + remotehost, + inet_ntoa(his_addr.sin_addr)); +} + +/* + * Record logout in wtmp file + * and exit with supplied status. + */ +void +dologout(int status) +{ + transflag = 0; + if (logged_in) { + seteuid((uid_t)0); + logwtmp(ttyline, "", ""); + dest_tkt(); + if(k_hasafs()) + k_unlog(); + } + /* beware of flushing buffers after a SIGPIPE */ +#ifdef XXX + exit(status); +#else + _exit(status); +#endif +} + +void abor(void) +{ +} + +static void +myoob(int signo) +{ +#if 0 + char *cp; +#endif + + /* only process if transfer occurring */ + if (!transflag) + return; + + /* This is all XXX */ + oobflag = 1; + /* if the command resulted in a new command, + parse that as well */ + do{ + yyparse(); + } while(ftp_command); + oobflag = 0; + +#if 0 + cp = tmpline; + if (getline(cp, 7) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } + upper(cp); + if (strcmp(cp, "ABOR\r\n") == 0) { + tmpline[0] = '\0'; + reply(426, "Transfer aborted. Data connection closed."); + reply(226, "Abort successful"); + longjmp(urgcatch, 1); + } + if (strcmp(cp, "STAT\r\n") == 0) { + if (file_size != (off_t) -1) + reply(213, "Status: %ld of %ld bytes transferred", + (long)byte_count, + (long)file_size); + else + reply(213, "Status: %ld bytes transferred" + (long)byte_count); + } +#endif +} + +/* + * Note: a response of 425 is not mentioned as a possible response to + * the PASV command in RFC959. However, it has been blessed as + * a legitimate response by Jon Postel in a telephone conversation + * with Rick Adams on 25 Jan 89. + */ +void +passive(void) +{ + int len; + char *p, *a; + + pdata = socket(AF_INET, SOCK_STREAM, 0); + if (pdata < 0) { + perror_reply(425, "Can't open passive connection"); + return; + } + pasv_addr = ctrl_addr; + pasv_addr.sin_port = 0; + seteuid((uid_t)0); + if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) { + seteuid((uid_t)pw->pw_uid); + goto pasv_error; + } + seteuid((uid_t)pw->pw_uid); + len = sizeof(pasv_addr); + if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0) + goto pasv_error; + if (listen(pdata, 1) < 0) + goto pasv_error; + a = (char *) &pasv_addr.sin_addr; + p = (char *) &pasv_addr.sin_port; + +#define UC(b) (((int) b) & 0xff) + + reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), + UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); + return; + +pasv_error: + close(pdata); + pdata = -1; + perror_reply(425, "Can't open passive connection"); + return; +} + +/* + * Generate unique name for file with basename "local". + * The file named "local" is already known to exist. + * Generates failure reply on error. + */ +static char * +gunique(char *local) +{ + static char new[MaxPathLen]; + struct stat st; + int count; + char *cp; + + cp = strrchr(local, '/'); + if (cp) + *cp = '\0'; + if (stat(cp ? local : ".", &st) < 0) { + perror_reply(553, cp ? local : "."); + return NULL; + } + if (cp) + *cp = '/'; + for (count = 1; count < 100; count++) { + snprintf (new, sizeof(new), "%s.%d", local, count); + if (stat(new, &st) < 0) + return (new); + } + reply(452, "Unique file name cannot be created."); + return (NULL); +} + +/* + * Format and send reply containing system error number. + */ +void +perror_reply(int code, char *string) +{ + reply(code, "%s: %s.", string, strerror(errno)); +} + +static char *onefile[] = { + "", + 0 +}; + +void +send_file_list(char *whichf) +{ + struct stat st; + DIR *dirp = NULL; + struct dirent *dir; + FILE *dout = NULL; + char **dirlist, *dirname; + int simple = 0; + int freeglob = 0; + glob_t gl; + char buf[MaxPathLen]; + + if (strpbrk(whichf, "~{[*?") != NULL) { + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + freeglob = 1; + if (glob(whichf, flags, 0, &gl)) { + reply(550, "not found"); + goto out; + } else if (gl.gl_pathc == 0) { + errno = ENOENT; + perror_reply(550, whichf); + goto out; + } + dirlist = gl.gl_pathv; + } else { + onefile[0] = whichf; + dirlist = onefile; + simple = 1; + } + + if (setjmp(urgcatch)) { + transflag = 0; + goto out; + } + while ((dirname = *dirlist++)) { + if (stat(dirname, &st) < 0) { + /* + * If user typed "ls -l", etc, and the client + * used NLST, do what the user meant. + */ + if (dirname[0] == '-' && *dirlist == NULL && + transflag == 0) { + retrieve("/bin/ls %s", dirname); + goto out; + } + perror_reply(550, whichf); + if (dout != NULL) { + fclose(dout); + transflag = 0; + data = -1; + pdata = -1; + } + goto out; + } + + if (S_ISREG(st.st_mode)) { + if (dout == NULL) { + dout = dataconn("file list", (off_t)-1, "w"); + if (dout == NULL) + goto out; + transflag++; + } + snprintf(buf, sizeof(buf), "%s%s\n", dirname, + type == TYPE_A ? "\r" : ""); + auth_write(fileno(dout), buf, strlen(buf)); + byte_count += strlen(dirname) + 1; + continue; + } else if (!S_ISDIR(st.st_mode)) + continue; + + if ((dirp = opendir(dirname)) == NULL) + continue; + + while ((dir = readdir(dirp)) != NULL) { + char nbuf[MaxPathLen]; + + if (!strcmp(dir->d_name, ".")) + continue; + if (!strcmp(dir->d_name, "..")) + continue; + + snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name); + + /* + * We have to do a stat to insure it's + * not a directory or special file. + */ + if (simple || (stat(nbuf, &st) == 0 && + S_ISREG(st.st_mode))) { + if (dout == NULL) { + dout = dataconn("file list", (off_t)-1, "w"); + if (dout == NULL) + goto out; + transflag++; + } + if(strncmp(nbuf, "./", 2) == 0) + snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2, + type == TYPE_A ? "\r" : ""); + else + snprintf(buf, sizeof(buf), "%s%s\n", nbuf, + type == TYPE_A ? "\r" : ""); + auth_write(fileno(dout), buf, strlen(buf)); + byte_count += strlen(nbuf) + 1; + } + } + closedir(dirp); + } + if (dout == NULL) + reply(550, "No files found."); + else if (ferror(dout) != 0) + perror_reply(550, "Data connection"); + else + reply(226, "Transfer complete."); + + transflag = 0; + if (dout != NULL){ + auth_write(fileno(dout), buf, 0); /* XXX flush */ + + fclose(dout); + } + data = -1; + pdata = -1; +out: + if (freeglob) { + freeglob = 0; + globfree(&gl); + } +} + + +int +find(char *pattern) +{ + char line[1024]; + FILE *f; + + snprintf(line, sizeof(line), + "/bin/locate -d %s %s", + ftp_rooted("/etc/locatedb"), + pattern); + f = ftpd_popen(line, "r", 1, 1); + if(f == NULL){ + perror_reply(550, "/bin/locate"); + return 1; + } + lreply(200, "Output from find."); + while(fgets(line, sizeof(line), f)){ + if(line[strlen(line)-1] == '\n') + line[strlen(line)-1] = 0; + nreply("%s", line); + } + reply(200, "Done"); + ftpd_pclose(f); + return 0; +} + diff --git a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c new file mode 100644 index 0000000..02d23d6 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c @@ -0,0 +1,325 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: kauth.c,v 1.14 1997/05/07 02:21:30 assar Exp $"); + +#include +#include +#include + +#include +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#include + +#include +#include +#include + +#include "extern.h" +#include "krb4.h" +#include "auth.h" +#include "base64.h" + +static KTEXT_ST cip; +static unsigned int lifetime; +static time_t local_time; + +static krb_principal pr; + +static int +save_tkt(char *user, char *instance, char *realm, void *arg, + int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp) +{ + local_time = time(0); + memmove(&cip, *cipp, sizeof(cip)); + return -1; +} + +static int +store_ticket(KTEXT cip) +{ + char *ptr; + des_cblock session; + krb_principal sp; + unsigned char kvno; + KTEXT_ST tkt; + int left = cip->length; + + int kerror; + + time_t kdc_time; + + ptr = (char *) cip->dat; + + /* extract session key */ + memmove(session, ptr, 8); + ptr += 8; + left -= 8; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's name */ + strcpy(sp.name, ptr); + ptr += strlen(sp.name) + 1; + left -= strlen(sp.name) + 1; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's instance */ + strcpy(sp.instance, ptr); + ptr += strlen(sp.instance) + 1; + left -= strlen(sp.instance) + 1; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's realm */ + strcpy(sp.realm,ptr); + ptr += strlen(sp.realm) + 1; + left -= strlen(sp.realm) + 1; + + if(left < 3) + return INTK_BADPW; + /* extract ticket lifetime, server key version, ticket length */ + /* be sure to avoid sign extension on lifetime! */ + lifetime = (unsigned char) ptr[0]; + kvno = (unsigned char) ptr[1]; + tkt.length = (unsigned char) ptr[2]; + ptr += 3; + left -= 3; + + if (tkt.length > left) + return(INTK_BADPW); + + /* extract ticket itself */ + memmove(tkt.dat, ptr, tkt.length); + ptr += tkt.length; + left -= tkt.length; + + /* Here is where the time should be verified against the KDC. + * Unfortunately everything is sent in host byte order (receiver + * makes wrong) , and at this stage there is no way for us to know + * which byteorder the KDC has. So we simply ignore the time, + * there are no security risks with this, the only thing that can + * happen is that we might receive a replayed ticket, which could + * at most be useless. + */ + +#if 0 + /* check KDC time stamp */ + memmove(&kdc_time, ptr, sizeof(kdc_time)); + if (swap_bytes) swap_u_long(kdc_time); + + ptr += 4; + + if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) { + return(RD_AP_TIME); /* XXX should probably be better + code */ + } +#endif + + /* initialize ticket cache */ + + if (tf_create(TKT_FILE) != KSUCCESS) + return(INTK_ERR); + + if (tf_put_pname(pr.name) != KSUCCESS || + tf_put_pinst(pr.instance) != KSUCCESS) { + tf_close(); + return(INTK_ERR); + } + + + kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, + lifetime, kvno, &tkt, local_time); + tf_close(); + + return(kerror); +} + +void kauth(char *principal, char *ticket) +{ + char *p; + int ret; + + ret = krb_parse_name(principal, &pr); + if(ret){ + reply(500, "Bad principal: %s.", krb_get_err_text(ret)); + return; + } + if(pr.realm[0] == 0) + krb_get_lrealm(pr.realm, 1); + + if(ticket){ + cip.length = base64_decode(ticket, &cip.dat); + if(cip.length == -1){ + reply(500, "Failed to decode data."); + return; + } + ret = store_ticket(&cip); + if(ret){ + reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); + memset(&cip, 0, sizeof(cip)); + return; + } + if(k_hasafs()) + k_afsklog(0, 0); + reply(200, "Tickets will be destroyed on exit."); + return; + } + + ret = krb_get_in_tkt (pr.name, + pr.instance, + pr.realm, + KRB_TICKET_GRANTING_TICKET, + pr.realm, + DEFAULT_TKT_LIFE, + NULL, save_tkt, NULL); + if(ret != INTK_BADPW){ + reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); + return; + } + base64_encode(cip.dat, cip.length, &p); + reply(300, "P=%s T=%s", krb_unparse_name(&pr), p); + free(p); + memset(&cip, 0, sizeof(cip)); +} + + +static char * +short_date(int32_t dp) +{ + char *cp; + time_t t = (time_t)dp; + + if (t == (time_t)(-1L)) return "*** Never *** "; + cp = ctime(&t) + 4; + cp[15] = '\0'; + return (cp); +} + +void klist(void) +{ + int err; + + char *file = tkt_string(); + + krb_principal pr; + + char buf1[128], buf2[128]; + int header = 1; + CREDENTIALS c; + + + + err = tf_init(file, R_TKT_FIL); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + tf_close(); + + /* + * We must find the realm of the ticket file here before calling + * tf_init because since the realm of the ticket file is not + * really stored in the principal section of the file, the + * routine we use must itself call tf_init and tf_close. + */ + err = krb_get_tf_realm(file, pr.realm); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + err = tf_init(file, R_TKT_FIL); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + err = tf_get_pname(pr.name); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + err = tf_get_pinst(pr.instance); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + /* + * You may think that this is the obvious place to get the + * realm of the ticket file, but it can't be done here as the + * routine to do this must open the ticket file. This is why + * it was done before tf_init. + */ + + lreply(200, "Principal: %s", krb_unparse_name(&pr)); + while ((err = tf_get_cred(&c)) == KSUCCESS) { + if (header) { + lreply(200, "%-15s %-15s %s", + " Issued", " Expires", " Principal (kvno)"); + header = 0; + } + strcpy(buf1, short_date(c.issue_date)); + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (time(0) < (unsigned long) c.issue_date) + strcpy(buf2, short_date(c.issue_date)); + else + strcpy(buf2, ">>> Expired <<< "); + lreply(200, "%s %s %s (%d)", buf1, buf2, + krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); + } + if (header && err == EOF) { + lreply(200, "No tickets in file."); + } + reply(200, ""); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.c b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c new file mode 100644 index 0000000..2457c61 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c @@ -0,0 +1,372 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: krb4.c,v 1.19 1997/05/11 09:00:07 assar Exp $"); +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_NETINET_IN_h +#include +#endif + +#include +#include +#include +#include +#include + +#include "base64.h" +#include "extern.h" +#include "auth.h" +#include "krb4.h" + +#include + +static AUTH_DAT auth_dat; +static des_key_schedule schedule; + +int krb4_auth(char *auth) +{ + auth_complete = 0; + reply(334, "Using authentication type %s; ADAT must follow", auth); + return 0; +} + +int krb4_adat(char *auth) +{ + KTEXT_ST tkt; + char *p; + int kerror; + u_int32_t cs; + char msg[35]; /* size of encrypted block */ + int len; + + char inst[INST_SZ]; + + memset(&tkt, 0, sizeof(tkt)); + len = base64_decode(auth, tkt.dat); + + if(len < 0){ + reply(501, "Failed to decode base64 data."); + return -1; + } + tkt.length = len; + + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "ftp", inst, 0, &auth_dat, ""); + if(kerror == RD_AP_UNDEC){ + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "rcmd", inst, 0, &auth_dat, ""); + } + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + return -1; + } + + des_set_key(&auth_dat.session, schedule); + + cs = auth_dat.checksum + 1; + { + unsigned char tmp[4]; + tmp[0] = (cs >> 24) & 0xff; + tmp[1] = (cs >> 16) & 0xff; + tmp[2] = (cs >> 8) & 0xff; + tmp[3] = cs & 0xff; + len = krb_mk_safe(tmp, msg, 4, &auth_dat.session, + &ctrl_addr, &his_addr); + } + if(len < 0){ + reply(535, "Error creating reply: %s.", strerror(errno)); + return -1; + } + base64_encode(msg, len, &p); + reply(235, "ADAT=%s", p); + auth_complete = 1; + free(p); + return 0; +} + +int krb4_pbsz(int size) +{ + if(size > 1048576) /* XXX arbitrary number */ + size = 1048576; + buffer_size = size; + reply(200, "OK PBSZ=%d", buffer_size); + return 0; +} + +int krb4_prot(int level) +{ + if(level == prot_confidential) + return -1; + return 0; +} + +int krb4_ccc(void) +{ + reply(534, "Don't event think about it."); + return -1; +} + +int krb4_mic(char *msg) +{ + int len; + int kerror; + MSG_DAT m_data; + char *tmp, *cmd; + + cmd = strdup(msg); + + len = base64_decode(msg, cmd); + if(len < 0){ + reply(501, "Failed to decode base 64 data."); + free(cmd); + return -1; + } + kerror = krb_rd_safe(cmd, len, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + free(cmd); + return -1; + } + + tmp = malloc(strlen(msg) + 1); + snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data); + if(!strstr(tmp, "\r\n")) + strcat(tmp, "\r\n"); + new_ftp_command(tmp); + free(cmd); + return 0; +} + +int krb4_conf(char *msg) +{ + prot_level = prot_safe; + + reply(537, "Protection level not supported."); + return -1; +} + +int krb4_enc(char *msg) +{ + int len; + int kerror; + MSG_DAT m_data; + char *tmp, *cmd; + + cmd = strdup(msg); + + len = base64_decode(msg, cmd); + if(len < 0){ + reply(501, "Failed to decode base 64 data."); + free(cmd); + return -1; + } + kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + free(cmd); + return -1; + } + + tmp = strdup(msg); + snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data); + if(!strstr(tmp, "\r\n")) + strcat(tmp, "\r\n"); + new_ftp_command(tmp); + free(cmd); + return 0; +} + +int krb4_read(int fd, void *data, int length) +{ + static int left; + static char *extra; + static int eof; + int len, bytes, tx = 0; + + MSG_DAT m_data; + int kerror; + + if(eof){ /* if we haven't reported an end-of-file, do so */ + eof = 0; + return 0; + } + + if(left){ + if(length > left) + bytes = left; + else + bytes = length; + memmove(data, extra, bytes); + left -= bytes; + if(left) + memmove(extra, extra + bytes, left); + else + free(extra); + length -= bytes; + tx += bytes; + } + + while(length){ + unsigned char tmp[4]; + if(krb_net_read(fd, tmp, 4) < 4){ + reply(400, "Unexpected end of file.\n"); + return -1; + } + len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + krb_net_read(fd, data_buffer, len); + if(data_protection == prot_safe) + kerror = krb_rd_safe(data_buffer, len, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + else + kerror = krb_rd_priv(data_buffer, len, schedule, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(400, "Failed to read data: %s.", krb_get_err_text(kerror)); + return -1; + } + + bytes = m_data.app_length; + if(bytes == 0){ + if(tx) eof = 1; + return tx; + } + if(bytes > length){ + left = bytes - length; + bytes = length; + extra = malloc(left); + memmove(extra, m_data.app_data + bytes, left); + } + memmove((unsigned char*)data + tx, m_data.app_data, bytes); + tx += bytes; + length -= bytes; + } + return tx; +} + +int krb4_write(int fd, void *data, int length) +{ + int len, bytes, tx = 0; + + len = buffer_size; + if(data_protection == prot_safe) + len -= 31; /* always 31 bytes overhead */ + else + len -= 26; /* at most 26 bytes */ + + do{ + if(length < len) + len = length; + if(data_protection == prot_safe) + bytes = krb_mk_safe(data, data_buffer+4, len, &auth_dat.session, + &ctrl_addr, &his_addr); + else + bytes = krb_mk_priv(data, data_buffer+4, len, schedule, + &auth_dat.session, + &ctrl_addr, &his_addr); + if(bytes == -1){ + reply(535, "Failed to make packet: %s.", strerror(errno)); + return -1; + } + data_buffer[0] = (bytes >> 24) & 0xff; + data_buffer[1] = (bytes >> 16) & 0xff; + data_buffer[2] = (bytes >> 8) & 0xff; + data_buffer[3] = bytes & 0xff; + if(krb_net_write(fd, data_buffer, bytes+4) < 0) + return -1; + length -= len; + data = (unsigned char*)data + len; + tx += len; + }while(length); + return tx; +} + +int krb4_userok(char *name) +{ + if(!kuserok(&auth_dat, name)){ + do_login(232, name); + }else{ + reply(530, "User %s access denied.", name); + } + return 0; +} + + +int +krb4_vprintf(const char *fmt, va_list ap) +{ + char buf[10240]; + char *p; + char *enc; + int code; + int len; + + vsnprintf (buf, sizeof(buf), fmt, ap); + enc = malloc(strlen(buf) + 31); + if(prot_level == prot_safe){ + len = krb_mk_safe((u_char*)buf, (u_char*)enc, strlen(buf), &auth_dat.session, + &ctrl_addr, &his_addr); + code = 631; + }else if(prot_level == prot_private){ + len = krb_mk_priv((u_char*)buf, (u_char*)enc, strlen(buf), schedule, + &auth_dat.session, &ctrl_addr, &his_addr); + code = 632; + }else{ + len = 0; /* XXX */ + code = 631; + } + base64_encode(enc, len, &p); + fprintf(stdout, "%d %s\r\n", code, p); + free(enc); + free(p); + return 0; +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.h b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h new file mode 100644 index 0000000..f777dbd --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb4.h,v 1.6 1997/04/01 08:17:29 joda Exp $ */ + +#ifndef __KRB4_H__ +#define __KRB4_H__ + +#include + +int krb4_auth(char *auth); +int krb4_adat(char *auth); +int krb4_pbsz(int size); +int krb4_prot(int level); +int krb4_ccc(void); +int krb4_mic(char *msg); +int krb4_conf(char *msg); +int krb4_enc(char *msg); + +int krb4_read(int fd, void *data, int length); +int krb4_write(int fd, void *data, int length); + +int krb4_userok(char *name); +int krb4_vprintf(const char *fmt, va_list ap); + +#endif /* __KRB4_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c new file mode 100644 index 0000000..95ab216 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $"); +#endif + +#include +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_UTMP_H +#include +#endif +#ifdef HAVE_UTMPX_H +#include +#endif +#include "extern.h" + +#ifndef WTMP_FILE +#ifdef _PATH_WTMP +#define WTMP_FILE _PATH_WTMP +#else +#define WTMP_FILE "/var/adm/wtmp" +#endif +#endif + +void +logwtmp(char *line, char *name, char *host) +{ + static int init = 0; + static int fd, fdx; + struct timeval tv; + struct utmp ut; +#ifdef WTMPX_FILE + struct utmpx utx; +#endif + + memset(&ut, 0, sizeof(struct utmp)); +#ifdef HAVE_UT_TYPE + if(name[0]) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; +#endif + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); +#ifdef HAVE_UT_PID + ut.ut_pid = getpid(); +#endif +#ifdef HAVE_UT_HOST + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); +#endif + ut.ut_time = time(NULL); + +#ifdef WTMPX_FILE + strncpy(utx.ut_line, line, sizeof(utx.ut_line)); + strncpy(utx.ut_user, name, sizeof(utx.ut_user)); + strncpy(utx.ut_host, host, sizeof(utx.ut_host)); +#ifdef HAVE_UT_SYSLEN + utx.ut_syslen = strlen(host) + 1; + if (utx.ut_syslen > sizeof(utx.ut_host)) + utx.ut_syslen = sizeof(utx.ut_host); +#endif + gettimeofday (&tv, 0); + utx.ut_tv.tv_sec = tv.tv_sec; + utx.ut_tv.tv_usec = tv.tv_usec; + + if(name[0]) + utx.ut_type = USER_PROCESS; + else + utx.ut_type = DEAD_PROCESS; +#endif + + if(!init){ + fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0); +#ifdef WTMPX_FILE + fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0); +#endif + init = 1; + } + if(fd >= 0) { + write(fd, &ut, sizeof(struct utmp)); /* XXX */ +#ifdef WTMPX_FILE + write(fdx, &utx, sizeof(struct utmpx)); +#endif + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h new file mode 100644 index 0000000..1bd2be1 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/4/93 + */ + +#ifdef HAVE_PATHS_H +#include +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#ifndef _PATH_NOLOGIN +#define _PATH_NOLOGIN "/etc/nologin" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#define _PATH_FTPUSERS "/etc/ftpusers" +#define _PATH_FTPCHROOT "/etc/ftpchroot" +#define _PATH_FTPWELCOME "/etc/ftpwelcome" +#define _PATH_FTPLOGINMESG "/etc/motd" diff --git a/crypto/kerberosIV/appl/ftp/ftpd/popen.c b/crypto/kerberosIV/appl/ftp/ftpd/popen.c new file mode 100644 index 0000000..58c4985 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/popen.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software written by Ken Arnold and + * published in UNIX Review, Vol. 6, No. 8. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: popen.c,v 1.16 1997/06/01 03:14:06 assar Exp $"); +#endif + +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "extern.h" + +#include + +/* + * Special version of popen which avoids call to shell. This ensures + * no one may create a pipe to a hidden program as a side effect of a + * list or dir command. + */ +static int *pids; +static int fds; + +extern int dochroot; + +/* return path prepended with ~ftp if that file exists, otherwise + * return path unchanged + */ + +const char * +ftp_rooted(const char *path) +{ + static char home[MaxPathLen] = ""; + static char newpath[MaxPathLen]; + struct passwd *pwd; + + if(!home[0]) + if((pwd = k_getpwnam("ftp"))) + strcpy(home, pwd->pw_dir); + snprintf(newpath, sizeof(newpath), "%s/%s", home, path); + if(access(newpath, X_OK)) + strcpy(newpath, path); + return newpath; +} + + +FILE * +ftpd_popen(char *program, char *type, int do_stderr, int no_glob) +{ + char *cp; + FILE *iop; + int argc, gargc, pdes[2], pid; + char **pop, *argv[100], *gargv[1000]; + char *foo; + + if (strcmp(type, "r") && strcmp(type, "w")) + return (NULL); + + if (!pids) { + + /* This function is ugly and should be rewritten, in + * modern unices there is no such thing as a maximum + * filedescriptor. + */ + + fds = getdtablesize(); + pids = (int*)calloc(fds, sizeof(int)); + if(!pids) + return NULL; + } + if (pipe(pdes) < 0) + return (NULL); + + /* break up string into pieces */ + for (argc = 0, cp = program;; cp = NULL) { + foo = NULL; + if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo))) + break; + } + + gargv[0] = (char*)ftp_rooted(argv[0]); + /* glob each piece */ + for (gargc = argc = 1; argv[argc]; argc++) { + glob_t gl; + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + if (no_glob || glob(argv[argc], flags, NULL, &gl)) + gargv[gargc++] = strdup(argv[argc]); + else + for (pop = gl.gl_pathv; *pop; pop++) + gargv[gargc++] = strdup(*pop); + globfree(&gl); + } + gargv[gargc] = NULL; + + iop = NULL; + switch(pid = fork()) { + case -1: /* error */ + close(pdes[0]); + close(pdes[1]); + goto pfree; + /* NOTREACHED */ + case 0: /* child */ + if (*type == 'r') { + if (pdes[1] != STDOUT_FILENO) { + dup2(pdes[1], STDOUT_FILENO); + close(pdes[1]); + } + if(do_stderr) + dup2(STDOUT_FILENO, STDERR_FILENO); + close(pdes[0]); + } else { + if (pdes[0] != STDIN_FILENO) { + dup2(pdes[0], STDIN_FILENO); + close(pdes[0]); + } + close(pdes[1]); + } + execv(gargv[0], gargv); + gargv[0] = argv[0]; + execv(gargv[0], gargv); + _exit(1); + } + /* parent; assume fdopen can't fail... */ + if (*type == 'r') { + iop = fdopen(pdes[0], type); + close(pdes[1]); + } else { + iop = fdopen(pdes[1], type); + close(pdes[0]); + } + pids[fileno(iop)] = pid; + +pfree: + for (argc = 1; gargv[argc] != NULL; argc++) + free(gargv[argc]); + + + return (iop); +} + +int +ftpd_pclose(FILE *iop) +{ + int fdes, status; + pid_t pid; + sigset_t sigset, osigset; + + /* + * pclose returns -1 if stream is not associated with a + * `popened' command, or, if already `pclosed'. + */ + if (pids == 0 || pids[fdes = fileno(iop)] == 0) + return (-1); + fclose(iop); + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGQUIT); + sigaddset(&sigset, SIGHUP); + sigprocmask(SIG_BLOCK, &sigset, &osigset); + while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR) + continue; + sigprocmask(SIG_SETMASK, &osigset, NULL); + pids[fdes] = 0; + if (pid < 0) + return (pid); + if (WIFEXITED(status)) + return (WEXITSTATUS(status)); + return (1); +} diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in new file mode 100644 index 0000000..97bfdb4 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/Makefile.in @@ -0,0 +1,112 @@ +# $Id: Makefile.in,v 1.33 1997/04/05 21:24:35 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir = ../.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DBINDIR='"$(bindir)"' +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt +PROG_LIBEXEC = kauthd$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES_KAUTH = kauth.c rkinit.c +SOURCES_KAUTHD = kauthd.c +SOURCES_COMMON = encdata.c marshall.c + +OBJECTS_KAUTH = kauth.o rkinit.o +OBJECTS_KAUTHD = kauthd.o +OBJECTS_COMMON = marshall.o encdata.o + +OBJECTS = $(OBJECTS_KAUTH) $(OBJECTS_KAUTHD) +SOURCES = $(SOURCES_KAUTH) $(SOURCES_KAUTHD) $(SOURCES_COMMON) + +KRB_KAFS_LIB = @KRB_KAFS_LIB@ + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) $(libexecdir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + if test -f $(bindir)/zrefresh -o -r $(bindir)/zrefresh; then \ + true; \ + else \ + $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \ + fi + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +LIBROKEN=-L../../lib/roken -lroken + +kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +ksrvtgt: ksrvtgt.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@ + chmod +x $@ + + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/appl/kauth/encdata.c b/crypto/kerberosIV/appl/kauth/encdata.c new file mode 100644 index 0000000..800326a --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/encdata.c @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $"); + +int +write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule, + des_cblock *session, struct sockaddr_in *me, + struct sockaddr_in *him) +{ + void *outbuf; + int32_t outlen, l; + int i; + unsigned char tmp[4]; + + outbuf = malloc(len + 30); + if (outbuf == NULL) + return -1; + outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him); + if (outlen < 0) { + free(outbuf); + return -1; + } + l = outlen; + for(i = 3; i >= 0; i--, l = l >> 8) + tmp[i] = l & 0xff; + if (krb_net_write (fd, tmp, 4) != 4 || + krb_net_write (fd, outbuf, outlen) != outlen) { + free(outbuf); + return -1; + } + + free(outbuf); + return 0; +} + + +int +read_encrypted (int fd, void *buf, size_t len, void **ret, + des_key_schedule schedule, des_cblock *session, + struct sockaddr_in *him, struct sockaddr_in *me) +{ + int status; + int32_t l; + MSG_DAT msg; + unsigned char tmp[4]; + + l = krb_net_read (fd, tmp, 4); + if (l != 4) + return l; + l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if (l > len) + return -1; + if (krb_net_read (fd, buf, l) != l) + return -1; + status = krb_rd_priv (buf, l, schedule, session, him, me, &msg); + if (status != RD_AP_OK) { + fprintf (stderr, "read_encrypted: %s\n", + krb_get_err_text(status)); + return -1; + } + *ret = msg.app_data; + return msg.app_length; +} diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c new file mode 100644 index 0000000..84614b0 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauth.c @@ -0,0 +1,312 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Little program that reads an srvtab or password and + * creates a suitable ticketfile and associated AFS tokens. + * + * If an optional command is given the command is executed in a + * new PAG and when the command exits the tickets are destroyed. + */ + +#include "kauth.h" + +RCSID("$Id: kauth.c,v 1.75 1997/05/02 15:09:24 assar Exp $"); + +krb_principal princ; +static char srvtab[MaxPathLen + 1]; +static int lifetime = DEFAULT_TKT_LIFE; +static char remote_tktfile[MaxPathLen + 1]; +static char remoteuser[100]; +static char *cell = 0; + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [-n ] [-r remoteuser] [-t remote ticketfile]" + "[-l lifetime (in minutes) ] [-h hosts... ]" + "[-f srvtab ] [-c AFS cell name ] [command ... ]\n", + __progname); + fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n"); + exit(1); +} + +static void +doexec(int argc, char **argv) +{ + int status; + pid_t ret; + + switch (fork()) { + case -1: + err (1, "fork"); + break; + case 0: + /* in child */ + execvp(argv[0], argv); + err (1, "Can't exec program ``%s''", argv[0]); + break; + default: + /* in parent */ + do { + ret = wait(&status); + } while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR)); + if (ret < 0) + perror("wait"); + dest_tkt(); + if (k_hasafs()) + k_unlog(); + break; + } +} + +static RETSIGTYPE +renew(int sig) +{ + int code; + + signal(SIGALRM, renew); + + code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, srvtab); + if (code) + warnx ("%s", krb_get_err_text(code)); + else if (k_hasafs()) + { + if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) { + warnx ("%s", krb_get_err_text(code)); + } + } + + alarm(krb_life_to_time(0, lifetime)/2 - 60); + SIGRETURN(0); +} + +static int +zrefresh(void) +{ + switch (fork()) { + case -1: + err (1, "Warning: Failed to fork zrefresh"); + return -1; + case 0: + /* Child */ + execlp("zrefresh", "zrefresh", 0); + execl(BINDIR "/zrefresh", "zrefresh", 0); + exit(1); + default: + /* Parent */ + break; + } + return 0; +} + +static int +key_to_key(char *user, char *instance, char *realm, void *arg, + des_cblock *key) +{ + memcpy(key, arg, sizeof(des_cblock)); + return 0; +} + +int +main(int argc, char **argv) +{ + int code, more_args; + int ret; + int c; + char *file; + int pflag = 0; + char passwd[100]; + des_cblock key; + char **host; + int nhost; + char tf[MaxPathLen]; + + set_progname (argv[0]); + + if ((file = getenv("KRBTKFILE")) == 0) + file = TKT_FILE; + + memset(&princ, 0, sizeof(princ)); + memset(srvtab, 0, sizeof(srvtab)); + *remoteuser = '\0'; + nhost = 0; + + while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF) + switch (c) { + case 'f': + strncpy(srvtab, optarg, sizeof(srvtab)); + break; + case 't': + strncpy(remote_tktfile, optarg, sizeof(remote_tktfile)); + break; + case 'r': + strncpy(remoteuser, optarg, sizeof(remoteuser)); + break; + case 'l': + lifetime = atoi(optarg); + if (lifetime == -1) + lifetime = 255; + else if (lifetime < 5) + lifetime = 1; + else + lifetime = krb_time_to_life(0, lifetime*60); + if (lifetime > 255) + lifetime = 255; + break; + case 'n': + if ((code = krb_parse_name(optarg, &princ)) != 0) { + warnx ("%s", krb_get_err_text(code)); + usage(); + } + strupr(princ.realm); + pflag = 1; + break; + case 'c': + cell = optarg; + break; + case 'h': + host = argv + optind; + for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind) + ++nhost; + break; + case '?': + default: + usage(); + break; + } + + /* Look for kerberos name */ + if (!pflag && optind < argc && krb_parse_name(argv[optind], &princ) == 0) { + ++optind; + strupr(princ.realm); + } + + if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, + princ.instance, + princ.realm) < 0) + errx (1, "Could not get default principal"); + + if (*remoteuser == '\0') + strcpy (remoteuser, princ.name); + + more_args = argc - optind; + + if (princ.realm[0] == '\0') + if (krb_get_lrealm(princ.realm, 1) != KSUCCESS) + strcpy(princ.realm, KRB_REALM); + + if (more_args) { + int f; + + do{ + snprintf(tf, sizeof(tf), + TKT_ROOT "%u_%u", + (unsigned)getuid(), + (unsigned)(getpid()*time(0))); + f = open(tf, O_CREAT|O_EXCL|O_RDWR); + }while(f < 0); + close(f); + unlink(tf); + setenv("KRBTKFILE", tf, 1); + krb_set_tkt_string (tf); + } + + if (srvtab[0]) + { + signal(SIGALRM, renew); + + code = read_service_key (princ.name, princ.instance, princ.realm, 0, + srvtab, (char *)&key); + if (code == KSUCCESS) + code = krb_get_in_tkt(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + alarm(krb_life_to_time(0, lifetime)/2 - 60); + } + else { + char prompt[128]; + + snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ)); + if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ + memset(passwd, 0, sizeof(passwd)); + exit(1); + } + des_string_to_key (passwd, &key); + code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + if(code == INTK_BADPW) { + afs_string_to_key (passwd, princ.realm, &key); + code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + } + memset(passwd, 0, sizeof(passwd)); + } + if (code) { + memset (key, 0, sizeof(key)); + errx (1, "%s", krb_get_err_text(code)); + } + + if (k_hasafs()) { + if (more_args) + k_setpag(); + if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) + warnx ("%s", krb_get_err_text(code)); + } + + for(ret = 0; nhost-- > 0; host++) + ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host); + + if (ret) + return ret; + + if (more_args) + doexec(more_args, &argv[optind]); + else + zrefresh(); + + return 0; +} diff --git a/crypto/kerberosIV/appl/kauth/kauth.h b/crypto/kerberosIV/appl/kauth/kauth.h new file mode 100644 index 0000000..2c48fcc --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauth.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */ + +#ifdef HAVE_CONFIG_H +#include +#endif /* HAVE_CONFIG_H */ + +#include +#include +#include +#include +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_PWD_H +#include +#endif +#ifdef HAVE_GRP_H +#include +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef SOCKS +#include +#endif + +#include + +#include +#include + +#include + +#define KAUTH_PORT 2120 + +#define KAUTH_VERSION "RKINIT.0" + +int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*); + +int write_encrypted (int, void*, size_t, des_key_schedule, + des_cblock*, struct sockaddr_in*, struct sockaddr_in*); + +int read_encrypted (int, void*, size_t, void **, des_key_schedule, + des_cblock*, struct sockaddr_in*, struct sockaddr_in*); + +unsigned pack_args (char *, krb_principal*, int, char*, char*); + +int unpack_args (char*, krb_principal*, int*, char*, char*); diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c new file mode 100644 index 0000000..b6a40cf --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauthd.c @@ -0,0 +1,201 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $"); + +krb_principal princ; +static char locuser[SNAME_SZ + 1]; +static int lifetime; +static char tktfile[MaxPathLen + 1]; + +struct remote_args { + int sock; + des_key_schedule *schedule; + des_cblock *session; + struct sockaddr_in *me, *her; +}; + +static int +decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg, + key_proc_t key_proc, KTEXT *cipp) +{ + char buf[BUFSIZ]; + void *ptr; + int len; + KTEXT cip = *cipp; + struct remote_args *args = (struct remote_args *)varg; + + write_encrypted (args->sock, cip->dat, cip->length, + *args->schedule, args->session, args->me, + args->her); + len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule, + args->session, args->her, args->me); + memcpy(cip->dat, ptr, cip->length); + + return 0; +} + +static int +doit(int sock) +{ + int status; + KTEXT_ST ticket; + AUTH_DAT auth; + char instance[INST_SZ + 1]; + des_key_schedule schedule; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + int len; + char buf[BUFSIZ]; + void *data; + struct passwd *passwd; + char version[KRB_SENDAUTH_VLEN + 1]; + char remotehost[MaxHostNameLen]; + + addrlen = sizeof(thisaddr); + if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + return 1; + } + + inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost)); + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, + &thataddr, &thisaddr, &auth, "", schedule, + version); + if (status != KSUCCESS || + strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) { + return 1; + } + len = read_encrypted (sock, buf, sizeof(buf), &data, schedule, + &auth.session, &thataddr, &thisaddr); + if (len < 0) { + write_encrypted (sock, "read_enc failed", + sizeof("read_enc failed") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + if (unpack_args(data, &princ, &lifetime, locuser, + tktfile)) { + write_encrypted (sock, "unpack_args failed", + sizeof("unpack_args failed") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + + if( kuserok(&auth, locuser) != 0) { + snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", + locuser, krb_unparse_name(&princ)); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + passwd = k_getpwnam (locuser); + if (passwd == NULL) { + snprintf (buf, sizeof(buf), "No user '%s'", locuser); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + if (setgid (passwd->pw_gid) || + initgroups(passwd->pw_name, passwd->pw_gid) || + setuid(passwd->pw_uid)) { + snprintf (buf, sizeof(buf), "Could not change user"); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + + if (*tktfile == 0) + snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid()); + krb_set_tkt_string (tktfile); + + { + struct remote_args arg; + + arg.sock = sock; + arg.schedule = &schedule; + arg.session = &auth.session; + arg.me = &thisaddr; + arg.her = &thataddr; + + status = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, + lifetime, NULL, decrypt_remote_tkt, &arg); + } + if (status == KSUCCESS) { + syslog (LOG_INFO, "from %s(%s): %s -> %s", + remotehost, + inet_ntoa(thataddr.sin_addr), + locuser, + krb_unparse_name (&princ)); + write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 0; + } else { + snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); + syslog (LOG_NOTICE, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } +} + +int +main (int argc, char **argv) +{ + openlog ("kauthd", LOG_ODELAY, LOG_AUTH); + + if(argc > 1 && strcmp(argv[1], "-i") == 0) + mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT))); + return doit(STDIN_FILENO); +} diff --git a/crypto/kerberosIV/appl/kauth/ksrvtgt.in b/crypto/kerberosIV/appl/kauth/ksrvtgt.in new file mode 100644 index 0000000..30d9e15 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/ksrvtgt.in @@ -0,0 +1,14 @@ +#! /bin/sh +# $Id: ksrvtgt.in,v 1.2 1997/04/05 21:29:17 assar Exp $ + +usage="Usage: `basename $0` name instance [[realm] srvtab]" + +if [ $# -lt 2 -o $# -gt 4 ]; then + echo "$usage" + exit 1 +fi + +srvtab="${4-${3-/etc/srvtab}}" +realm="${4+@$3}" + +%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab " diff --git a/crypto/kerberosIV/appl/kauth/marshall.c b/crypto/kerberosIV/appl/kauth/marshall.c new file mode 100644 index 0000000..4f1bfeb --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/marshall.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $"); + +unsigned +pack_args (char *buf, krb_principal *pr, int lifetime, + char *locuser, char *tktfile) +{ + char *p; + + p = buf; + strcpy (p, pr->name); + p += strlen (pr->name) + 1; + strcpy (p, pr->instance); + p += strlen (pr->instance) + 1; + strcpy (p, pr->realm); + p += strlen (pr->realm) + 1; + *p++ = (unsigned char)lifetime; + strcpy(p, locuser); + p += strlen (locuser) + 1; + strcpy(p, tktfile); + p += strlen(tktfile) + 1; + return p - buf; +} + +int +unpack_args (char *buf, krb_principal *pr, int *lifetime, + char *locuser, char *tktfile) +{ + int len; + + len = strlen(buf); + if (len > SNAME_SZ) + return -1; + strncpy(pr->name, buf, len + 1); + buf += len + 1; + len = strlen (buf); + if (len > INST_SZ) + return -1; + strncpy (pr->instance, buf, len + 1); + buf += len + 1; + len = strlen (buf); + if (len > REALM_SZ) + return -1; + strncpy (pr->realm, buf, len + 1); + buf += len + 1; + *lifetime = (unsigned char)*buf++; + len = strlen(buf); + if (len > SNAME_SZ) + return -1; + strncpy (locuser, buf, len + 1); + buf += len + 1; + len = strlen(buf); + if (len > MaxPathLen) + return -1; + strncpy (tktfile, buf, len + 1); + buf += len + 1; + return 0; +} diff --git a/crypto/kerberosIV/appl/kauth/rkinit.c b/crypto/kerberosIV/appl/kauth/rkinit.c new file mode 100644 index 0000000..ec75d46 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/rkinit.c @@ -0,0 +1,222 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $"); + +static struct in_addr * +getalladdrs (char *hostname, unsigned *count) +{ + struct hostent *hostent; + struct in_addr **h; + struct in_addr *addr; + unsigned naddr; + unsigned maxaddr; + + hostent = gethostbyname (hostname); + if (hostent == NULL) { + warnx ("gethostbyname '%s' failed: %s\n", + hostname, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + return NULL; + } + maxaddr = 1; + naddr = 0; + addr = malloc(sizeof(*addr) * maxaddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + for (h = (struct in_addr **)(hostent->h_addr_list); + *h != NULL; + h++) { + if (naddr >= maxaddr) { + maxaddr *= 2; + addr = realloc (addr, sizeof(*addr) * maxaddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + } + addr[naddr++] = **h; + } + addr = realloc (addr, sizeof(*addr) * naddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + *count = naddr; + return addr; +} + +static int +doit_host (krb_principal *princ, int lifetime, char *locuser, + char *tktfile, des_cblock *key, int s, char *hostname) +{ + char buf[BUFSIZ]; + int inlen; + KTEXT_ST text; + CREDENTIALS cred; + MSG_DAT msg; + int status; + des_key_schedule schedule; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + void *ret; + + addrlen = sizeof(thisaddr); + if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + warn ("getsockname(%s)", hostname); + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + warn ("getpeername(%s)", hostname); + return 1; + } + + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + hostname, krb_realmofhost (hostname), + getpid(), &msg, &cred, schedule, + &thisaddr, &thataddr, KAUTH_VERSION); + if (status != KSUCCESS) { + warnx ("%s: %s\n", hostname, krb_get_err_text(status)); + return 1; + } + inlen = pack_args (buf, princ, lifetime, locuser, tktfile); + + if (write_encrypted(s, buf, inlen, schedule, &cred.session, + &thisaddr, &thataddr) < 0) { + warn ("write to %s", hostname); + return 1; + } + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s failed", hostname); + return 1; + } + + if (strncmp(ret, "ok", inlen) != 0) { + warnx ("error from %s: %.*s\n", + hostname, inlen, (char *)ret); + return 1; + } + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s", hostname); + return 1; + } + + { + des_key_schedule key_s; + + des_key_sched(key, key_s); + des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT); + memset(key_s, 0, sizeof(key_s)); + } + write_encrypted (s, ret, inlen, schedule, &cred.session, + &thisaddr, &thataddr); + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s", hostname); + return 1; + } + + if (strncmp(ret, "ok", inlen) != 0) { + warnx ("error from %s: %.*s\n", + hostname, inlen, (char *)ret); + return 1; + } + return 0; +} + +int +rkinit (krb_principal *princ, int lifetime, char *locuser, + char *tktfile, des_cblock *key, char *hostname) +{ + struct in_addr *addr; + unsigned naddr; + unsigned i; + int port; + int success; + + addr = getalladdrs (hostname, &naddr); + if (addr == NULL) + return 1; + port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT)); + success = 0; + for (i = 0; !success && i < naddr; ++i) { + struct sockaddr_in a; + int s; + + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = port; + a.sin_addr = addr[i]; + + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + return 1; + } + if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) { + warn("connect(%s)", hostname); + continue; + } + + success = success || !doit_host (princ, lifetime, + locuser, tktfile, key, + s, hostname); + close (s); + } + return !success; +} diff --git a/crypto/kerberosIV/appl/kauth/zrefresh b/crypto/kerberosIV/appl/kauth/zrefresh new file mode 100644 index 0000000..8347a1b --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/zrefresh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# @(#) $Id: zrefresh,v 1.3 1996/06/09 19:21:59 joda Exp $ +# +# Substitute this script with a real zrefresh if running Zephyr. For +# instance: +# +# if [ -f "$WGFILE" ] ; then +# zctl load +# fi + +exit 0 diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in new file mode 100644 index 0000000..690a661 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/Makefile.in @@ -0,0 +1,96 @@ +# $Id: Makefile.in,v 1.12 1997/03/23 13:04:03 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libexecdir = @libexecdir@ +libdir = @libdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kip$(EXECSUFFIX) +PROG_LIBEXEC = kipd$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES_KIP = kip.c +SOURCES_KIPD = kipd.c +SOURCES_COMMON = common.c + +OBJECTS_KIP = kip.o common.o +OBJECTS_KIPD = kipd.o common.o + +OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD) +SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON) + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) $(libexecdir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +LIBROKEN=-L../../lib/roken -lroken + +kip$(EXECSUFFIX): $(OBJECTS_KIP) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kipd$(EXECSUFFIX): $(OBJECTS_KIPD) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c new file mode 100644 index 0000000..b21d03d --- /dev/null +++ b/crypto/kerberosIV/appl/kip/common.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: common.c,v 1.12 1997/05/02 14:28:06 assar Exp $"); + +/* + * Copy packets from `tundev' to `netdev' or vice versa. + * Mode is used when reading from `tundev' + */ + +int +copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, + des_key_schedule schedule) +{ + des_cblock iv1, iv2; + int num1 = 0, num2 = 0; + u_char *buf; + + buf = malloc (mtu + 2); + if (buf == NULL) { + warnx("malloc(%d) failed", mtu); + return 1; + } + + memcpy (&iv1, iv, sizeof(iv1)); + memcpy (&iv2, iv, sizeof(iv2)); + for (;;) { + fd_set fdset; + int ret, len; + + FD_ZERO(&fdset); + FD_SET(tundev, &fdset); + FD_SET(netdev, &fdset); + + ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(tundev, &fdset)) { + ret = read (tundev, buf + 2, mtu); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + buf[0] = ret >> 8; + buf[1] = ret & 0xFF; + ret += 2; + des_cfb64_encrypt (buf, buf, ret, schedule, + &iv1, &num1, DES_ENCRYPT); + ret = krb_net_write (netdev, buf, ret); + if (ret < 0) { + warn("write"); + return ret; + } + } + if (FD_ISSET(netdev, &fdset)) { + ret = read (netdev, buf, 2); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + des_cfb64_encrypt (buf, buf, 2, schedule, + &iv2, &num2, DES_DECRYPT); + len = (buf[0] << 8 ) | buf[1]; + ret = krb_net_read (netdev, buf + 2, len); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + des_cfb64_encrypt (buf + 2, buf + 2, len, schedule, + &iv2, &num2, DES_DECRYPT); + ret = krb_net_write (tundev, buf + 2, len); + if (ret < 0) { + warn("write"); + return ret; + } + } + } +} + +/* + * Signal handler that justs waits for the children when they die. + */ + +RETSIGTYPE +childhandler (int sig) +{ + pid_t pid; + int status; + + do { + pid = waitpid (-1, &status, WNOHANG|WUNTRACED); + } while(pid > 0); + signal (SIGCHLD, childhandler); + SIGRETURN(0); +} + +/* + * Find a free tunnel device and open it. + */ + +int +tunnel_open (void) +{ + int fd; + int i; + char name[64]; + + for (i = 0; i < 256; ++i) { + snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i); + fd = open (name, O_RDWR, 0); + if (fd >= 0) + break; + if (errno == ENOENT || errno == ENODEV) { + warn("open %s", name); + return fd; + } + } + if (fd < 0) + warn("open %s" ,name); + return fd; +} diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c new file mode 100644 index 0000000..e324a28 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kip.c @@ -0,0 +1,179 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: kip.c,v 1.15 1997/05/11 10:54:51 assar Exp $"); + +static void +usage() +{ + fprintf (stderr, "Usage: %s host\n", + __progname); + exit (1); +} + +/* + * Establish authenticated connection + */ + +static int +connect_host (char *host, des_cblock *key, des_key_schedule schedule) +{ + CREDENTIALS cred; + KTEXT_ST text; + MSG_DAT msg; + int status; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + struct hostent *hostent; + int s; + u_char b; + char **p; + + hostent = gethostbyname (host); + if (hostent == NULL) { + warnx ("gethostbyname '%s': %s", host, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + return -1; + } + + memset (&thataddr, 0, sizeof(thataddr)); + thataddr.sin_family = AF_INET; + thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + + for(p = hostent->h_addr_list; *p; ++p) { + int one = 1; + + memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); + + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) { + warn ("socket"); + return -1; + } + +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)); +#endif + + if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) { + warn ("connect(%s)", host); + close (s); + continue; + } else { + break; + } + } + if (*p == NULL) + return -1; + + addrlen = sizeof(thisaddr); + if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + warn ("getsockname(%s)", host); + return -1; + } + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + host, krb_realmofhost (host), + getpid(), &msg, &cred, schedule, + &thisaddr, &thataddr, KIP_VERSION); + if (status != KSUCCESS) { + warnx("%s: %s", host, + krb_get_err_text(status)); + return -1; + } + if (read (s, &b, sizeof(b)) != sizeof(b)) { + warn ("read"); + return -1; + } + if (b) { + char buf[BUFSIZ]; + + read (s, buf, sizeof(buf)); + buf[BUFSIZ - 1] = '\0'; + + warnx ("%s: %s", host, buf); + return -1; + } + + memcpy(key, &cred.session, sizeof(des_cblock)); + return s; +} + +/* + * Connect to the given host. + */ + +static int +doit (char *host) +{ + des_key_schedule schedule; + des_cblock iv; + int other, this; + struct ifreq ifreq; + int sock; + + other = connect_host (host, &iv, schedule); + if (other < 0) + return 1; + this = tunnel_open (); + if (this < 0) + return 1; + return copy_packets (this, other, TUNMTU, &iv, schedule); +} + +/* + * kip - forward IP packets over a kerberos-encrypted channel. + * + */ + +int +main(int argc, char **argv) +{ + set_progname (argv[0]); + + if (argc != 2) + usage (); + return doit (argv[1]); +} diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h new file mode 100644 index 0000000..94e30a5 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kip.h @@ -0,0 +1,106 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kip.h,v 1.16 1997/05/20 18:40:31 bg Exp $ */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_SYSLOG_H +#include +#endif +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_NET_IF_VAR_H +#include +#endif +#include +#include + +#ifdef SOCKS +#include +#endif + +#include + +#include + +#define TUNDEV "tun" + +#define KIPPORT 2112 + +#define KIP_VERSION "KIPSRV.0" + +int +copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, + des_key_schedule schedule); + +RETSIGTYPE childhandler (int); + +int +tunnel_open (void); diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c new file mode 100644 index 0000000..6d9d334 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kipd.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: kipd.c,v 1.13 1997/05/18 20:38:01 assar Exp $"); + +static int +fatal (int fd, char *s) +{ + u_char err = 1; + + write (fd, &err, sizeof(err)); + write (fd, s, strlen(s)+1); + syslog(LOG_ERR, s); + return err; +} + +static int +recv_conn (int sock, des_cblock *key, des_key_schedule schedule, + struct sockaddr_in *retaddr) +{ + int status; + KTEXT_ST ticket; + AUTH_DAT auth; + char instance[INST_SZ + 1]; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + char version[KRB_SENDAUTH_VLEN + 1]; + u_char ok = 0; + struct passwd *passwd; + + addrlen = sizeof(thisaddr); + if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + return 1; + } + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, + &thataddr, &thisaddr, &auth, "", schedule, + version); + if (status != KSUCCESS || + strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) { + return 1; + } + passwd = k_getpwnam ("root"); + if (passwd == NULL) + return fatal (sock, "Cannot find root"); + if (kuserok(&auth, "root") != 0) + return fatal (sock, "Permission denied"); + if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) + return 1; + + memcpy(key, &auth.session, sizeof(des_cblock)); + *retaddr = thataddr; + return 0; +} + +static int +doit(int sock) +{ + struct sockaddr_in thataddr; + des_key_schedule schedule; + des_cblock key; + int this; + + if (recv_conn (sock, &key, schedule, &thataddr)) + return 1; + this = tunnel_open (); + if (this < 0) + fatal (sock, "Cannot open " _PATH_DEV TUNDEV); + return copy_packets (this, sock, TUNMTU, &key, schedule); +} + +/* + * kipd - receive forwarded IP + */ + +int +main (int argc, char **argv) +{ + set_progname (argv[0]); + + openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); + signal (SIGCHLD, childhandler); + return doit(0); +} diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess new file mode 100644 index 0000000..74253c3 --- /dev/null +++ b/crypto/kerberosIV/config.guess @@ -0,0 +1,696 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Written by Per Bothner . +# The master version of this file is at the FSF in /home/gd/gnu/lib. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit system type (host/target name). +# +# Only a few systems have been added to this list; please add others +# (but try to keep the structure clean). +# + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 8/24/94.) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + alpha:OSF1:*:*) + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-cbm-sysv4 + exit 0;; + amiga:NetBSD:*:*) + echo m68k-cbm-netbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-cbm-openbsd${UNAME_RELEASE} + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + atari*:NetBSD:*:*) + echo m68k-atari-netbsd${UNAME_RELEASE} + exit 0 ;; + atari*:OpenBSD:*:*) + echo m68k-atari-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:NetBSD:*:*) + echo m68k-sun-netbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-sun-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:NetBSD:*:*) + echo m68k-apple-netbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-apple-openbsd${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + sed 's/^ //' << EOF >dummy.c + int main (argc, argv) int argc; char **argv; { + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + ${CC-cc} dummy.c -o dummy \ + && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ + -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i?86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + sed 's/^ //' << EOF >dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:4) + if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=4.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[3478]??:HP-UX:*:*) + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; + 9000/8?? ) HP_ARCH=hppa1.0 ;; + esac + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + sed 's/^ //' << EOF >dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i?86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F300:UNIX_System_V:*:*) + FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + F301:UNIX_System_V:*:*) + echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` + exit 0 ;; + hp3[0-9][05]:NetBSD:*:*) + echo m68k-hp-netbsd${UNAME_RELEASE} + exit 0 ;; + hp3[0-9][05]:OpenBSD:*:*) + echo m68k-hp-openbsd${UNAME_RELEASE} + exit 0 ;; + i?86:BSD/386:*:* | *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:NetBSD:*:*) + echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + i*:CYGWIN*:*) + echo i386-pc-cygwin32 + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin32 + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. + ld_help_string=`ld --help 2>&1` + if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then + echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then + echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then + echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then + echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then + echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then + echo "powerpc-unknown-linux-gnu" ; exit 0 + elif test "${UNAME_MACHINE}" = "alpha" ; then + echo alpha-unknown-linux-gnu ; exit 0 + elif test "${UNAME_MACHINE}" = "sparc" ; then + echo sparc-unknown-linux-gnu ; exit 0 + else + # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us + # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. + test ! -d /usr/lib/ldscripts/. \ + && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Determine whether the default compiler is a.out or elf + cat >dummy.c </dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + fi ;; +# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions +# are messed up and put the nodename in both sysname and nodename. + i?86:DYNIX/ptx:4*:*) + echo i386-sequent-sysv4 + exit 0 ;; + i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + fi + exit 0 ;; + i?86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i?86:LynxOS:2.*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:OS/2:*:*) + echo ${UNAME_MACHINE}-pc-os2_emx + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +cat >dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +#if !defined (ultrix) + printf ("vax-dec-bsd\n"); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 +rm -f dummy.c dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +#echo '(Unable to guess system type)' 1>&2 + +exit 1 diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub new file mode 100644 index 0000000..75822a2 --- /dev/null +++ b/crypto/kerberosIV/config.sub @@ -0,0 +1,932 @@ +#! /bin/sh +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +if [ x$1 = x ] +then + echo Configuration name missing. 1>&2 + echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 + echo "or $0 ALIAS" 1>&2 + echo where ALIAS is a recognized configuration type. 1>&2 + exit 1 +fi + +# First pass through any local machine types. +case $1 in + *local*) + echo $1 + exit 0 + ;; + *) + ;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + linux-gnu*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple) + os= + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ + | arme[lb] | pyramid \ + | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ + | alpha | we32k | ns16k | clipper | i370 | sh \ + | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ + | pdp11 | mips64el | mips64orion | mips64orionel \ + | sparc | sparclet | sparclite | sparc64) + basic_machine=$basic_machine-unknown + ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i[3456]86) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ + | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ + | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ + | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ + | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-cbm + ;; + amigados) + basic_machine=m68k-cbm + os=-amigados + ;; + amigaunix | amix) + basic_machine=m68k-cbm + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + #basic_machine=c90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + os=-mvs + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i[3456]86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i[3456]86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i[3456]86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i[3456]86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + miniframe) + basic_machine=m68000-convergent + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + np1) + basic_machine=np1-gould + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5) + basic_machine=i586-intel + ;; + pentiumpro | p6) + basic_machine=i686-intel + ;; + pentium-* | p5-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + k5) + # We don't have specific support for AMD's K5 yet, so just call it a Pentium + basic_machine=i586-amd + ;; + nexen) + # We don't have specific support for Nexgen yet, so just call it a Pentium + basic_machine=i586-nexgen + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=rs6000-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + mips) + basic_machine=mips-mips + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sparc) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware* | svr4*) + os=-sysv4 + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -linux-gnu* | -uxpv*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -xenix) + os=-xenix + ;; + -os2*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-semi) + os=-aout + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-ibm) + os=-aix + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigados + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f301-fujitsu) + os=-uxpv + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -hpux*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure new file mode 100644 index 0000000..e6fefbf --- /dev/null +++ b/crypto/kerberosIV/configure @@ -0,0 +1,9343 @@ +#! /bin/sh + +# From configure.in Revision: 1.285 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.12 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_default_prefix=/usr/athena +ac_help="$ac_help + --with-socks=dir use socks in dir" +ac_help="$ac_help + --with-socks-lib=dir use socks-lib in dir" +ac_help="$ac_help + --with-socks-include=dir use socks-include in dir" +ac_help="$ac_help + --with-shared create shared libraries for Kerberos" +ac_help="$ac_help + --with-cracklib=dir use the cracklib.a in dir" +ac_help="$ac_help + --with-dictpath=path use this dictionary with cracklib +" +ac_help="$ac_help + --with-mailspool=dir this is the mail spool directory +" +ac_help="$ac_help + --enable-random-mkey use new code for master keys" +ac_help="$ac_help + --with-mkey=file where to put the master key" +ac_help="$ac_help + --without-berkeley-db if you don't want berkeley db" +ac_help="$ac_help + --without-afs-support if you don't want support for afs" +ac_help="$ac_help + --with-des-quad-checksum=kind + default checksum to use (new, old, or guess)" +ac_help="$ac_help + --with-readline=dir use readline in dir" +ac_help="$ac_help + --with-readline-lib=dir use readline-lib in dir" +ac_help="$ac_help + --with-readline-include=dir use readline-include in dir" +ac_help="$ac_help + --with-x use the X Window System" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.12" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=lib/krb/getrealm.c + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + + + +PACKAGE=krb4 +VERSION=0.9.6 +# This may be overridden using --prefix=/usr to configure + + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + + +# Make sure we can run config.sub. +if $ac_config_sub sun4 >/dev/null 2>&1; then : +else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } +fi + +echo $ac_n "checking host system type""... $ac_c" 1>&6 +echo "configure:648: checking host system type" >&5 + +host_alias=$host +case "$host_alias" in +NONE) + case $nonopt in + NONE) + if host_alias=`$ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; +esac + +host=`$ac_config_sub $host_alias` +host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$host" 1>&6 + +echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 +echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftestmake <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftestmake +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$ac_t""yes" 1>&6 + SET_MAKE= +else + echo "$ac_t""no" 1>&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +if test "$program_transform_name" = s,x,x,; then + program_transform_name= +else + # Double any \ or $. echo might interpret backslashes. + cat <<\EOF_SED > conftestsed +s,\\,\\\\,g; s,\$,$$,g +EOF_SED + program_transform_name="`echo $program_transform_name|sed -f conftestsed`" + rm -f conftestsed +fi +test "$program_prefix" != NONE && + program_transform_name="s,^,${program_prefix},; $program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$\$,${program_suffix},; $program_transform_name" + +# sed with no file args requires a program. +test "$program_transform_name" = "" && program_transform_name="s,x,x," + + +# We want these before the checks, so the checks can modify their values. +test -z "$LDFLAGS" && LDFLAGS=-g + + +echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6 +echo "configure:720: checking for ln -s or something else" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi +fi +LN_S="$ac_cv_prog_LN_S" +echo "$ac_t""$ac_cv_prog_LN_S" 1>&6 + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:745: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:774: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + ac_prog_rejected=no + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:856: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:861: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes + ac_test_CFLAGS="${CFLAGS+set}" + ac_save_CFLAGS="$CFLAGS" + CFLAGS= + echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:885: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 + if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" + elif test $ac_cv_prog_cc_g = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-O2" + fi +else + GCC= + test "${CFLAGS+set}" = set || CFLAGS="-g" +fi + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +echo "configure:913: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 +echo "configure:974: checking for POSIXized ISC" >&5 +if test -d /etc/conf/kconfig.d && + grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 +then + echo "$ac_t""yes" 1>&6 + ISC=yes # If later tests want to check for ISC. + cat >> confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + if test "$GCC" = yes; then + CC="$CC -posix" + else + CC="$CC -Xp" + fi +else + echo "$ac_t""no" 1>&6 + ISC= +fi + +for ac_prog in byacc yacc 'bison -y' +do +# Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:999: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$YACC"; then + ac_cv_prog_YACC="$YACC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_YACC="$ac_prog" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +YACC="$ac_cv_prog_YACC" +if test -n "$YACC"; then + echo "$ac_t""$YACC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +test -n "$YACC" && break +done + +# Extract the first word of "flex", so it can be a program name with args. +set dummy flex; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1030: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$LEX"; then + ac_cv_prog_LEX="$LEX" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_LEX="flex" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex" +fi +fi +LEX="$ac_cv_prog_LEX" +if test -n "$LEX"; then + echo "$ac_t""$LEX" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$LEXLIB" +then + case "$LEX" in + flex*) ac_lib=fl ;; + *) ac_lib=l ;; + esac + echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6 +echo "configure:1063: checking for yywrap in -l$ac_lib" >&5 +ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-l$ac_lib $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LEXLIB="-l$ac_lib" +else + echo "$ac_t""no" 1>&6 +fi + +fi + +# Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1107: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" +fi +fi +RANLIB="$ac_cv_prog_RANLIB" +if test -n "$RANLIB"; then + echo "$ac_t""$RANLIB" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:1144: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + for ac_prog in ginstall installbsd scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + # OSF/1 installbsd also uses dspmsg, but is usable. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +# Extract the first word of "makeinfo", so it can be a program name with args. +set dummy makeinfo; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1196: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$MAKEINFO"; then + ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_MAKEINFO="makeinfo" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_MAKEINFO" && ac_cv_prog_MAKEINFO=":" +fi +fi +MAKEINFO="$ac_cv_prog_MAKEINFO" +if test -n "$MAKEINFO"; then + echo "$ac_t""$MAKEINFO" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + + + +echo $ac_n "checking for socks""... $ac_c" 1>&6 +echo "configure:1226: checking for socks" >&5 +# Check whether --with-socks or --without-socks was given. +if test "${with_socks+set}" = set; then + withval="$with_socks" + if test "$with_socks" = "no"; then + with_socks= +fi + +fi + +# Check whether --with-socks-lib or --without-socks-lib was given. +if test "${with_socks_lib+set}" = set; then + withval="$with_socks_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-socks-lib" 1>&2; exit 1; } +elif test "X$with_socks" = "X"; then + with_socks=yes +fi + +fi + +# Check whether --with-socks-include or --without-socks-include was given. +if test "${with_socks_include+set}" = set; then + withval="$with_socks_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-socks-include" 1>&2; exit 1; } +elif test "X$with_socks" = "X"; then + with_socks=yes +fi + +fi + + + +: << END +@@@syms="$syms SOCKS"@@@ +END + +if test -n "$with_socks"; then + cat >> confdefs.h <<\EOF +#define SOCKS 1 +EOF + + if test "$with_socks" != "yes"; then + socks_dir=$with_socks + fi + if test -n "$with_socks_include"; then + trydir=$with_socks_include + elif test "$with_socks" != "yes"; then + trydir="$with_socks $with_socks/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/socks.h; then + found=yes; res=$i; break + fi + else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1292: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + found=yes; res=$i; break +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + fi + done + if test -n "$found"; then + socks_include=$res + else + { echo "configure: error: Cannot find socks.h" 1>&2; exit 1; } + fi + if test -n "$with_socks_lib"; then + trydir=$with_socks_lib + elif test "$with_socks" != "yes"; then + trydir="$with_socks $with_socks/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/libsocks5.a; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="-lsocks5 $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + found=yes; res=$i; LIBS=$old_LIBS; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + socks_lib=$res + else + { echo "configure: error: Cannot find libsocks5.a" 1>&2; exit 1; } + fi + echo "$ac_t""headers $socks_include, libraries $socks_lib" 1>&6 + cat >> confdefs.h <&6 +fi + + +CFLAGS="$SOCKSINCLUDE $CFLAGS" +LIBS="$SOCKSLIB $LIBS" + +# Check whether --with-shared or --without-shared was given. +if test "${with_shared+set}" = set; then + withval="$with_shared" + : +fi + + +# Check whether --with-cracklib or --without-cracklib was given. +if test "${with_cracklib+set}" = set; then + withval="$with_cracklib" + : +fi + + +# Check whether --with-dictpath or --without-dictpath was given. +if test "${with_dictpath+set}" = set; then + withval="$with_dictpath" + : +fi + + +(test -z "$with_cracklib" && test -n "$with_dictpath") || +(test -n "$with_cracklib" && test -z "$with_dictpath") && +{ echo "configure: error: --with-cracklib requires --with-dictpath and vice versa" 1>&2; exit 1; } +test -n "$with_cracklib" && +CRACKLIB="-L$with_cracklib -lcrack" && +echo "$ac_t""Using cracklib in $with_cracklib" 1>&6 +test -n "$with_dictpath" && +echo "$ac_t""Using dictpath=$with_dictpath" 1>&6 && +cat >> confdefs.h <> confdefs.h <> confdefs.h <<\EOF +#define RANDOM_MKEY 1 +EOF + +fi + +fi + + +# Check whether --with-mkey or --without-mkey was given. +if test "${with_mkey+set}" = set; then + withval="$with_mkey" + +if test -n "$withval"; then + cat >> confdefs.h <> confdefs.h <<\EOF +#define NO_AFS 1 +EOF + + afs_support=no +fi + +fi + + +des_quad=guess +# Check whether --with-des-quad-checksum or --without-des-quad-checksum was given. +if test "${with_des_quad_checksum+set}" = set; then + withval="$with_des_quad_checksum" + +des_quad="$withval" + +fi + +if test "$des_quad" = "new"; then + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_NEW +EOF + +elif test "$des_quad" = "old"; then + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_OLD +EOF + +else + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_GUESS +EOF + +fi + + +echo $ac_n "checking for readline""... $ac_c" 1>&6 +echo "configure:1503: checking for readline" >&5 +# Check whether --with-readline or --without-readline was given. +if test "${with_readline+set}" = set; then + withval="$with_readline" + if test "$with_readline" = "no"; then + with_readline= +fi + +fi + +# Check whether --with-readline-lib or --without-readline-lib was given. +if test "${with_readline_lib+set}" = set; then + withval="$with_readline_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-readline-lib" 1>&2; exit 1; } +elif test "X$with_readline" = "X"; then + with_readline=yes +fi + +fi + +# Check whether --with-readline-include or --without-readline-include was given. +if test "${with_readline_include+set}" = set; then + withval="$with_readline_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-readline-include" 1>&2; exit 1; } +elif test "X$with_readline" = "X"; then + with_readline=yes +fi + +fi + + + +: << END +@@@syms="$syms READLINE"@@@ +END + +if test -n "$with_readline"; then + cat >> confdefs.h <<\EOF +#define READLINE 1 +EOF + + if test "$with_readline" != "yes"; then + readline_dir=$with_readline + fi + if test -n "$with_readline_include"; then + trydir=$with_readline_include + elif test "$with_readline" != "yes"; then + trydir="$with_readline $with_readline/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/readline.h; then + found=yes; res=$i; break + fi + else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1569: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + found=yes; res=$i; break +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + fi + done + if test -n "$found"; then + readline_include=$res + else + { echo "configure: error: Cannot find readline.h" 1>&2; exit 1; } + fi + if test -n "$with_readline_lib"; then + trydir=$with_readline_lib + elif test "$with_readline" != "yes"; then + trydir="$with_readline $with_readline/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/libreadline.a; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="-lreadline $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + found=yes; res=$i; LIBS=$old_LIBS; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + readline_lib=$res + else + { echo "configure: error: Cannot find libreadline.a" 1>&2; exit 1; } + fi + echo "$ac_t""headers $readline_include, libraries $readline_lib" 1>&6 + cat >> confdefs.h <&6 +fi + + + + + +case ${with_shared} in + yes ) with_shared=yes;; + no ) with_shared=no;; + * ) with_shared=no;; +esac + +# NOTE: Building shared libraries may not work if you do not use gcc! +# +# OS $SHLIBEXT +# HP-UX sl +# Linux so +# NetBSD so +# FreeBSD so +# OSF so +# SunOS5 so +# SunOS4 so.0.5 +# Irix so +# +# LIBEXT is the extension we should build (.a or $SHLIBEXT) +REAL_PICFLAGS="-fpic" +LDSHARED='$(CC) $(PICFLAGS) -shared' +LIBPREFIX=lib +REAL_SHLIBEXT=so +SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +case "${host}" in +*-*-hpux*) + REAL_SHLIBEXT=sl + REAL_LD_FLAGS='-Wl,+b$(libdir)' + if test -z "$GCC"; then + LDSHARED="ld -b" + REAL_PICFLAGS="+z" + fi + ;; +*-*-linux*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + ;; +*-*-*bsd*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + LDSHARED='ld -Bshareable' + REAL_LD_FLAGS='-Wl,-R$(libdir)' + ;; +*-*-osf*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + LDSHARED='ld -shared -expect_unresolved \*' + ;; +*-*-solaris2*) + REAL_LD_FLAGS='-Wl,-R$(libdir)' + if test -z "$GCC"; then + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + fi + ;; +*-*-sunos*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-L$(libdir)' + ;; +*-*-irix*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + ;; +*-*-os2_emx*) + LD_FLAGS='-Zexe' + LIBPREFIX= + EXECSUFFIX='.exe' + RANLIB=EMXOMF + REAL_SHLIBEXT=nobuild + ;; +*-*-cygwin32*) + EXECSUFFIX='.exe' + REAL_SHLIBEXT=nobuild + ;; +*) REAL_SHLIBEXT=nobuild + REAL_PICFLAGS= + ;; +esac + +if test "${with_shared}" != "yes" ; then + PICFLAGS="" + SHLIBEXT="nobuild" + LIBEXT="a" +else + PICFLAGS="$REAL_PICFLAGS" + SHLIBEXT="$REAL_SHLIBEXT" + LIBEXT="$SHLIBEXT" + LD_FLAGS="$REAL_LD_FLAGS" +fi + + + + + +if test "${with_shared}" = "yes"; then +echo $ac_n "checking for pragma weak""... $ac_c" 1>&6 +echo "configure:1743: checking for pragma weak" >&5 +if eval "test \"`echo '$''{'ac_have_pragma_weak'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_have_pragma_weak=no +cat > conftest_foo.$ac_ext <<'EOF' +#line 1750 "configure" +#include "confdefs.h" +#pragma weak foo = _foo +int _foo = 17; +EOF +cat > conftest_bar.$ac_ext <<'EOF' +#line 1756 "configure" +#include "confdefs.h" +extern int foo; + +int t() { + return foo; +} + +int main() { + return t(); +} +EOF +if { (eval echo configure:1768: \"$'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5'\") 1>&5; (eval $'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5') 2>&5; }; then +ac_have_pragma_weak=yes +fi +rm -rf conftest* + +fi + +if test "$ac_have_pragma_weak" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_PRAGMA_WEAK 1 +EOF +fi +echo "$ac_t""$ac_have_pragma_weak" 1>&6 +fi + + +echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +echo "configure:1785: checking whether byte ordering is bigendian" >&5 +if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_bigendian=unknown +# See if sys/param.h defines the BYTE_ORDER macro. +cat > conftest.$ac_ext < +#include +int main() { + +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif +; return 0; } +EOF +if { (eval echo configure:1803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. +cat > conftest.$ac_ext < +#include +int main() { + +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif +; return 0; } +EOF +if { (eval echo configure:1818: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_bigendian=no +fi +rm -f conftest* +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +if test $ac_cv_c_bigendian = unknown; then +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_c_bigendian=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_bigendian=yes +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_bigendian" 1>&6 +if test $ac_cv_c_bigendian = yes; then + cat >> confdefs.h <<\EOF +#define WORDS_BIGENDIAN 1 +EOF + +fi + + +echo $ac_n "checking for working const""... $ac_c" 1>&6 +echo "configure:1876: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:1930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + + + + +echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6 +echo "configure:1954: checking for NEXTSTEP" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + krb_cv_sys_nextstep=yes +else + rm -rf conftest* + krb_cv_sys_nextstep=no +fi +rm -f conftest* + +fi + +if test "$krb_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +echo "$ac_t""$krb_cv_sys_nextstep" 1>&6 + + +echo $ac_n "checking for AIX""... $ac_c" 1>&6 +echo "configure:1986: checking for AIX" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + krb_cv_sys_aix=yes +else + rm -rf conftest* + krb_cv_sys_aix=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_sys_aix" 1>&6 + + +if test "$krb_cv_sys_aix" = yes ;then + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' + + AFS_EXTRA_LIBS=afslib.so + +fi + +# +# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in +# AIX414 +# + +if test -f /lib/pse.exp ;then + LIBS="$LIBS -Wl,-bI:/lib/pse.exp" +fi + + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:2031: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +#include +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:2111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + + +for ac_hdr in arpa/ftp.h arpa/inet.h arpa/nameser.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2139: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2179: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2189: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2219: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2229: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in lastlog.h login.h maillock.h ndbm.h net/if.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2259: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in net/if_tun.h net/if_var.h netdb.h netinet/in.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2299: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2309: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in netinet/in6_machtypes.h netinet/in_systm.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2339: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2349: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2379: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2419: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2429: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in shadow.h siad.h signal.h stropts.h sys/bitypes.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2459: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/category.h sys/cdefs.h sys/file.h sys/filio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2499: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2509: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2539: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2579: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/resource.h sys/select.h sys/socket.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2619: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2629: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2659: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/stropts.h sys/strtty.h sys/syscall.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2699: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2709: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2739: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2749: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/times.h sys/tty.h sys/types.h sys/uio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2779: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2789: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/un.h sys/utsname.h sys/wait.h syslog.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2819: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2829: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2859: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2869: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in unistd.h userpw.h usersec.h util.h utime.h utmp.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2899: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2909: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in utmpx.h wait.h winsock.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2939: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:2977: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:2991: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + +echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6 +echo "configure:3012: checking for sys_siglist declaration in signal.h or unistd.h" >&5 +if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +/* NetBSD declares sys_siglist in unistd.h. */ +#ifdef HAVE_UNISTD_H +#include +#endif +int main() { +char *msg = *(sys_siglist + 1); +; return 0; } +EOF +if { (eval echo configure:3029: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_decl_sys_siglist=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_decl_sys_siglist=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6 +if test $ac_cv_decl_sys_siglist = yes; then + cat >> confdefs.h <<\EOF +#define SYS_SIGLIST_DECLARED 1 +EOF + +fi + + + +for i in int8_t int16_t int32_t int64_t; do + echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3053: checking for $i" >&5 + +if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif + +int main() { +$i x; + +; return 0; } +EOF +if { (eval echo configure:3081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval ac_cv_type_$i=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval ac_cv_type_$i=no +fi +rm -f conftest* +fi + + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr 'a-z' 'A-Z'` + cat >> confdefs.h <&6 +done + + +for i in u_int8_t u_int16_t u_int32_t u_int64_t; do + echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3107: checking for $i" >&5 + +if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif + +int main() { +$i x; + +; return 0; } +EOF +if { (eval echo configure:3135: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval ac_cv_type_$i=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval ac_cv_type_$i=no +fi +rm -f conftest* +fi + + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr 'a-z' 'A-Z'` + cat >> confdefs.h <&6 +done + + + + + + + +echo $ac_n "checking for socket""... $ac_c" 1>&6 +echo "configure:3165: checking for socket" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_socket\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" socket; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +int main() { +socket(0,0,0) +; return 0; } +EOF +if { (eval echo configure:3190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_socket" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs socket"@@@ +@@@libs="$libs socket"@@@ +END + +eval "ac_tr_func=HAVE_`echo socket | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_socket=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_socket=yes" + eval "LIB_socket=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_socket=no" + eval "LIB_socket=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_socket=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_socket"; then + LIBS="$LIB_socket $LIBS" +fi + + + + +echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 +echo "configure:3257: checking for gethostbyname" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" nsl; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +int main() { +gethostbyname("foo") +; return 0; } +EOF +if { (eval echo configure:3282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_gethostbyname" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs gethostbyname"@@@ +@@@libs="$libs nsl"@@@ +END + +eval "ac_tr_func=HAVE_`echo gethostbyname | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_gethostbyname=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_gethostbyname=yes" + eval "LIB_gethostbyname=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_gethostbyname=no" + eval "LIB_gethostbyname=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_gethostbyname=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_gethostbyname"; then + LIBS="$LIB_gethostbyname $LIBS" +fi + + + + + + +echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6 +echo "configure:3351: checking for odm_initialize" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" odm; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_odm_initialize=\${ac_cv_funclib_odm_initialize-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_odm_initialize" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs odm_initialize"@@@ +@@@libs="$libs odm"@@@ +END + +eval "ac_tr_func=HAVE_`echo odm_initialize | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_odm_initialize=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_odm_initialize=yes" + eval "LIB_odm_initialize=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_odm_initialize=no" + eval "LIB_odm_initialize=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_odm_initialize=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_odm_initialize"; then + LIBS="$LIB_odm_initialize $LIBS" +fi + + + + +echo $ac_n "checking for getattr""... $ac_c" 1>&6 +echo "configure:3438: checking for getattr" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getattr\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" cfg; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getattr=\${ac_cv_funclib_getattr-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getattr" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getattr"@@@ +@@@libs="$libs cfg"@@@ +END + +eval "ac_tr_func=HAVE_`echo getattr | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getattr=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getattr=yes" + eval "LIB_getattr=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_getattr=no" + eval "LIB_getattr=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getattr=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_getattr"; then + LIBS="$LIB_getattr $LIBS" +fi + + + + +echo $ac_n "checking for setpcred""... $ac_c" 1>&6 +echo "configure:3525: checking for setpcred" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" s; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_setpcred=\${ac_cv_funclib_setpcred-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_setpcred" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs setpcred"@@@ +@@@libs="$libs s"@@@ +END + +eval "ac_tr_func=HAVE_`echo setpcred | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_setpcred=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_setpcred=yes" + eval "LIB_setpcred=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_setpcred=no" + eval "LIB_setpcred=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_setpcred=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_setpcred"; then + LIBS="$LIB_setpcred $LIBS" +fi + + + + +echo $ac_n "checking for logwtmp""... $ac_c" 1>&6 +echo "configure:3612: checking for logwtmp" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" util; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_logwtmp" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs logwtmp"@@@ +@@@libs="$libs util"@@@ +END + +eval "ac_tr_func=HAVE_`echo logwtmp | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_logwtmp=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_logwtmp=yes" + eval "LIB_logwtmp=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_logwtmp=no" + eval "LIB_logwtmp=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_logwtmp=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_logwtmp"; then + LIBS="$LIB_logwtmp $LIBS" +fi + + + + + +echo $ac_n "checking for logout""... $ac_c" 1>&6 +echo "configure:3700: checking for logout" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_logout\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" util; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_logout" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs logout"@@@ +@@@libs="$libs util"@@@ +END + +eval "ac_tr_func=HAVE_`echo logout | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_logout=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_logout=yes" + eval "LIB_logout=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_logout=no" + eval "LIB_logout=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_logout=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_logout"; then + LIBS="$LIB_logout $LIBS" +fi + + + +echo $ac_n "checking for tgetent""... $ac_c" 1>&6 +echo "configure:3786: checking for tgetent" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" termcap; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_tgetent" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs tgetent"@@@ +@@@libs="$libs termcap"@@@ +END + +eval "ac_tr_func=HAVE_`echo tgetent | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_tgetent=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_tgetent=yes" + eval "LIB_tgetent=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_tgetent=no" + eval "LIB_tgetent=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_tgetent=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + +# If we find X, set shell vars x_includes and x_libraries to the +# paths, otherwise set no_x=yes. +# Uses ac_ vars as temps to allow command line to override cache and checks. +# --without-x overrides everything else, but does not touch the cache. +echo $ac_n "checking for X""... $ac_c" 1>&6 +echo "configure:3871: checking for X" >&5 + +# Check whether --with-x or --without-x was given. +if test "${with_x+set}" = set; then + withval="$with_x" + : +fi + +# $have_x is `yes', `no', `disabled', or empty when we do not yet know. +if test "x$with_x" = xno; then + # The user explicitly disabled X. + have_x=disabled +else + if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then + # Both variables are already set. + have_x=yes + else +if eval "test \"`echo '$''{'ac_cv_have_x'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # One or both of the vars are not set, and there is no cached value. +ac_x_includes=NO ac_x_libraries=NO +rm -fr conftestdir +if mkdir conftestdir; then + cd conftestdir + # Make sure to not put "make" in the Imakefile rules, since we grep it out. + cat > Imakefile <<'EOF' +acfindx: + @echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"' +EOF + if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then + # GNU make sometimes prints "make[1]: Entering...", which would confuse us. + eval `${MAKE-make} acfindx 2>/dev/null | grep -v make` + # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR. + for ac_extension in a so sl; do + if test ! -f $ac_im_usrlibdir/libX11.$ac_extension && + test -f $ac_im_libdir/libX11.$ac_extension; then + ac_im_usrlibdir=$ac_im_libdir; break + fi + done + # Screen out bogus values from the imake configuration. They are + # bogus both because they are the default anyway, and because + # using them would break gcc on systems where it needs fixed includes. + case "$ac_im_incroot" in + /usr/include) ;; + *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes="$ac_im_incroot" ;; + esac + case "$ac_im_usrlibdir" in + /usr/lib | /lib) ;; + *) test -d "$ac_im_usrlibdir" && ac_x_libraries="$ac_im_usrlibdir" ;; + esac + fi + cd .. + rm -fr conftestdir +fi + +if test "$ac_x_includes" = NO; then + # Guess where to find include files, by looking for this one X11 .h file. + test -z "$x_direct_test_include" && x_direct_test_include=X11/Intrinsic.h + + # First, try using that file with no special directory specified. +cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:3938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + # We can compile using X headers with no special include directory. +ac_x_includes= +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + # Look for the header file in a standard set of common directories. +# Check X11 before X11Rn because it is often a symlink to the current release. + for ac_dir in \ + /usr/X11/include \ + /usr/X11R6/include \ + /usr/X11R5/include \ + /usr/X11R4/include \ + \ + /usr/include/X11 \ + /usr/include/X11R6 \ + /usr/include/X11R5 \ + /usr/include/X11R4 \ + \ + /usr/local/X11/include \ + /usr/local/X11R6/include \ + /usr/local/X11R5/include \ + /usr/local/X11R4/include \ + \ + /usr/local/include/X11 \ + /usr/local/include/X11R6 \ + /usr/local/include/X11R5 \ + /usr/local/include/X11R4 \ + \ + /usr/X386/include \ + /usr/x386/include \ + /usr/XFree86/include/X11 \ + \ + /usr/include \ + /usr/local/include \ + /usr/unsupported/include \ + /usr/athena/include \ + /usr/local/x11r5/include \ + /usr/lpp/Xamples/include \ + \ + /usr/openwin/include \ + /usr/openwin/share/include \ + ; \ + do + if test -r "$ac_dir/$x_direct_test_include"; then + ac_x_includes=$ac_dir + break + fi + done +fi +rm -f conftest* +fi # $ac_x_includes = NO + +if test "$ac_x_libraries" = NO; then + # Check for the libraries. + + test -z "$x_direct_test_library" && x_direct_test_library=Xt + test -z "$x_direct_test_function" && x_direct_test_function=XtMalloc + + # See if we find them without any special options. + # Don't add to $LIBS permanently. + ac_save_LIBS="$LIBS" + LIBS="-l$x_direct_test_library $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + LIBS="$ac_save_LIBS" +# We can link X programs with no special library path. +ac_x_libraries= +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + LIBS="$ac_save_LIBS" +# First see if replacing the include by lib works. +# Check X11 before X11Rn because it is often a symlink to the current release. +for ac_dir in `echo "$ac_x_includes" | sed s/include/lib/` \ + /usr/X11/lib \ + /usr/X11R6/lib \ + /usr/X11R5/lib \ + /usr/X11R4/lib \ + \ + /usr/lib/X11 \ + /usr/lib/X11R6 \ + /usr/lib/X11R5 \ + /usr/lib/X11R4 \ + \ + /usr/local/X11/lib \ + /usr/local/X11R6/lib \ + /usr/local/X11R5/lib \ + /usr/local/X11R4/lib \ + \ + /usr/local/lib/X11 \ + /usr/local/lib/X11R6 \ + /usr/local/lib/X11R5 \ + /usr/local/lib/X11R4 \ + \ + /usr/X386/lib \ + /usr/x386/lib \ + /usr/XFree86/lib/X11 \ + \ + /usr/lib \ + /usr/local/lib \ + /usr/unsupported/lib \ + /usr/athena/lib \ + /usr/local/x11r5/lib \ + /usr/lpp/Xamples/lib \ + /lib/usr/lib/X11 \ + \ + /usr/openwin/lib \ + /usr/openwin/share/lib \ + ; \ +do + for ac_extension in a so sl; do + if test -r $ac_dir/lib${x_direct_test_library}.$ac_extension; then + ac_x_libraries=$ac_dir + break 2 + fi + done +done +fi +rm -f conftest* +fi # $ac_x_libraries = NO + +if test "$ac_x_includes" = NO || test "$ac_x_libraries" = NO; then + # Didn't find X anywhere. Cache the known absence of X. + ac_cv_have_x="have_x=no" +else + # Record where we found X for the cache. + ac_cv_have_x="have_x=yes \ + ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries" +fi +fi + fi + eval "$ac_cv_have_x" +fi # $with_x != no + +if test "$have_x" != yes; then + echo "$ac_t""$have_x" 1>&6 + no_x=yes +else + # If each of the values was on the command line, it overrides each guess. + test "x$x_includes" = xNONE && x_includes=$ac_x_includes + test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries + # Update the cache value to reflect the command line values. + ac_cv_have_x="have_x=yes \ + ac_x_includes=$x_includes ac_x_libraries=$x_libraries" + echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6 +fi + +if test "$no_x" = yes; then + # Not all programs may use this symbol, but it does not hurt to define it. + cat >> confdefs.h <<\EOF +#define X_DISPLAY_MISSING 1 +EOF + + X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS= +else + if test -n "$x_includes"; then + X_CFLAGS="$X_CFLAGS -I$x_includes" + fi + + # It would also be nice to do this for all -L options, not just this one. + if test -n "$x_libraries"; then + X_LIBS="$X_LIBS -L$x_libraries" + # For Solaris; some versions of Sun CC require a space after -R and + # others require no space. Words are not sufficient . . . . + case "`(uname -sr) 2>/dev/null`" in + "SunOS 5"*) + echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 +echo "configure:4120: checking whether -R must be followed by a space" >&5 + ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_R_nospace=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_R_nospace=no +fi +rm -f conftest* + if test $ac_R_nospace = yes; then + echo "$ac_t""no" 1>&6 + X_LIBS="$X_LIBS -R$x_libraries" + else + LIBS="$ac_xsave_LIBS -R $x_libraries" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_R_space=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_R_space=no +fi +rm -f conftest* + if test $ac_R_space = yes; then + echo "$ac_t""yes" 1>&6 + X_LIBS="$X_LIBS -R $x_libraries" + else + echo "$ac_t""neither works" 1>&6 + fi + fi + LIBS="$ac_xsave_LIBS" + esac + fi + + # Check for system-dependent libraries X programs must link with. + # Do this before checking for the system-independent R6 libraries + # (-lICE), since we may need -lsocket or whatever for X linking. + + if test "$ISC" = yes; then + X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet" + else + # Martyn.Johnson@cl.cam.ac.uk says this is needed for Ultrix, if the X + # libraries were built with DECnet support. And karl@cs.umb.edu says + # the Alpha needs dnet_stub (dnet does not exist). + echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 +echo "configure:4185: checking for dnet_ntoa in -ldnet" >&5 +ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldnet $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet" +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_lib_dnet_dnet_ntoa = no; then + echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 +echo "configure:4226: checking for dnet_ntoa in -ldnet_stub" >&5 +ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldnet_stub $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT, + # to get the SysV transport functions. + # chad@anasazi.com says the Pyramis MIS-ES running DC/OSx (SVR4) + # needs -lnsl. + # The nsl library prevents programs from opening the X display + # on Irix 5.2, according to dickey@clark.net. + echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 +echo "configure:4274: checking for gethostbyname" >&5 +if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char gethostbyname(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname) +choke me +#else +gethostbyname(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_gethostbyname=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_gethostbyname=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'gethostbyname`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_gethostbyname = no; then + echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 +echo "configure:4323: checking for gethostbyname in -lnsl" >&5 +ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnsl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # lieder@skyler.mavd.honeywell.com says without -lsocket, + # socket/setsockopt and other routines are undefined under SCO ODT + # 2.0. But -lsocket is broken on IRIX 5.2 (and is not necessary + # on later versions), says simon@lia.di.epfl.ch: it contains + # gethostby* variants that don't use the nameserver (or something). + # -lsocket must be given before -lnsl if both are needed. + # We assume that if connect needs -lnsl, so does gethostbyname. + echo $ac_n "checking for connect""... $ac_c" 1>&6 +echo "configure:4372: checking for connect" >&5 +if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char connect(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_connect) || defined (__stub___connect) +choke me +#else +connect(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_connect=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_connect=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'connect`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_connect = no; then + echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 +echo "configure:4421: checking for connect in -lsocket" >&5 +ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsocket $X_EXTRA_LIBS $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. + echo $ac_n "checking for remove""... $ac_c" 1>&6 +echo "configure:4464: checking for remove" >&5 +if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char remove(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_remove) || defined (__stub___remove) +choke me +#else +remove(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_remove=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_remove=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'remove`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_remove = no; then + echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 +echo "configure:4513: checking for remove in -lposix" >&5 +ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lposix $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. + echo $ac_n "checking for shmat""... $ac_c" 1>&6 +echo "configure:4556: checking for shmat" >&5 +if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char shmat(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_shmat) || defined (__stub___shmat) +choke me +#else +shmat(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_shmat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_shmat=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'shmat`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_shmat = no; then + echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 +echo "configure:4605: checking for shmat in -lipc" >&5 +ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lipc $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc" +else + echo "$ac_t""no" 1>&6 +fi + + fi + fi + + # Check for libraries that X11R6 Xt/Xaw programs need. + ac_save_LDFLAGS="$LDFLAGS" + test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries" + # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to + # check for ICE first), but we must link in the order -lSM -lICE or + # we get undefined symbols. So assume we have SM if we have ICE. + # These have to be linked with before -lX11, unlike the other + # libraries we check for below, so use a different variable. + # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. + echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 +echo "configure:4657: checking for IceConnectionNumber in -lICE" >&5 +ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lICE $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" +else + echo "$ac_t""no" 1>&6 +fi + + LDFLAGS="$ac_save_LDFLAGS" + +fi + +if test "$no_x" = "yes" ; then + MAKE_X_PROGS_BIN="" + MAKE_X_PROGS_LIBEXEC="" +else + MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' + MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' +fi + +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + + + +echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6 +echo "configure:4718: checking for XauReadAuth" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" Xau X11; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_XauReadAuth" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs XauReadAuth"@@@ +@@@libs="$libs Xau X11"@@@ +END + +eval "ac_tr_func=HAVE_`echo XauReadAuth | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_XauReadAuth=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_XauReadAuth=yes" + eval "LIB_XauReadAuth=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_XauReadAuth=no" + eval "LIB_XauReadAuth=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_XauReadAuth=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +ac_xxx="$LIBS" +LIBS="$LIB_XauReadAuth $LIBS" +for ac_func in XauWriteAuth +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:4802: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test "$ac_cv_func_XauWriteAuth" != "yes"; then + XauWriteAuth_c=writeauth.c + XauWriteAuth_o=writeauth.o +fi +LIBS="$ac_xxx" + +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS + + +save_LIBS="$LIBS" + + +echo $ac_n "checking for dbopen""... $ac_c" 1>&6 +echo "configure:4869: checking for dbopen" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dbopen'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $berkeley_db; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dbopen" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dbopen"@@@ +@@@libs="$libs $berkeley_db"@@@ +END + +eval "ac_tr_func=HAVE_`echo dbopen | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dbopen=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dbopen=yes" + eval "LIB_dbopen=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_dbopen=no" + eval "LIB_dbopen=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dbopen=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +LIBS="$LIB_dbopen $LIBS" + + +echo $ac_n "checking for dbm_firstkey""... $ac_c" 1>&6 +echo "configure:4952: checking for dbm_firstkey" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dbm_firstkey'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $berkeley_db gdbm ndbm; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dbm_firstkey" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dbm_firstkey"@@@ +@@@libs="$libs $berkeley_db gdbm ndbm"@@@ +END + +eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dbm_firstkey=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dbm_firstkey=yes" + eval "LIB_dbm_firstkey=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_dbm_firstkey=no" + eval "LIB_dbm_firstkey=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dbm_firstkey=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_dbopen"; then + LIB_DBM="$LIB_dbopen" +else + LIB_DBM="$LIB_dbm_firstkey" +fi +LIBS="$save_LIBS" + + + + +echo $ac_n "checking for syslog""... $ac_c" 1>&6 +echo "configure:5042: checking for syslog" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_syslog\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" syslog; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_syslog" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs syslog"@@@ +@@@libs="$libs syslog"@@@ +END + +eval "ac_tr_func=HAVE_`echo syslog | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_syslog=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_syslog=yes" + eval "LIB_syslog=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_syslog=no" + eval "LIB_syslog=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_syslog=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_syslog"; then + LIBS="$LIB_syslog $LIBS" +fi + + +echo $ac_n "checking for working snprintf""... $ac_c" 1>&6 +echo "configure:5127: checking for working snprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_func_snprintf_working=yes +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#include +int main() +{ + char foo[3]; + snprintf(foo, 2, "12"); + return strcmp(foo, "1"); +} +EOF +if { (eval echo configure:5148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_snprintf_working=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6 +: << END +@@@funcs="$funcs snprintf"@@@ +END +if test "$ac_cv_func_snprintf_working" = yes; then + foo=HAVE_SNPRINTF + cat >> confdefs.h <&6 +echo "configure:5177: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + + +for ac_func in _getpty _scrsize _setsid _stricmp fchmod fcntl flock +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5234: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in forkpty frevoke gethostname getlogin getpriority getservbyname +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5289: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5317: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in getspnam getspuid gettimeofday getuid grantpt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5344: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in innetgr iruserok mktime ptsname rand random +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5399: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in revoke setitimer setlogin setpgid setpriority +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5454: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in setproctitle setregid setresgid setresuid setreuid setsid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5509: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in setutent swab ttyname ttyslot ulimit uname +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5564: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in unlockpt vhangup yp_get_default_domain +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5619: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + + +echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6 +echo "configure:5674: checking for getpwnam_r" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" c_r; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getpwnam_r" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getpwnam_r"@@@ +@@@libs="$libs c_r"@@@ +END + +eval "ac_tr_func=HAVE_`echo getpwnam_r | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getpwnam_r=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getpwnam_r=yes" + eval "LIB_getpwnam_r=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_getpwnam_r=no" + eval "LIB_getpwnam_r=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getpwnam_r=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test "$ac_cv_func_getpwnam_r" = yes; then + echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6 +echo "configure:5755: checking if getpwnam_r is posix" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +int main() +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} + +EOF +if { (eval echo configure:5776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getpwnam_r_posix=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_getpwnam_r_posix=no +fi +rm -fr conftest* +fi + +LIBS="$ac_libs" +fi + +echo "$ac_t""$ac_cv_func_getpwnam_r_posix" 1>&6 +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + cat >> confdefs.h <<\EOF +#define POSIX_GETPWNAM_R 1 +EOF + +fi +fi + + + +echo $ac_n "checking for getsockopt""... $ac_c" 1>&6 +echo "configure:5803: checking for getsockopt" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +int main() { +getsockopt(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:5828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getsockopt" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getsockopt"@@@ +@@@libs="$libs "@@@ +END + +eval "ac_tr_func=HAVE_`echo getsockopt | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getsockopt=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getsockopt=yes" + eval "LIB_getsockopt=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_getsockopt=no" + eval "LIB_getsockopt=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getsockopt=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + + +echo $ac_n "checking for setsockopt""... $ac_c" 1>&6 +echo "configure:5890: checking for setsockopt" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +int main() { +setsockopt(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:5915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_setsockopt" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs setsockopt"@@@ +@@@libs="$libs "@@@ +END + +eval "ac_tr_func=HAVE_`echo setsockopt | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_setsockopt=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_setsockopt=yes" + eval "LIB_setsockopt=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_setsockopt=no" + eval "LIB_setsockopt=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_setsockopt=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + +for ac_func in getudbnam setlim +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5978: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + + + + +echo $ac_n "checking for res_search""... $ac_c" 1>&6 +echo "configure:6035: checking for res_search" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_res_search\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif + +int main() { +res_search(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:6069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_res_search" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs res_search"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo res_search | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_res_search=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_res_search=yes" + eval "LIB_res_search=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_res_search=no" + eval "LIB_res_search=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_res_search=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_res_search"; then + LIBS="$LIB_res_search $LIBS" +fi + + + + + +echo $ac_n "checking for dn_expand""... $ac_c" 1>&6 +echo "configure:6137: checking for dn_expand" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif + +int main() { +dn_expand(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:6171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dn_expand" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dn_expand"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo dn_expand | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dn_expand=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dn_expand=yes" + eval "LIB_dn_expand=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_dn_expand=no" + eval "LIB_dn_expand=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dn_expand=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_dn_expand"; then + LIBS="$LIB_dn_expand $LIBS" +fi + + + +for ac_hdr in unistd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:6240: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:6250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in getpagesize +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6279: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +echo $ac_n "checking for working mmap""... $ac_c" 1>&6 +echo "configure:6332: checking for working mmap" >&5 +if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_mmap_fixed_mapped=no +else + cat > conftest.$ac_ext < +#include +#include + +/* This mess was copied from the GNU getpagesize.h. */ +#ifndef HAVE_GETPAGESIZE +# ifdef HAVE_UNISTD_H +# include +# endif + +/* Assume that all systems that can run configure have sys/param.h. */ +# ifndef HAVE_SYS_PARAM_H +# define HAVE_SYS_PARAM_H 1 +# endif + +# ifdef _SC_PAGESIZE +# define getpagesize() sysconf(_SC_PAGESIZE) +# else /* no _SC_PAGESIZE */ +# ifdef HAVE_SYS_PARAM_H +# include +# ifdef EXEC_PAGESIZE +# define getpagesize() EXEC_PAGESIZE +# else /* no EXEC_PAGESIZE */ +# ifdef NBPG +# define getpagesize() NBPG * CLSIZE +# ifndef CLSIZE +# define CLSIZE 1 +# endif /* no CLSIZE */ +# else /* no NBPG */ +# ifdef NBPC +# define getpagesize() NBPC +# else /* no NBPC */ +# ifdef PAGESIZE +# define getpagesize() PAGESIZE +# endif /* PAGESIZE */ +# endif /* no NBPC */ +# endif /* no NBPG */ +# endif /* no EXEC_PAGESIZE */ +# else /* no HAVE_SYS_PARAM_H */ +# define getpagesize() 8192 /* punt totally */ +# endif /* no HAVE_SYS_PARAM_H */ +# endif /* no _SC_PAGESIZE */ + +#endif /* no HAVE_GETPAGESIZE */ + +#ifdef __cplusplus +extern "C" { void *malloc(unsigned); } +#else +char *malloc(); +#endif + +int +main() +{ + char *data, *data2, *data3; + int i, pagesize; + int fd; + + pagesize = getpagesize(); + + /* + * First, make a file with some known garbage in it. + */ + data = malloc(pagesize); + if (!data) + exit(1); + for (i = 0; i < pagesize; ++i) + *(data + i) = rand(); + umask(0); + fd = creat("conftestmmap", 0600); + if (fd < 0) + exit(1); + if (write(fd, data, pagesize) != pagesize) + exit(1); + close(fd); + + /* + * Next, try to mmap the file at a fixed address which + * already has something else allocated at it. If we can, + * also make sure that we see the same garbage. + */ + fd = open("conftestmmap", O_RDWR); + if (fd < 0) + exit(1); + data2 = malloc(2 * pagesize); + if (!data2) + exit(1); + data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1); + if (data2 != mmap(data2, pagesize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_FIXED, fd, 0L)) + exit(1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data2 + i)) + exit(1); + + /* + * Finally, make sure that changes to the mapped area + * do not percolate back to the file as seen by read(). + * (This is a bug on some variants of i386 svr4.0.) + */ + for (i = 0; i < pagesize; ++i) + *(data2 + i) = *(data2 + i) + 1; + data3 = malloc(pagesize); + if (!data3) + exit(1); + if (read(fd, data3, pagesize) != pagesize) + exit(1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data3 + i)) + exit(1); + close(fd); + unlink("conftestmmap"); + exit(0); +} + +EOF +if { (eval echo configure:6480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_mmap_fixed_mapped=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_mmap_fixed_mapped=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_mmap_fixed_mapped" 1>&6 +if test $ac_cv_func_mmap_fixed_mapped = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_MMAP 1 +EOF + +fi + +# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works +# for constant arguments. Useless! +echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 +echo "configure:6505: checking for working alloca.h" >&5 +if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +int main() { +char *p = alloca(2 * sizeof(int)); +; return 0; } +EOF +if { (eval echo configure:6517: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_header_alloca_h=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_alloca_h=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_alloca_h" 1>&6 +if test $ac_cv_header_alloca_h = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ALLOCA_H 1 +EOF + +fi + +echo $ac_n "checking for alloca""... $ac_c" 1>&6 +echo "configure:6538: checking for alloca" >&5 +if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +# else +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ +char *alloca (); +# endif +# endif +# endif +#endif + +int main() { +char *p = (char *) alloca(1); +; return 0; } +EOF +if { (eval echo configure:6566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_func_alloca_works=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_func_alloca_works=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_alloca_works" 1>&6 +if test $ac_cv_func_alloca_works = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ALLOCA 1 +EOF + +fi + +if test $ac_cv_func_alloca_works = no; then + # The SVR3 libPW and SVR4 libucb both contain incompatible functions + # that cause trouble. Some versions do not even contain alloca or + # contain a buggy version. If you still want to use their alloca, + # use ar to extract alloca.o from them instead of compiling alloca.c. + ALLOCA=alloca.o + cat >> confdefs.h <<\EOF +#define C_ALLOCA 1 +EOF + + +echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 +echo "configure:6598: checking whether alloca needs Cray hooks" >&5 +if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <&5 | + egrep "webecray" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_os_cray=yes +else + rm -rf conftest* + ac_cv_os_cray=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_os_cray" 1>&6 +if test $ac_cv_os_cray = yes; then +for ac_func in _getb67 GETB67 getb67; do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6628: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <&6 +fi + +done +fi + +echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 +echo "configure:6683: checking stack direction for C alloca" >&5 +if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_c_stack_direction=0 +else + cat > conftest.$ac_ext < addr) ? 1 : -1; +} +main () +{ + exit (find_stack_direction() < 0); +} +EOF +if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_c_stack_direction=1 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_stack_direction=-1 +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_c_stack_direction" 1>&6 +cat >> confdefs.h <&6 +echo "configure:6738: checking if getlogin is posix" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no +else + ac_cv_func_getlogin_posix=yes +fi + +fi + +echo "$ac_t""$ac_cv_func_getlogin_posix" 1>&6 +if test "$ac_cv_func_getlogin_posix" = yes; then + cat >> confdefs.h <<\EOF +#define POSIX_GETLOGIN 1 +EOF + +fi +fi + + + + +echo $ac_n "checking for hstrerror""... $ac_c" 1>&6 +echo "configure:6764: checking for hstrerror" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext < +#endif +int main() { +hstrerror(17) +; return 0; } +EOF +if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_hstrerror" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs hstrerror"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo hstrerror | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_hstrerror=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_hstrerror=yes" + eval "LIB_hstrerror=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_hstrerror=no" + eval "LIB_hstrerror=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_hstrerror=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + +if test -n "$LIB_hstrerror"; then + LIBS="$LIB_hstrerror $LIBS" +fi + +if eval "test \"$ac_cv_func_hstrerror\" != yes"; then +LIBOBJS="$LIBOBJS hstrerror.o" +fi + + +for ac_func in chown daemon err errx fchown getcwd getdtablesize getopt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6857: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs chown daemon err errx fchown getcwd getdtablesize getopt"@@@ +END +done + +for ac_func in getusershell inet_aton initgroups lstat memmove mkstemp +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6919: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getusershell inet_aton initgroups lstat memmove mkstemp"@@@ +END +done + +for ac_func in putenv rcmd setegid setenv seteuid strcasecmp strdup +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6981: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs putenv rcmd setegid setenv seteuid strcasecmp strdup"@@@ +END +done + +for ac_func in strerror strftime strlwr strnlen strtok_r strupr unsetenv +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7043: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs strerror strftime strlwr strnlen strtok_r strupr unsetenv"@@@ +END +done + +for ac_func in verr verrx vwarn vwarnx warn warnx +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7105: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs verr verrx vwarn vwarnx warn warnx"@@@ +END +done + + + +if test "$ac_cv_func_getcwd" = yes; then +echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6 +echo "configure:7168: checking if getcwd is broken" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_cv_func_getcwd_broken=no + +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +char *getcwd(char*, int); + +void *popen(char *cmd, char *mode) +{ + errno = ENOTTY; + return 0; +} + +int main() +{ + char *ret; + ret = getcwd(0, 1024); + if(ret == 0 && errno == ENOTTY) + return 0; + return 1; +} + +EOF +if { (eval echo configure:7201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getcwd_broken=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + : +fi +rm -fr conftest* +fi + + +fi + +if test "$ac_cv_func_getcwd_broken" = yes; then + cat >> confdefs.h <<\EOF +#define BROKEN_GETCWD 1 +EOF + LIBOBJS="$LIBOBJS getcwd.o" + echo "$ac_t""$ac_cv_func_getcwd_broken" 1>&6 +else + echo "$ac_t""seems ok" 1>&6 +fi +fi + + + +echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6 +echo "configure:7230: checking which authentication modules should be built" >&5 + +LIB_AUTH_SUBDIRS= + +if test "$ac_cv_header_siad_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" +fi + +if test "$ac_cv_header_security_pam_modules_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" +fi + +case "${host}" in +*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; +esac + +echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6 + + + +echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6 +echo "configure:7251: checking for tunnel devices" >&5 + +APPL_KIP_DIR= + +if test "$ac_cv_header_net_if_tun_h" = "yes"; then + APPL_KIP_DIR=kip +fi + +echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6 + + + + +echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6 +echo "configure:7265: checking if crypt needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +int main() { +struct foo { int foo; } xx; +extern int crypt (struct foo*); +crypt(&xx); + +; return 0; } +EOF +if { (eval echo configure:7287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_crypt_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_crypt_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_crypt_noproto" 1>&6 + +if test "$ac_cv_func_crypt_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_CRYPT_PROTO 1 +EOF + +fi +: << END +@@@syms="$syms NEED_CRYPT_PROTO"@@@ +END + + + + +echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6 +echo "configure:7315: checking if strtok_r needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < + +int main() { +struct foo { int foo; } xx; +extern int strtok_r (struct foo*); +strtok_r(&xx); + +; return 0; } +EOF +if { (eval echo configure:7332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_strtok_r_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_strtok_r_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_strtok_r_noproto" 1>&6 + +if test "$ac_cv_func_strtok_r_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_STRTOK_R_PROTO 1 +EOF + +fi +: << END +@@@syms="$syms NEED_STRTOK_R_PROTO"@@@ +END + + + + +echo $ac_n "checking for h_errno""... $ac_c" 1>&6 +echo "configure:7360: checking for h_errno" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_errno=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_errno=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_ERRNO" + + +: << END +@@@syms="$syms HAVE_H_ERRNO"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6 +if test `eval echo \\$ac_cv_var_h_errno` = yes; then + cat >> confdefs.h <&6 +echo "configure:7403: checking if h_errno is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +#ifdef HAVE_NETDB_H +#include +#endif +extern struct { int foo; } h_errno; +int main() { +h_errno.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7422: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_errno_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_errno_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_ERRNO_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_ERRNO_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7457: checking for h_errlist" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_errlist=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_errlist=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_ERRLIST" + + +: << END +@@@syms="$syms HAVE_H_ERRLIST"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6 +if test `eval echo \\$ac_cv_var_h_errlist` = yes; then + cat >> confdefs.h <&6 +echo "configure:7500: checking if h_errlist is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +extern struct { int foo; } h_errlist; +int main() { +h_errlist.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_errlist_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_errlist_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_ERRLIST_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_ERRLIST_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7551: checking for h_nerr" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_nerr=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_nerr=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_NERR" + + +: << END +@@@syms="$syms HAVE_H_NERR"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6 +if test `eval echo \\$ac_cv_var_h_nerr` = yes; then + cat >> confdefs.h <&6 +echo "configure:7594: checking if h_nerr is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +extern struct { int foo; } h_nerr; +int main() { +h_nerr.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7610: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_nerr_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_nerr_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_NERR_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_NERR_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7645: checking for __progname" >&5 +if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var___progname=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var___progname=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE___PROGNAME" + + +: << END +@@@syms="$syms HAVE___PROGNAME"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6 +if test `eval echo \\$ac_cv_var___progname` = yes; then + cat >> confdefs.h <&6 +echo "configure:7688: checking if __progname is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +extern struct { int foo; } __progname; +int main() { +__progname.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var___progname_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var___progname_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE___PROGNAME_DECLARATION + + +: << END +@@@syms="$syms HAVE___PROGNAME_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6 +if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7739: checking if optarg is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +extern struct { int foo; } optarg; +int main() { +optarg.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7753: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optarg_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optarg_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTARG_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTARG_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7785: checking if optind is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +extern struct { int foo; } optind; +int main() { +optind.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optind_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optind_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTIND_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTIND_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7831: checking if opterr is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +extern struct { int foo; } opterr; +int main() { +opterr.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_opterr_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_opterr_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTERR_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTERR_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6 +if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7877: checking if optopt is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +extern struct { int foo; } optopt; +int main() { +optopt.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7891: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optopt_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optopt_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTOPT_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTOPT_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then + cat >> confdefs.h <&6 +echo "configure:7923: checking return type of signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifdef signal +#undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:7945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_signal=int +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_signal" 1>&6 +cat >> confdefs.h <> confdefs.h <<\EOF +#define VOID_RETSIGTYPE 1 +EOF + +fi + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_user" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_USER 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_host" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_HOST 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_addr" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_ADDR 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_type" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_TYPE 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_pid" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_PID 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_id" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_ID 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_syslen" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_SYSLEN 1 +EOF + +fi +rm -f conftest* + + +echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 +echo "configure:8077: checking for st_blksize in struct stat" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +int main() { +struct stat s; s.st_blksize; +; return 0; } +EOF +if { (eval echo configure:8090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_st_blksize=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_struct_st_blksize=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_struct_st_blksize" 1>&6 +if test $ac_cv_struct_st_blksize = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ST_BLKSIZE 1 +EOF + +fi + + + + +echo $ac_n "checking for struct winsize""... $ac_c" 1>&6 +echo "configure:8114: checking for struct winsize" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_cv_struct_winsize=no +for i in sys/termios.h sys/ioctl.h; do +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "struct[ ]*winsize" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_struct_winsize=yes; break +fi +rm -f conftest* +done + +fi + +if test "$ac_cv_struct_winsize" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_WINSIZE 1 +EOF +fi +echo "$ac_t""$ac_cv_struct_winsize" 1>&6 +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ws_xpixel" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_WS_XPIXEL 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ws_ypixel" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_WS_YPIXEL 1 +EOF + +fi +rm -f conftest* + + + + +echo $ac_n "checking for pid_t""... $ac_c" 1>&6 +echo "configure:8176: checking for pid_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_pid_t=yes +else + rm -rf conftest* + ac_cv_type_pid_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_pid_t" 1>&6 +if test $ac_cv_type_pid_t = no; then + cat >> confdefs.h <<\EOF +#define pid_t int +EOF + +fi + +echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 +echo "configure:8209: checking for uid_t in sys/types.h" >&5 +if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "uid_t" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_uid_t=yes +else + rm -rf conftest* + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_type_uid_t" 1>&6 +if test $ac_cv_type_uid_t = no; then + cat >> confdefs.h <<\EOF +#define uid_t int +EOF + + cat >> confdefs.h <<\EOF +#define gid_t int +EOF + +fi + +echo $ac_n "checking for off_t""... $ac_c" 1>&6 +echo "configure:8243: checking for off_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_off_t=yes +else + rm -rf conftest* + ac_cv_type_off_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_off_t" 1>&6 +if test $ac_cv_type_off_t = no; then + cat >> confdefs.h <<\EOF +#define off_t long +EOF + +fi + +echo $ac_n "checking for size_t""... $ac_c" 1>&6 +echo "configure:8276: checking for size_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_size_t=yes +else + rm -rf conftest* + ac_cv_type_size_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_size_t" 1>&6 +if test $ac_cv_type_size_t = no; then + cat >> confdefs.h <<\EOF +#define size_t unsigned +EOF + +fi + + + +echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6 +echo "configure:8311: checking for sa_len in struct sockaddr" >&5 +if eval "test \"`echo '$''{'krb_cv_struct_sockaddr_sa_len'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct sockaddr sa; +int foo = sa.sa_len; +; return 0; } +EOF +if { (eval echo configure:8326: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + krb_cv_struct_sockaddr_sa_len=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + krb_cv_struct_sockaddr_sa_len=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_struct_sockaddr_sa_len" 1>&6 +if test "$krb_cv_struct_sockaddr_sa_len" = yes; then + cat >> confdefs.h <<\EOF +#define SOCKADDR_HAS_SA_LEN 1 +EOF + +fi + + +if test "$ac_cv_header_siad_h" = yes; then +echo $ac_n "checking for ouid in struct siaentity""... $ac_c" 1>&6 +echo "configure:8350: checking for ouid in struct siaentity" >&5 +if eval "test \"`echo '$''{'krb_cv_struct_siaentity_ouid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < + +int main() { +SIAENTITY e; +int foo = e.ouid; +; return 0; } +EOF +if { (eval echo configure:8365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + krb_cv_struct_siaentity_ouid=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + krb_cv_struct_siaentity_ouid=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_struct_siaentity_ouid" 1>&6 +if test "$krb_cv_struct_siaentity_ouid" = yes; then + cat >> confdefs.h <<\EOF +#define SIAENTITY_HAS_OUID 1 +EOF + +fi +fi + + +echo $ac_n "checking for working getmsg""... $ac_c" 1>&6 +echo "configure:8389: checking for working getmsg" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_getmsg=no +else + cat > conftest.$ac_ext < + +int main() +{ + getmsg(open("/dev/null", 0), NULL, NULL, NULL); + return 0; +} + +EOF +if { (eval echo configure:8409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getmsg=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_getmsg=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_getmsg" 1>&6 +test "$ac_cv_func_getmsg" = "yes" && +cat >> confdefs.h <<\EOF +#define HAVE_GETMSG 1 +EOF + + + +save_LIBS="$LIBS" +LIBS="$LIB_DBM $LIBS" +echo $ac_n "checking for berkeley db""... $ac_c" 1>&6 +echo "configure:8434: checking for berkeley db" >&5 +if eval "test \"`echo '$''{'krb_cv_lib_berkeleydb'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + krb_cv_lib_berkeleydb=no +else + cat > conftest.$ac_ext < +#include +#include +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return access("conftest.db", F_OK) != 0; +} +EOF +if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + krb_cv_lib_berkeleydb=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + krb_cv_lib_berkeleydb=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$krb_cv_lib_berkeleydb" 1>&6 +test "$krb_cv_lib_berkeleydb" = "yes" && +cat >> confdefs.h <<\EOF +#define HAVE_NEW_DB 1 +EOF + +LIBS="$save_LIBS" + + + + +echo $ac_n "checking for el_init""... $ac_c" 1>&6 +echo "configure:8485: checking for el_init" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_el_init\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" edit; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_el_init" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs el_init"@@@ +@@@libs="$libs edit"@@@ +END + +eval "ac_tr_func=HAVE_`echo el_init | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_el_init=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_el_init=yes" + eval "LIB_el_init=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_el_init=no" + eval "LIB_el_init=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_el_init=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + + +echo $ac_n "checking for readline""... $ac_c" 1>&6 +echo "configure:8567: checking for readline" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_readline\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" readline; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_readline=\${ac_cv_funclib_readline-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_readline" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs readline"@@@ +@@@libs="$libs readline"@@@ +END + +eval "ac_tr_func=HAVE_`echo readline | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_readline=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_readline=yes" + eval "LIB_readline=" + cat >> confdefs.h <&6 + ;; + no) + eval "ac_cv_func_readline=no" + eval "LIB_readline=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_readline=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <> confdefs.h <&6 + ;; +esac + + + +if test "$with_readline"; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS= + LIB_readline="$READLINELIB "'$(LIB_tgetent)' + INCLUDE_readline="$READLINEINCLUDE" +elif test "$ac_cv_func_el_init" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + + editline_OBJS=edit_compat.o + LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' + + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +elif test "$ac_cv_func_readline" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS= + LIB_readline='-lreadline $(LIB_tgetent)' + INCLUDE_readline= +else + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS="editline.o complete.o sysunix.o" + LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +fi + + + + + +cat >> confdefs.h <<\EOF +#define AUTHENTICATION 1 +EOF +cat >> confdefs.h <<\EOF +#define KRB4 1 +EOF +cat >> confdefs.h <<\EOF +#define ENCRYPTION 1 +EOF +cat >> confdefs.h <<\EOF +#define DES_ENCRYPTION 1 +EOF +cat >> confdefs.h <<\EOF +#define DIAGNOSTICS 1 +EOF +cat >> confdefs.h <<\EOF +#define OLD_ENVIRON 1 +EOF + +# Simple test for streamspty, based on the existance of getmsg(), alas +# this breaks on SunOS4 which have streams but BSD-like ptys +# +# And also something wierd has happend with dec-osf1, fallback to bsd-ptys + +echo $ac_n "checking for streamspty""... $ac_c" 1>&6 +echo "configure:8712: checking for streamspty" >&5 +case "`uname -sr`" in +SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) + krb_cv_sys_streamspty=no + ;; +AIX*) + os_rel=`uname -v`.`uname -r` + if expr "$os_rel" : "3*" >/dev/null 2>&1; then + krb_cv_sys_streamspty=no + else + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + fi + ;; +*) + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + ;; +esac +if test "$krb_cv_sys_streamspty" = yes; then + cat >> confdefs.h <<\EOF +#define STREAMSPTY 1 +EOF + +fi +echo "$ac_t""$krb_cv_sys_streamspty" 1>&6 + +echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6 +echo "configure:8738: checking if /bin/ls takes -A" >&5 +if /bin/ls -A > /dev/null 2>&1 ;then + cat >> confdefs.h <<\EOF +#define HAVE_LS_A 1 +EOF + + krb_ls_a=yes +else + krb_ls_a=no +fi +echo "$ac_t""$krb_ls_a" 1>&6 + +echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6 +echo "configure:8751: checking for suffix of preformatted manual pages" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if grep _version /etc/man.conf > /dev/null 2>&1; then + krb_cv_sys_cat_suffix=0 +else + krb_cv_sys_cat_suffix=number +fi +fi + +echo "$ac_t""$krb_cv_sys_cat_suffix" 1>&6 +if test "$krb_cv_sys_cat_suffix" = number; then + CATSUFFIX='$$s' +else + CATSUFFIX=0 +fi + + + +KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' +if test "$krb_cv_sys_aix" = yes; then + KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" +fi + + + + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +for i in bin lib libexec sbin; do + i=${i}dir + foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` + x="\$${i}" + eval y="$x" + while test "x$y" != "x$x"; do + x="$y" + eval y="$x" + done + cat >> confdefs.h < confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set) 2>&1 | grep '^ac_space'` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +DEFS=-DHAVE_CONFIG_H + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS </dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.12" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "\ +Makefile \ +include/Makefile \ +include/sys/Makefile \ + \ +util/Makefile \ +util/et/Makefile \ + \ +man/Makefile \ + \ +lib/Makefile \ +lib/des/Makefile \ +lib/krb/Makefile \ +lib/kdb/Makefile \ +lib/kadm/Makefile \ +lib/acl/Makefile \ +lib/kafs/Makefile \ +lib/roken/Makefile \ +lib/otp/Makefile \ +lib/sl/Makefile \ +lib/editline/Makefile \ +lib/auth/Makefile \ +lib/auth/pam/Makefile \ +lib/auth/sia/Makefile \ +lib/auth/afskauthlib/Makefile \ + \ +kuser/Makefile \ +server/Makefile \ +slave/Makefile \ +admin/Makefile \ +kadmin/Makefile \ + \ +appl/Makefile \ + \ +appl/afsutil/Makefile \ +appl/ftp/Makefile \ +appl/ftp/common/Makefile \ +appl/ftp/ftp/Makefile \ +appl/ftp/ftpd/Makefile \ +appl/telnet/Makefile \ +appl/telnet/libtelnet/Makefile \ +appl/telnet/telnet/Makefile \ +appl/telnet/telnetd/Makefile \ +appl/bsd/Makefile \ +appl/kauth/Makefile \ +appl/kpopper/Makefile \ +appl/movemail/Makefile \ +appl/sample/Makefile \ +appl/xnlock/Makefile \ +appl/kx/Makefile \ +appl/kip/Makefile \ +appl/otp/Makefile \ +doc/Makefile \ + include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@PACKAGE@%$PACKAGE%g +s%@VERSION@%$VERSION%g +s%@host@%$host%g +s%@host_alias@%$host_alias%g +s%@host_cpu@%$host_cpu%g +s%@host_vendor@%$host_vendor%g +s%@host_os@%$host_os%g +s%@SET_MAKE@%$SET_MAKE%g +s%@LN_S@%$LN_S%g +s%@CC@%$CC%g +s%@CPP@%$CPP%g +s%@YACC@%$YACC%g +s%@LEX@%$LEX%g +s%@LEXLIB@%$LEXLIB%g +s%@RANLIB@%$RANLIB%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@MAKEINFO@%$MAKEINFO%g +s%@SOCKSINCLUDE@%$SOCKSINCLUDE%g +s%@SOCKSLIB@%$SOCKSLIB%g +s%@CRACKLIB@%$CRACKLIB%g +s%@READLINEINCLUDE@%$READLINEINCLUDE%g +s%@READLINELIB@%$READLINELIB%g +s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g +s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g +s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g +s%@PICFLAGS@%$PICFLAGS%g +s%@SHLIBEXT@%$SHLIBEXT%g +s%@LDSHARED@%$LDSHARED%g +s%@LD_FLAGS@%$LD_FLAGS%g +s%@LIBEXT@%$LIBEXT%g +s%@LIBPREFIX@%$LIBPREFIX%g +s%@EXECSUFFIX@%$EXECSUFFIX%g +s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g +s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g +s%@ac_cv_header_sys_cdefs_h@%$ac_cv_header_sys_cdefs_h%g +s%@ac_cv_header_err_h@%$ac_cv_header_err_h%g +s%@LIB_socket@%$LIB_socket%g +s%@LIB_gethostbyname@%$LIB_gethostbyname%g +s%@LIB_odm_initialize@%$LIB_odm_initialize%g +s%@LIB_getattr@%$LIB_getattr%g +s%@LIB_setpcred@%$LIB_setpcred%g +s%@LIB_logwtmp@%$LIB_logwtmp%g +s%@LIB_logout@%$LIB_logout%g +s%@LIB_tgetent@%$LIB_tgetent%g +s%@X_CFLAGS@%$X_CFLAGS%g +s%@X_PRE_LIBS@%$X_PRE_LIBS%g +s%@X_LIBS@%$X_LIBS%g +s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g +s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g +s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g +s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g +s%@XauWriteAuth_c@%$XauWriteAuth_c%g +s%@XauWriteAuth_o@%$XauWriteAuth_o%g +s%@LIB_dbopen@%$LIB_dbopen%g +s%@LIB_dbm_firstkey@%$LIB_dbm_firstkey%g +s%@LIB_DBM@%$LIB_DBM%g +s%@LIB_syslog@%$LIB_syslog%g +s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g +s%@LIB_getsockopt@%$LIB_getsockopt%g +s%@LIB_setsockopt@%$LIB_setsockopt%g +s%@LIB_res_search@%$LIB_res_search%g +s%@LIB_dn_expand@%$LIB_dn_expand%g +s%@ALLOCA@%$ALLOCA%g +s%@LIB_hstrerror@%$LIB_hstrerror%g +s%@LIBOBJS@%$LIBOBJS%g +s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g +s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g +s%@LIB_el_init@%$LIB_el_init%g +s%@LIB_readline@%$LIB_readline%g +s%@INCLUDE_readline@%$INCLUDE_readline%g +s%@editline_OBJS@%$editline_OBJS%g +s%@CATSUFFIX@%$CATSUFFIX%g +s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' +ac_dC='\3' +ac_dD='%g' +# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". +ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='\([ ]\)%\1#\2define\3' +ac_uC=' ' +ac_uD='\4%g' +# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_eB='$%\1#\2define\3' +ac_eC=' ' +ac_eD='%g' + +if test "${CONFIG_HEADERS+set}" != set; then +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +fi +for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + echo creating $ac_file + + rm -f conftest.frag conftest.in conftest.out + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + cat $ac_file_inputs > conftest.in + +EOF + +# Transform confdefs.h into a sed script conftest.vals that substitutes +# the proper values into config.h.in to produce config.h. And first: +# Protect against being on the right side of a sed subst in config.status. +# Protect against being in an unquoted here document in config.status. +rm -f conftest.vals +cat > conftest.hdr <<\EOF +s/[\\&%]/\\&/g +s%[\\$`]%\\&%g +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp +s%ac_d%ac_u%gp +s%ac_u%ac_e%gp +EOF +sed -n -f conftest.hdr confdefs.h > conftest.vals +rm -f conftest.hdr + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >> conftest.vals <<\EOF +s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% +EOF + +# Break up conftest.vals because some shells have a limit on +# the size of here documents, and old seds have small limits too. + +rm -f conftest.tail +while : +do + ac_lines=`grep -c . conftest.vals` + # grep -c gives empty output for an empty file on some AIX systems. + if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi + # Write a limited-size here document to conftest.frag. + echo ' cat > conftest.frag <> $CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + echo 'CEOF + sed -f conftest.frag conftest.in > conftest.out + rm -f conftest.in + mv conftest.out conftest.in +' >> $CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail + rm -f conftest.vals + mv conftest.tail conftest.vals +done +rm -f conftest.vals + +cat >> $CONFIG_STATUS <<\EOF + rm -f conftest.frag conftest.h + echo "/* $ac_file. Generated automatically by configure. */" > conftest.h + cat conftest.in >> conftest.h + rm -f conftest.in + if cmp -s $ac_file conftest.h 2>/dev/null; then + echo "$ac_file is unchanged" + rm -f conftest.h + else + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + fi + rm -f $ac_file + mv conftest.h $ac_file + fi +fi; done + +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + +KRB4VERSION="$PACKAGE-$VERSION" + +cat > include/newversion.h.in </dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in new file mode 100644 index 0000000..9265666 --- /dev/null +++ b/crypto/kerberosIV/configure.in @@ -0,0 +1,970 @@ +dnl +dnl *** PLEASE NOTE *** +dnl *** PLEASE NOTE *** +dnl *** PLEASE NOTE *** +dnl +dnl Update $VERSION before making a new release +dnl + +dnl Process this file with autoconf to produce a configure script. +dnl +AC_REVISION($Revision: 1.285 $) +AC_INIT(lib/krb/getrealm.c) +AC_CONFIG_HEADER(include/config.h) + +dnl +dnl definitions +dnl + +PACKAGE=krb4 +AC_SUBST(PACKAGE)dnl +VERSION=0.9.6 +AC_SUBST(VERSION)dnl +# This may be overridden using --prefix=/usr to configure +AC_PREFIX_DEFAULT(/usr/athena) + +AC_CANONICAL_HOST +AC_PROG_MAKE_SET +AC_ARG_PROGRAM + +# We want these before the checks, so the checks can modify their values. +test -z "$LDFLAGS" && LDFLAGS=-g + +dnl +dnl check for programs +dnl + +AC_KRB_PROG_LN_S +AC_PROG_CC +AC_PROG_CPP +AC_ISC_POSIX +AC_KRB_PROG_YACC +AC_PROG_LEX +AC_PROG_RANLIB +AC_PROG_INSTALL +AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :) + +dnl +dnl check for build options +dnl + +AC_TEST_PACKAGE(socks,socks.h,libsocks5.a,-lsocks5) +CFLAGS="$SOCKSINCLUDE $CFLAGS" +LIBS="$SOCKSLIB $LIBS" + +dnl Check if we want to use shared libraries +AC_ARG_WITH(shared, +[ --with-shared create shared libraries for Kerberos]) + +AC_ARG_WITH(cracklib, +[ --with-cracklib=dir use the cracklib.a in dir], +) + +AC_ARG_WITH(dictpath, +[ --with-dictpath=path use this dictionary with cracklib] +) + +(test -z "$with_cracklib" && test -n "$with_dictpath") || +(test -n "$with_cracklib" && test -z "$with_dictpath") && +AC_MSG_ERROR(--with-cracklib requires --with-dictpath and vice versa) +test -n "$with_cracklib" && +CRACKLIB="-L$with_cracklib -lcrack" && +AC_MSG_RESULT(Using cracklib in $with_cracklib) +AC_SUBST(CRACKLIB)dnl +test -n "$with_dictpath" && +AC_MSG_RESULT(Using dictpath=$with_dictpath) && +AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath") + +AC_ARG_WITH(mailspool, +[ --with-mailspool=dir this is the mail spool directory] +) + +test -n "$with_mailspool" && +AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool") + +AC_ARG_ENABLE(random-mkey, +[ --enable-random-mkey use new code for master keys],[ +if test "$enableval" = "yes"; then + AC_DEFINE(RANDOM_MKEY,1) +fi +]) + +AC_ARG_WITH(mkey, +[ --with-mkey=file where to put the master key],[ +if test -n "$withval"; then + AC_DEFINE_UNQUOTED(MKEYFILE,"$withval") +fi +]) + +berkeley_db=db +AC_ARG_WITH(berkeley-db, +[ --without-berkeley-db if you don't want berkeley db],[ +if test "$withval" = no; then + berkeley_db="" +fi +]) + +afs_support=yes +AC_ARG_WITH(afs-support, +[ --without-afs-support if you don't want support for afs],[ +if test "$withval" = no; then + AC_DEFINE(NO_AFS) + afs_support=no +fi +]) + +des_quad=guess +AC_ARG_WITH(des-quad-checksum, +[ --with-des-quad-checksum=kind + default checksum to use (new, old, or guess)],[ +des_quad="$withval" +]) +if test "$des_quad" = "new"; then + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_NEW) +elif test "$des_quad" = "old"; then + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_OLD) +else + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_GUESS) +fi + +AC_TEST_PACKAGE(readline,readline.h,libreadline.a,-lreadline) + +dnl +dnl Shared library stuff has to be different everywhere +dnl + +AC_SUBST(CFLAGS)dnl +AC_SUBST(LDFLAGS)dnl + +case ${with_shared} in + yes ) with_shared=yes;; + no ) with_shared=no;; + * ) with_shared=no;; +esac + +# NOTE: Building shared libraries may not work if you do not use gcc! +# +# OS $SHLIBEXT +# HP-UX sl +# Linux so +# NetBSD so +# FreeBSD so +# OSF so +# SunOS5 so +# SunOS4 so.0.5 +# Irix so +# +# LIBEXT is the extension we should build (.a or $SHLIBEXT) +REAL_PICFLAGS="-fpic" +LDSHARED='$(CC) $(PICFLAGS) -shared' +LIBPREFIX=lib +REAL_SHLIBEXT=so +changequote({,})dnl +SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +changequote([,])dnl +case "${host}" in +*-*-hpux*) + REAL_SHLIBEXT=sl + REAL_LD_FLAGS='-Wl,+b$(libdir)' + if test -z "$GCC"; then + LDSHARED="ld -b" + REAL_PICFLAGS="+z" + fi + ;; +*-*-linux*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + ;; +*-*-*bsd*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + LDSHARED='ld -Bshareable' + REAL_LD_FLAGS='-Wl,-R$(libdir)' + ;; +*-*-osf*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + LDSHARED='ld -shared -expect_unresolved \*' + ;; +*-*-solaris2*) + REAL_LD_FLAGS='-Wl,-R$(libdir)' + if test -z "$GCC"; then + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + fi + ;; +*-*-sunos*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-L$(libdir)' + ;; +*-*-irix*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + ;; +*-*-os2_emx*) + LD_FLAGS='-Zexe' + LIBPREFIX= + EXECSUFFIX='.exe' + RANLIB=EMXOMF + REAL_SHLIBEXT=nobuild + ;; +*-*-cygwin32*) + EXECSUFFIX='.exe' + REAL_SHLIBEXT=nobuild + ;; +*) REAL_SHLIBEXT=nobuild + REAL_PICFLAGS= + ;; +esac + +if test "${with_shared}" != "yes" ; then + PICFLAGS="" + SHLIBEXT="nobuild" + LIBEXT="a" +else + PICFLAGS="$REAL_PICFLAGS" + SHLIBEXT="$REAL_SHLIBEXT" + LIBEXT="$SHLIBEXT" + LD_FLAGS="$REAL_LD_FLAGS" +fi + +AC_SUBST(REAL_PICFLAGS) dnl +AC_SUBST(REAL_SHLIBEXT) dnl +AC_SUBST(REAL_LD_FLAGS) dnl + +AC_SUBST(PICFLAGS) dnl +AC_SUBST(SHLIBEXT) dnl +AC_SUBST(LDSHARED) dnl +AC_SUBST(LD_FLAGS) dnl +AC_SUBST(LIBEXT) dnl +AC_SUBST(LIBPREFIX) dnl +AC_SUBST(EXECSUFFIX) dnl + +dnl +dnl Check if we need to use weak-stuff +dnl + +AC_HAVE_PRAGMA_WEAK + +dnl +dnl Check for endian-ness, this breaks cross compilation +dnl +AC_C_BIGENDIAN + +dnl +dnl Check for constness +dnl +AC_C_CONST + +dnl +dnl Check for strange operating systems that you need to handle differently +dnl + +AC_KRB_SYS_NEXTSTEP +AC_KRB_SYS_AIX + +if test "$krb_cv_sys_aix" = yes ;then + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' + AC_SUBST(AFS_EXTRA_OBJS) + AFS_EXTRA_LIBS=afslib.so + AC_SUBST(AFS_EXTRA_LIBS) +fi + +# +# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in +# AIX414 +# + +if test -f /lib/pse.exp ;then + LIBS="$LIBS -Wl,-bI:/lib/pse.exp" +fi + +dnl +dnl Various checks for headers and their contents +dnl + +AC_HEADER_STDC + +AC_CHECK_HEADERS(arpa/ftp.h arpa/inet.h arpa/nameser.h) +AC_CHECK_HEADERS(arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h) +AC_CHECK_HEADERS(crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h) +AC_CHECK_HEADERS(lastlog.h login.h maillock.h ndbm.h net/if.h) +AC_CHECK_HEADERS(net/if_tun.h net/if_var.h netdb.h netinet/in.h) +AC_CHECK_HEADERS(netinet/in6_machtypes.h netinet/in_systm.h) +AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h) +AC_CHECK_HEADERS(resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h) +AC_CHECK_HEADERS(shadow.h siad.h signal.h stropts.h sys/bitypes.h) +AC_CHECK_HEADERS(sys/category.h sys/cdefs.h sys/file.h sys/filio.h) +AC_CHECK_HEADERS(sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h) +AC_CHECK_HEADERS(sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h) +AC_CHECK_HEADERS(sys/resource.h sys/select.h sys/socket.h) +AC_CHECK_HEADERS(sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h) +AC_CHECK_HEADERS(sys/stropts.h sys/strtty.h sys/syscall.h) +AC_CHECK_HEADERS(sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h) +AC_CHECK_HEADERS(sys/times.h sys/tty.h sys/types.h sys/uio.h) +AC_CHECK_HEADERS(sys/un.h sys/utsname.h sys/wait.h syslog.h) +AC_CHECK_HEADERS(termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h) +AC_CHECK_HEADERS(unistd.h userpw.h usersec.h util.h utime.h utmp.h) +AC_CHECK_HEADERS(utmpx.h wait.h winsock.h) + +AC_HEADER_TIME +AC_DECL_SYS_SIGLIST +AC_SUBST(ac_cv_header_sys_cdefs_h)dnl +AC_SUBST(ac_cv_header_err_h)dnl + +AC_GROK_TYPES(int8_t int16_t int32_t int64_t) +AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t) + +dnl +dnl Various checks for libraries and their contents +dnl + +dnl +dnl System V is have misplaced the socket routines, should really be in libc +dnl + +AC_FIND_FUNC(socket, socket, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +[0,0,0]) +AC_FIND_FUNC(gethostbyname, nsl, +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +"foo") + +dnl +dnl Horror AIX needs -lodm -lcfg to link login +dnl + +AC_FIND_FUNC(odm_initialize, odm) +AC_FIND_FUNC(getattr, cfg) +AC_FIND_FUNC(setpcred, s) +AC_FIND_FUNC(logwtmp, util) + +AC_FIND_FUNC(logout, util) +AC_FIND_FUNC_NO_LIBS(tgetent, termcap) + +dnl +dnl See if there is any X11 present +dnl +AC_PATH_XTRA +if test "$no_x" = "yes" ; then + MAKE_X_PROGS_BIN="" + MAKE_X_PROGS_LIBEXEC="" +else + MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' + MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' +fi +AC_SUBST(MAKE_X_PROGS_BIN)dnl +AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl + +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + +AC_FIND_FUNC_NO_LIBS(XauReadAuth, Xau X11) +ac_xxx="$LIBS" +LIBS="$LIB_XauReadAuth $LIBS" +AC_CHECK_FUNCS(XauWriteAuth) +if test "$ac_cv_func_XauWriteAuth" != "yes"; then + XauWriteAuth_c=writeauth.c + XauWriteAuth_o=writeauth.o +fi +AC_SUBST(XauWriteAuth_c)dnl +AC_SUBST(XauWriteAuth_o)dnl +LIBS="$ac_xxx" + +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS + +dnl +dnl Look for berkeley db, gdbm, and ndbm in that order. +dnl + +save_LIBS="$LIBS" +AC_FIND_FUNC_NO_LIBS(dbopen, $berkeley_db) +LIBS="$LIB_dbopen $LIBS" +AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm) +if test -n "$LIB_dbopen"; then + LIB_DBM="$LIB_dbopen" +else + LIB_DBM="$LIB_dbm_firstkey" +fi +AC_SUBST(LIB_DBM)dnl +LIBS="$save_LIBS" + +AC_FIND_FUNC(syslog, syslog) + +AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, +ac_cv_func_snprintf_working=yes +AC_TRY_RUN([ +#include +#include +int main() +{ +changequote(`,')dnl + char foo[3]; +changequote([,])dnl + snprintf(foo, 2, "12"); + return strcmp(foo, "1"); +}],:,ac_cv_func_snprintf_working=no,:)) +: << END +@@@funcs="$funcs snprintf"@@@ +END +if test "$ac_cv_func_snprintf_working" = yes; then + foo=HAVE_SNPRINTF + AC_DEFINE_UNQUOTED($foo) +fi + +AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf) + + +AC_CHECK_FUNCS(_getpty _scrsize _setsid _stricmp fchmod fcntl flock) +AC_CHECK_FUNCS(forkpty frevoke gethostname getlogin getpriority getservbyname) +AC_CHECK_FUNCS(getspnam getspuid gettimeofday getuid grantpt) +AC_CHECK_FUNCS(innetgr iruserok mktime ptsname rand random) +AC_CHECK_FUNCS(revoke setitimer setlogin setpgid setpriority) +AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid) +AC_CHECK_FUNCS(setutent swab ttyname ttyslot ulimit uname) +AC_CHECK_FUNCS(unlockpt vhangup yp_get_default_domain) +AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) +if test "$ac_cv_func_getpwnam_r" = yes; then + AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + AC_TRY_RUN([ +#include +int main() +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} +],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:) +LIBS="$ac_libs") +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + AC_DEFINE(POSIX_GETPWNAM_R) +fi +fi + +AC_FIND_FUNC_NO_LIBS(getsockopt, , +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +[0,0,0,0,0]) +AC_FIND_FUNC_NO_LIBS(setsockopt, , +[#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif], +[0,0,0,0,0]) + +dnl Cray stuff +AC_CHECK_FUNCS(getudbnam setlim) + +AC_FIND_FUNC(res_search, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + +AC_FIND_FUNC(dn_expand, resolv, +[ +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +], +[0,0,0,0,0]) + + +AC_FUNC_MMAP +AC_FUNC_ALLOCA + +# +# Test for POSIX (broken) getlogin +# + +if test "$ac_cv_func_getlogin" = yes; then +AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no +else + ac_cv_func_getlogin_posix=yes +fi +]) +if test "$ac_cv_func_getlogin_posix" = yes; then + AC_DEFINE(POSIX_GETLOGIN, 1) +fi +fi + +AC_FIND_IF_NOT_BROKEN(hstrerror, resolv, +[#ifdef HAVE_NETDB_H +#include +#endif], +17) + +AC_BROKEN(chown daemon err errx fchown getcwd getdtablesize getopt) +AC_BROKEN(getusershell inet_aton initgroups lstat memmove mkstemp) +AC_BROKEN(putenv rcmd setegid setenv seteuid strcasecmp strdup) +AC_BROKEN(strerror strftime strlwr strnlen strtok_r strupr unsetenv) +AC_BROKEN(verr verrx vwarn vwarnx warn warnx) + +AC_KRB_FUNC_GETCWD_BROKEN + +dnl +dnl Figure what authentication modules should be built +dnl + +AC_MSG_CHECKING(which authentication modules should be built) + +LIB_AUTH_SUBDIRS= + +if test "$ac_cv_header_siad_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" +fi + +if test "$ac_cv_header_security_pam_modules_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" +fi + +case "${host}" in +changequote(,)dnl +*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; +changequote([,])dnl +esac + +AC_MSG_RESULT($LIB_AUTH_SUBDIRS) + +AC_SUBST(LIB_AUTH_SUBDIRS)dnl + +dnl +dnl Figure out if we have tunnels +dnl + +AC_MSG_CHECKING(for tunnel devices) + +APPL_KIP_DIR= + +if test "$ac_cv_header_net_if_tun_h" = "yes"; then + APPL_KIP_DIR=kip +fi + +AC_MSG_RESULT($ac_cv_header_net_if_tun_h) + +AC_SUBST(APPL_KIP_DIR)dnl + +dnl +dnl Checks for prototypes and declarations +dnl + +AC_NEED_PROTO([ +#ifdef HAVE_CRYPT_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +], +crypt) + +AC_NEED_PROTO([ +#include +], +strtok_r) + +AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif], +h_errno) + +AC_CHECK_VAR([#ifdef HAVE_NETDB_H +#include +#endif], +h_errlist) + +AC_CHECK_VAR([#ifdef HAVE_NETDB_H +#include +#endif], +h_nerr) + +AC_CHECK_VAR([#ifdef HAVE_ERR_H +#include +#endif],[__progname]) + +AC_CHECK_DECLARATION([#include ], optarg) +AC_CHECK_DECLARATION([#include ], optind) +AC_CHECK_DECLARATION([#include ], opterr) +AC_CHECK_DECLARATION([#include ], optopt) + +dnl +dnl According to ANSI you are explicitly allowed to cast to void, +dnl but the standard fails to say what should happen. Some compilers +dnl think this is illegal: +dnl +dnl void foo(void) +dnl { +dnl return (void)0; +dnl } +dnl +dnl Thus explicitly test for void +dnl +AC_TYPE_SIGNAL +if test "$ac_cv_type_signal" = "void" ; then + AC_DEFINE(VOID_RETSIGTYPE, 1) +fi + +dnl +dnl Check for fields in struct utmp +dnl +AC_EGREP_HEADER(ut_user, utmp.h, AC_DEFINE(HAVE_UT_USER)) +AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UT_HOST)) +AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UT_ADDR)) +AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UT_TYPE)) +AC_EGREP_HEADER(ut_pid, utmp.h, AC_DEFINE(HAVE_UT_PID)) +AC_EGREP_HEADER(ut_id, utmp.h, AC_DEFINE(HAVE_UT_ID)) +AC_EGREP_HEADER(ut_syslen, utmpx.h, AC_DEFINE(HAVE_UT_SYSLEN)) + +AC_STRUCT_ST_BLKSIZE + +dnl +dnl Check for struct winsize +dnl + +AC_KRB_STRUCT_WINSIZE + +dnl +dnl Check for some common types +dnl + +AC_TYPE_PID_T +AC_TYPE_UID_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T + +dnl +dnl Check for sa_len in sys/socket.h +dnl + +AC_MSG_CHECKING(for sa_len in struct sockaddr) +AC_CACHE_VAL(krb_cv_struct_sockaddr_sa_len, [ +AC_TRY_COMPILE( +[#include +#include ], +[struct sockaddr sa; +int foo = sa.sa_len;], +krb_cv_struct_sockaddr_sa_len=yes, +krb_cv_struct_sockaddr_sa_len=no) +]) +AC_MSG_RESULT($krb_cv_struct_sockaddr_sa_len) +if test "$krb_cv_struct_sockaddr_sa_len" = yes; then + AC_DEFINE(SOCKADDR_HAS_SA_LEN) +fi + +dnl +dnl Check for ouid in sys/siad.h +dnl + +if test "$ac_cv_header_siad_h" = yes; then +AC_MSG_CHECKING(for ouid in struct siaentity) +AC_CACHE_VAL(krb_cv_struct_siaentity_ouid, [ +AC_TRY_COMPILE( +[#include +], +[SIAENTITY e; +int foo = e.ouid;], +krb_cv_struct_siaentity_ouid=yes, +krb_cv_struct_siaentity_ouid=no) +]) +AC_MSG_RESULT($krb_cv_struct_siaentity_ouid) +if test "$krb_cv_struct_siaentity_ouid" = yes; then + AC_DEFINE(SIAENTITY_HAS_OUID) +fi +fi + +dnl +dnl you can link with getmsg on AIX 3.2 but you cannot run the program +dnl + +AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg, +AC_TRY_RUN( +[ +#include + +int main() +{ + getmsg(open("/dev/null", 0), NULL, NULL, NULL); + return 0; +} +], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no)) +test "$ac_cv_func_getmsg" = "yes" && +AC_DEFINE(HAVE_GETMSG) + +dnl +dnl Test if we are using berkeley db +dnl + +save_LIBS="$LIBS" +LIBS="$LIB_DBM $LIBS" +AC_CACHE_CHECK(for berkeley db, krb_cv_lib_berkeleydb, +AC_TRY_RUN( +[ +#include +#include +#include +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return access("conftest.db", F_OK) != 0; +}], krb_cv_lib_berkeleydb=yes, krb_cv_lib_berkeleydb=no, +krb_cv_lib_berkeleydb=no)) +test "$krb_cv_lib_berkeleydb" = "yes" && +AC_DEFINE(HAVE_NEW_DB) +LIBS="$save_LIBS" + +dnl +dnl Tests for editline +dnl + +AC_FIND_FUNC_NO_LIBS(el_init, edit) +AC_FIND_FUNC_NO_LIBS(readline, readline) + +if test "$with_readline"; then + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS= + LIB_readline="$READLINELIB "'$(LIB_tgetent)' + INCLUDE_readline="$READLINEINCLUDE" +elif test "$ac_cv_func_el_init" = yes; then + AC_DEFINE(HAVE_READLINE, 1) + + editline_OBJS=edit_compat.o + LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' + + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +elif test "$ac_cv_func_readline" = yes; then + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS= + LIB_readline='-lreadline $(LIB_tgetent)' + INCLUDE_readline= +else + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS="editline.o complete.o sysunix.o" + LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +fi +AC_SUBST(LIB_readline) +AC_SUBST(INCLUDE_readline) +AC_SUBST(editline_OBJS) + +dnl telnet muck -------------------------------------------------- + +AC_DEFINE(AUTHENTICATION)dnl +AC_DEFINE(KRB4)dnl +AC_DEFINE(ENCRYPTION)dnl +AC_DEFINE(DES_ENCRYPTION)dnl +AC_DEFINE(DIAGNOSTICS)dnl +AC_DEFINE(OLD_ENVIRON)dnl + +# Simple test for streamspty, based on the existance of getmsg(), alas +# this breaks on SunOS4 which have streams but BSD-like ptys +# +# And also something wierd has happend with dec-osf1, fallback to bsd-ptys + +AC_MSG_CHECKING(for streamspty) +case "`uname -sr`" in +SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) + krb_cv_sys_streamspty=no + ;; +AIX*) + os_rel=`uname -v`.`uname -r` + if expr "$os_rel" : "3*" >/dev/null 2>&1; then + krb_cv_sys_streamspty=no + else + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + fi + ;; +*) + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + ;; +esac +if test "$krb_cv_sys_streamspty" = yes; then + AC_DEFINE(STREAMSPTY) +fi +dnl AC_SUBST(STREAMSPTY) +AC_MSG_RESULT($krb_cv_sys_streamspty) + +AC_MSG_CHECKING([if /bin/ls takes -A]) +if /bin/ls -A > /dev/null 2>&1 ;then + AC_DEFINE(HAVE_LS_A) + krb_ls_a=yes +else + krb_ls_a=no +fi +AC_MSG_RESULT($krb_ls_a) + +dnl ------------------------------------------------------------ +AC_CACHE_CHECK(for suffix of preformatted manual pages, krb_cv_sys_cat_suffix, +if grep _version /etc/man.conf > /dev/null 2>&1; then + krb_cv_sys_cat_suffix=0 +else + krb_cv_sys_cat_suffix=number +fi) +if test "$krb_cv_sys_cat_suffix" = number; then + CATSUFFIX='$$s' +else + CATSUFFIX=0 +fi +AC_SUBST(CATSUFFIX) + +dnl ------------------------------------------------------------ + +KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' +if test "$krb_cv_sys_aix" = yes; then + KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" +fi +AC_SUBST(KRB_KAFS_LIB)dnl + +dnl ------------------------------------------------------------ + + +dnl This is done by AC_OUTPUT but we need the result here. + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +for i in bin lib libexec sbin; do + i=${i}dir + foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` + x="\$${i}" + eval y="$x" + while test "x$y" != "x$x"; do + x="$y" + eval y="$x" + done + AC_DEFINE_UNQUOTED($foo,"$x") +done + +dnl +dnl We are all set to emit the Makefiles and config.h +dnl +AC_OUTPUT( \ +Makefile \ +include/Makefile \ +include/sys/Makefile \ + \ +util/Makefile \ +util/et/Makefile \ + \ +man/Makefile \ + \ +lib/Makefile \ +lib/des/Makefile \ +lib/krb/Makefile \ +lib/kdb/Makefile \ +lib/kadm/Makefile \ +lib/acl/Makefile \ +lib/kafs/Makefile \ +lib/roken/Makefile \ +lib/otp/Makefile \ +lib/sl/Makefile \ +lib/editline/Makefile \ +lib/auth/Makefile \ +lib/auth/pam/Makefile \ +lib/auth/sia/Makefile \ +lib/auth/afskauthlib/Makefile \ + \ +kuser/Makefile \ +server/Makefile \ +slave/Makefile \ +admin/Makefile \ +kadmin/Makefile \ + \ +appl/Makefile \ + \ +appl/afsutil/Makefile \ +appl/ftp/Makefile \ +appl/ftp/common/Makefile \ +appl/ftp/ftp/Makefile \ +appl/ftp/ftpd/Makefile \ +appl/telnet/Makefile \ +appl/telnet/libtelnet/Makefile \ +appl/telnet/telnet/Makefile \ +appl/telnet/telnetd/Makefile \ +appl/bsd/Makefile \ +appl/kauth/Makefile \ +appl/kpopper/Makefile \ +appl/movemail/Makefile \ +appl/sample/Makefile \ +appl/xnlock/Makefile \ +appl/kx/Makefile \ +appl/kip/Makefile \ +appl/otp/Makefile \ +doc/Makefile \ +) dnl end of AC_OUTPUT + +dnl +dnl This is the release version name-number[beta] +dnl Update before making a new release +dnl +KRB4VERSION="$PACKAGE-$VERSION" + +cat > include/newversion.h.in </dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi diff --git a/crypto/kerberosIV/doc/Makefile.in b/crypto/kerberosIV/doc/Makefile.in new file mode 100644 index 0000000..5071e8e --- /dev/null +++ b/crypto/kerberosIV/doc/Makefile.in @@ -0,0 +1,65 @@ +# $Id: Makefile.in,v 1.10 1997/05/06 03:05:55 joda Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +INSTALL = @INSTALL@ +INSTALL_DATA = $(INSTALL) +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +MAKEINFO = @MAKEINFO@ +TEXI2DVI = texi2dvi +TEXI2HTML = texi2html + +prefix = @prefix@ +infodir = @infodir@ + +all: info + +install: all installdirs + if test -f kth-krb.info; then \ + $(INSTALL_DATA) kth-krb.info $(infodir)/kth-krb.info; \ + else \ + $(INSTALL_DATA) $(srcdir)/kth-krb.info $(infodir)/kth-krb.info; \ + fi + if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \ + install-info --dir-file=$(infodir)/dir $(infodir)/kth-krb.info; \ + else \ + true; \ + fi + +uninstall: + rm -f $(infodir)/kth-krb.info + +installdirs: + $(MKINSTALLDIRS) $(infodir) + +info: kth-krb.info + +kth-krb.info: kth-krb.texi + $(MAKEINFO) -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi + +dvi: kth-krb.dvi + +kth-krb.dvi: kth-krb.texi + $(TEXI2DVI) $(srcdir)/kth-krb.texi + +html: kth-krb.html + +kth-krb.html: kth-krb.texi + $(TEXI2HTML) $(srcdir)/kth-krb.texi + +clean: + rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr + +distclean: clean + +mostlyclean: clean + +maintainer-clean: clean + rm -f kth-krb.info + +check: + +.PHONY: install all installdirs uninstall info dvi html clean check distclean mostlyclean maintainer-clean diff --git a/crypto/kerberosIV/doc/ack.texi b/crypto/kerberosIV/doc/ack.texi new file mode 100644 index 0000000..388f644 --- /dev/null +++ b/crypto/kerberosIV/doc/ack.texi @@ -0,0 +1,80 @@ +@node Acknowledgments, Index, Resolving frequent problems, Top +@comment node-name, next, previous, up +@appendix Acknowledgments + +People from the MIT Athena project wrote the original code that this is +based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the +encryption functions and the calls to them. This was exported from the +US as the ``Bones'' release. Eric Young put back the calls and hooked +in his libdes, thereby creating the ``eBones'' release. +@cindex Bones +@cindex eBones + +The ``rcmd'' programs where initially developed at the University of +California at Berkeley and then hacked on by the FreeBSD and NetBSD +projects. + +Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and +@code{telnetd}. The authentication and encryption code of @code{telnet} +and @code{telnetd} was added by David Borman (then of Cray Research, +Inc). The encryption code was removed when this was exported and then +added back by Juha Eskelinen, @code{}. + +The @code{popper} was also a Berkeley program initially. + +The @code{login} has the same origins but has received code written by +Wietse Venema at Eindhoven University of Technology, The Netherlands. + +@code{movemail} was (at least partially) written by Jonathan Kamens, +@code{}, and is Copyright @copyright{} 1986, 1991, +1992, 1993, 1994 Free Software Foundation, Inc. + +@code{xnlock} was originally written by Dan Heller in 1985 for sunview. +The X version was written by him in 1990. + +Some of the functions in @file{libroken} also come from Berkeley by the +way of NetBSD/FreeBSD. + +The code to handle the dynamic loading of the AFS module for AIX is +copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover, +Germany. + +@code{editline} was written by Simmule Turner and Rich Salz. + +Bugfixes and code has been contributed by: +@table @asis +@item Derrick J Brashear +@code{} +@item Anders Gertz +@code{} +@item Dejan Ilic +@code{} +@item Kent Engström +@code{} +@item Simon Josefsson +@code{} +@item Robert Malmgren +@code{} +@item Fredrik Ljungberg +@code{} +@item Lars Malinowsky +@code{} +@item Fabien Coelho +@code{} +@item and we hope that those not mentioned here will forgive us. +@end table + +Ian Marsh @code{} removed the worst abuses of the English +language from this text. + +Ilja Hallberg @code{} is still promising to help us +finish the documentation. + +This work was supported in part by SUNET and the Centre for Parallel +Computers at KTH. + +The port to Windows 95/NT was supported by the Computer Council at KTH +and done by Jörgen Karlsson @code{}. + +All the bugs were introduced by ourselves. + diff --git a/crypto/kerberosIV/doc/index.texi b/crypto/kerberosIV/doc/index.texi new file mode 100644 index 0000000..ebe5d91 --- /dev/null +++ b/crypto/kerberosIV/doc/index.texi @@ -0,0 +1,6 @@ +@node Index, , Acknowledgments, Top +@comment node-name, next, previous, up +@unnumbered Index + +@printindex cp + diff --git a/crypto/kerberosIV/doc/install.texi b/crypto/kerberosIV/doc/install.texi new file mode 100644 index 0000000..240c04e --- /dev/null +++ b/crypto/kerberosIV/doc/install.texi @@ -0,0 +1,368 @@ +@node Installing programs, How to set up a realm, What is Kerberos?, Top +@chapter Installing programs + +You have a choise to either build the distribution from source code or +to install binaries, if they are available for your machine. + +@c XXX + +We recommend building from sources, but using pre-compiled binaries +might be easier. If there are no binaries available for your machine or +you want to do some specific configuration, you will have to compile +from source. + +@menu +* Installing from source:: +* Installing a binary distribution:: +* Finishing the installation:: +* Authentication modules:: +@end menu + +@node Installing from source, Installing a binary distribution, Installing programs, Installing programs +@comment node-name, next, previous, up +@section Installing from source + +To build this software un-tar the distribution and run the +@code{configure} script. + +To compile successfully, you will need an ANSI C compiler, such as +@code{gcc}. Other compilers might also work, but setting the ``ANSI +compliance'' too high, might break in parts of the code, not to mention +the standard include files. + +To build in a separate build tree, run @code{configure} in the directory +where the tree should reside. You will need a Make that understands +VPATH correctly. GNU Make works fine. + +After building everything (which will take anywhere from a few minutes +to a long time), you can install everything in @file{/usr/athena} with +@kbd{make install} (running as root). It is possible to install in some +other place, but it isn't recommended. To do this you will have to run +@code{configure} with @samp{--prefix=/my/path}. + +If you need to change the default behavior, configure understands the +following options: + +@table @asis +@item @kbd{--with-shared} +Create shared versions of the Kerberos libraries. Not really +recommended and might not work on all systems. + +@item @kbd{--with-cracklib=}@var{dir} +Use cracklib for password quality control in +@pindex kadmind +@code{kadmind}. This option requires +@cindex cracklib +cracklib with the patch from +@code{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}. + +@item @kbd{--with-dictpath=}@var{dictpath} +This is the dictionary that cracklib should use. + +@item @kbd{--with-socks=}@var{dir} +@cindex firewall +@cindex socks +If you have to traverse a firewall and it uses the SocksV5 protocol +(@cite{RFC 1928}), you can build with socks-support. Point @var{dir} to +the directory where you have socks5 installed. For more information +about socks see @kbd{http://www.socks.nec.com/}. + +@item @kbd{--with-readline=}@var{dir} +@cindex readline +To enable history/line editing in @code{ftp} and @code{kadmin}, any +present version of readline will be used. If you have readline +installed but in a place where configure does not managed to find it, +you can use this option. The code also looks for @code{libedit}. If +there is no library at all, the bundled version of @code{editline} will +be used. + +@item @kbd{--with-mailspool=}@var{dir} +The configuration process tries to determine where your machine stores +its incoming mail. This is typically @file{/usr/spool/mail} or +@file{/var/mail}. If it does not work or you store your mail in some +unusual directory, this option can be used to specify where the mail +spool directory is located. This directory is only accessed by +@pindex popper +@code{popper}, and the mail check in +@pindex login +@code{login}. + +@c @item @kbd{--enable-random-mkey} +@c Do not use this option unless you think you know what you are doing. + +@item @kbd{--with-mkey=}@var{file} +Put the master key here, the default is @file{/.k}. + +@item @kbd{--without-berkeley-db} +If you have +@cindex Berkeley DB +Berkeley DB installed, it is preferred over +@c XXX +dbm. If you already are running Kerberos this option might be useful, +since there currently isn't an easy way to convert a dbm database to a +db one (you have to dump the old database and then load it with the new +binaries). +@end table + +@node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs +@comment node-name, next, previous, up +@section Installing a binary distribution + +The binary distribution is supposed to be installed in +@file{/usr/athena}, installing in some other place may work but is not +recommended. A symlink from @file{/usr/athena} to the install directory +should be fine. + +@node Finishing the installation, Authentication modules, Installing a binary distribution, Installing programs +@section Finishing the installation + +@pindex su +The only program that needs to be installed setuid to root is @code{su}. + +If +@pindex rlogin +@pindex rsh +@code{rlogin} and @code{rsh} are setuid to root they will fall back to +non-kerberised protocols if the kerberised ones fail for some +reason. The old protocols use reserved ports as security, and therefore +the programs have to be setuid to root. If you don't need this +functionality consider turning off the setuid bit. + +@pindex login +@code{login} does not have to be setuid, as it is always run by root +(users should use @code{su} rather than @code{login}). It will print a +helpful message when not setuid to root and run by a user. + +The programs intended to be run by users are located in +@file{/usr/athena/bin}. Inform your users to include +@file{/usr/athena/bin} in their paths, or copy or symlink the binaries +to some good place. The programs that you will want to use are: +@code{kauth}/@code{kinit}, +@pindex kauth +@pindex kinit +@code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ftp}, +@pindex klist +@pindex kdestroy +@pindex kpasswd +@pindex ftp +@code{telnet}, @code{rcp}, @code{rsh}, @code{rlogin}, @code{su}, +@pindex telnet +@pindex rcp +@pindex rsh +@pindex rlogin +@pindex su +@pindex xnlock +@pindex afslog +@pindex pagsh +@pindex rxtelnet +@pindex tenletxr +@pindex rxterm +@code{rxtelnet}, @code{tenletxr}, @code{rxterm}, and +@code{xnlock}. If you are using AFS, @code{afslog} and @code{pagsh} +might also be useful. Administrators will want to use @code{kadmin} and +@code{ksrvutil}, which are located in @file{/usr/athena/sbin}. +@pindex kadmin +@pindex ksrvutil + +@code{telnetd} and @code{rlogind} assume that @code{login} is located in +@file{/usr/athena/bin} (or whatever path you used as +@samp{--prefix}). If for some reason you want to move @code{login}, you +will have to specify the new location with the @samp{-L} switch when +configuring +@pindex telnetd +telnetd +and +@pindex rlogind +rlogind +in @file{inetd.conf}. + +It should be possible to replace the system's default @code{login} with +the kerberised @code{login}. However some systems assume that login +performs some serious amount of magic that our login might not do (although +we've tried to do our best). So before replacing it on every machine, +try and see what happens. Another thing to try is to use one of the +authentication modules (@xref{Authentication modules}) supplied. + +The @code{login} program that we use was in an earlier life the standard +login program from NetBSD. In order to use it with a lot of weird +systems, it has been ``enhanced'' with features from many other logins +(Solaris, SunOS, IRIX, AIX, and others). Some of these features are +actually useful and you might want to use them even on other systems. + +@table @file +@item /etc/fbtab +@pindex fbtab +@itemx /etc/logindevperm +@pindex logindevperm +Allows you to chown some devices when a user logs in on a certain +terminal. Commonly used to change the ownership of @file{/dev/mouse}, +@file{/dev/kbd}, and other devices when someone logs in on +@file{/dev/console}. + +@file{/etc/fbtab} is the SunOS file name and it is tried first. If +there is no such file then the Solaris file name +@file{/etc/logindevperm} is tried. +@item /etc/environment +@pindex environment +This file specifies what environment variables should be set when a user +logs in. (AIX-style) +@item /etc/default/login +@pindex default/login +Almost the same as @file{/etc/environment}, but the System V style. +@item /etc/login.access +@pindex login.access +Can be used to control who is allowed to login from where and on what +ttys. (From Wietse Venema) +@end table + +@menu +* Authentication modules:: +@end menu + +@node Authentication modules, , Finishing the installation, Installing programs +@comment node-name, next, previous, up +@section Authentication modules +The problem of having different authentication mechanisms has been +recognised by several vendors, and several solutions has appeared. In +most cases these solutions involve some kind of shared modules that are +loaded at run-time. Modules for some of these systems can be found in +@file{lib/auth}. Presently there are modules for Digital's SIA, Linux' +PAM (might also work on Solaris, when PAM gets supported), and IRIX' +@code{login} and @code{xdm} (in @file{lib/auth/afskauthlib}). + +@menu +* Digital SIA:: +* IRIX:: +* PAM:: +@end menu + +@node Digital SIA, IRIX, Authentication modules, Authentication modules +@subsection Digital SIA + +To install the SIA module you will have to do the following: + +@itemize @bullet + +@item +Make sure @file{libsia_krb4.so} is available in +@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you +might want to put it in @file{/usr/shlib} or someplace else. If you do, +you'll have to edit @file{krb4_matrix.conf} to reflect the new location +(you will also have to do this if you installed in some other directory +than @file{/usr/athena}). +@item +Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}. +@item +Apply @file{security.patch} to @file{/sbin/init.d/security}. +@item +Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and +@kbd{rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf}. +@item +Digital thinks you should reboot your machine, but that really shouldn't +be necessary. It's usually sufficient just to run +@kbd{/sbin/init.d/security start}. +@end itemize + +Users with local passwords (like @samp{root}) should be able to login +safely. + +When using Digital's xdm the @samp{KRBTKFILE} environment variable isn't +passed along as it should (since xdm zaps the environment). Instead you +have to set @samp{KRBTKFILE} to the correct value in +@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to +@example +KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE +@end example + +There is currently no support for changing passwords. Use @file{kpasswd} +instead. + +@subsubheading Notes to users with Enhanced security + +Digital's @samp{ENHANCED} (C2) security, and Kerberos solves two +different problems. C2 deals with local security, adds better control of +who can do what, auditing, and similar things. Kerberos deals with +network security. + +To make C2 security work with Kerberos you will have to do the +following. + +@itemize @bullet +@item +Replace all occurencies of @file{krb4_matrix.conf} with +@file{krb4+c2_matrix.conf} in the directions above. +@item +You must enable ``vouching'' in the @samp{default} database. This will +make the OSFC2 module trust other SIA modules, so you can login without +giving your C2 password. To do this use @samp{edauth} to edit the +default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a +@samp{d_accept_alternate_vouching} capability, if not already present. +@item +For each user that does @emph{not} have a local C2 password, you should +set the password expiration field to zero. You can do this for each +user, or in the @samp{default} table. To to this use @samp{edauth} to +set (or change) the @samp{u_exp} capability to @samp{u_exp#0}. +@item +You should make sure that you use Digital's login rather than the one +distributed by us. The easiest way to do this is to replace +@file{/usr/athena/bin/login} with @file{/bin/login}. +@end itemize + +At present @samp{su} does not accept the vouching flag, so it will not +work as expected. + +Also, kerberised ftp will not work with C2 passwords. You can solve this +by using both Digital's ftpd and our on different ports. + +@strong{Remember}, if you do these changes you will get a system that +most certainly does @emph{not} fulfill the requirements of a C2 +system. If C2 is what you want, for instance if someone else is forcing +you to use it, you're out of luck. If you use enhanced security because +you want a system that is more secure than it would otherwise be, you +probably got an even more secure system. Passwords will not be sent in +the clear, for instance. + +@node IRIX, PAM, Digital SIA, Authentication modules +@subsection IRIX + +The IRIX support is a module that is compatible with Transarc's +@file{afskauthlib.so}. It should work with all programs that use this +library, this should include @file{login} and @file{xdm}. + +The interface is not very documented but it seems that you have to copy +@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to +@file{/usr/lib}, or build your @file{afskauthlib.so} statically. + +The @file{afskauthlib.so} itself is able to reside in +@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory +(wherever that is). + +Appart from this it should ``just work'', there are no configuration +files. + +@node PAM, , IRIX, Authentication modules +@subsection PAM + +The PAM module was written more out of curiosity that anything else. It +has not been updated for quite a while, since none of us are using +Linux, and Solaris does not support PAM yet. We've had positive reports +from at least one person using the module, though. + +To use this module you should: + +@itemize @bullet +@item +Make sure @file{pam_krb4.so} is available in @file{/usr/athena/lib}. You +might actually want it on local disk, so @file{/lib/security} might be a +better place if @file{/usr/athena} is not local. +@item +Look at @file{pam.conf.add} for examples of what to add to +@file{/etc/pam.conf}. +@end itemize + +There is currently no support for changing kerberos passwords. Use +kpasswd instead. + +See also Derrick J Brashear's @code{} Kerberos PAM +module at @kbd{ftp://ftp.dementia.org/pub/pam}. It has a lot more +features, and it is also more in line with other PAM modules. diff --git a/crypto/kerberosIV/doc/intro.texi b/crypto/kerberosIV/doc/intro.texi new file mode 100644 index 0000000..830ca1a --- /dev/null +++ b/crypto/kerberosIV/doc/intro.texi @@ -0,0 +1,69 @@ +@node Introduction, What is Kerberos?, Top, Top +@comment node-name, next, previous, up +@chapter Introduction + +This is an attempt at documenting the Kerberos 4 distribution from +Kungliga Tekniska Högskolan (the Royal Institute of Technology in +Stockholm, Sweden). This distribution is based on eBones, but has been +improved in many ways. It is more portable, and several new features +have been added. It currently runs on the following systems: + +@itemize @bullet +@item +AIX 4.1, 4.2 +@item +BSD/OS 2.0, 2.1 +@item +Digital UNIX 3.2, 4.0 +@item +HP-UX 9, 10 +@item +IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4 +@item +Linux 1.3, 2.0 +@item +NetBSD 1.2 +@item +FreeBSD 2.2 +@item +SunOS 4.1 +@item +SunOS 5.4/5.5 (aka Solaris 2.4/2.5) +@item +Ultrix 4.4 +@item +Cray UNICOS 9. +@item +Fujitsu UXP/V 4.1. +@end itemize + +Some part compile and work on: + +@itemize @bullet +@item +OS/2 with EMX +@item +Windows 95/NT with gnu-win32 (with the proper amount of magic the +libraries should compile with Microsoft C as well) +@end itemize + +It should work on anything that is almost POSIX, has an ANSI C +compiler, a dbm library (for the server side), and BSD Sockets. + +A web-page is available at @kbd{http://www.pdc.kth.se/kth-krb/}. + +@heading Bug reports + +If you cannot build the programs or they do not behave as you think they +should, please send us a bug report. The bug report should be sent to +@code{}. Please include information on what +machine and operating system (including version) you are running, what +you are trying to do, what happens, what you think should have happened, +an example for us to repeat, the output you get when trying the example, +and a patch for the problem if you have one. Please make any patches +with @code{diff -u} or @code{diff -c}. The more detailed the bug report +is, the easier it will be for us to reproduce, understand, and fix it. + +Suggestions, comments and other non bug reports are welcome. Send them +to @code{}. + diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi new file mode 100644 index 0000000..8b26349 --- /dev/null +++ b/crypto/kerberosIV/doc/kth-krb.texi @@ -0,0 +1,300 @@ +\input texinfo @c -*- texinfo -*- +@c %**start of header +@c $Id: kth-krb.texi,v 1.71 1997/05/25 21:31:00 assar Exp $ +@setfilename kth-krb.info +@settitle KTH-KRB +@iftex +@afourpaper +@end iftex +@c some sensible characters, please? +@tex +\input latin1.tex +@end tex +@setchapternewpage on +@syncodeindex pg cp +@c %**end of header + +@dircategory Kerberos +@direntry +* Kth-krb: (kth-krb). The Kerberos IV distribution from KTH +@end direntry + +@c title page +@titlepage +@title KTH-KRB +@subtitle Kerberos 4 from KTH +@subtitle Edition -1.0, for version 0.9.5 +@subtitle 1997 +@author Johan Danielsson +@author Assar Westerlund +@author last updated $Date: 1997/05/25 21:31:00 $ + +@def@copynext{@vskip 20pt plus 1fil@penalty-1000} +@def@copyrightstart{} +@def@copyrightend{} +@page +@copyrightstart +Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the Kungliga Tekniska + Högskolan and its contributors. + +4. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (C) 1995 Eric Young (eay@@mincom.oz.au) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@@mincom.oz.au) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (c) 1983, 1990 The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America is assumed +to require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +@copynext + +Copyright 1987, 1989 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + +@copynext + +Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. + +This software is not subject to any license of the American Telephone +and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on +any computer system, and to alter it and redistribute it freely, subject +to the following restrictions: + +1. The authors are not responsible for the consequences of use of this + software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. Since few users ever read sources, + credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. Since few users + ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. + +@copyrightend +@end titlepage + +@c Less filling! Tastes great! +@iftex +@parindent=0pt +@global@parskip 6pt plus 1pt +@global@chapheadingskip = 15pt plus 4pt minus 2pt +@global@secheadingskip = 12pt plus 3pt minus 2pt +@global@subsecheadingskip = 9pt plus 2pt minus 2pt +@end iftex +@ifinfo +@paragraphindent 0 +@end ifinfo + +@ifinfo +@node Top, Introduction, (dir), (dir) +@top KTH-krb +@end ifinfo + +@menu +* Introduction:: +* What is Kerberos?:: +* Installing programs:: +* How to set up a realm:: +* One-Time Passwords:: +* Resolving frequent problems:: +* Acknowledgments:: +* Index:: + + --- The Detailed Node Listing --- + +Installing programs + +* Installing from source:: +* Installing a binary distribution:: +* Finishing the installation:: +* Authentication modules:: + +Finishing the installation + +* Authentication modules:: + +Authentication modules + +* Digital SIA:: +* IRIX:: +* PAM:: + +How to set up a realm + +* How to set up the kerberos server:: +* Install the client programs:: +* Install the kerberised services:: +* Install a slave kerberos server:: +* Cross-realm functionality :: + +How to set up the kerberos server + +* Choose a realm name:: +* Choose a kerberos server:: +* Install the configuration files:: +* Install the /etc/services:: +* Install the kerberos server:: +* Set up the server:: +* Add a few important principals:: +* Start the server:: +* Try to get tickets:: +* Create initial ACL for the admin server:: +* Start the admin server:: +* Add users to the database:: +* Automate the startup of the servers:: + +One-Time Passwords + +* What are one time passwords?:: +* When to use one time passwords?:: +* Configuring OTPs:: + +Resolving frequent problems + +* Problems compiling Kerberos:: +* Common error messages:: +@end menu + +@include intro.texi +@include whatis.texi +@include install.texi +@include setup.texi +@include otp.texi +@include problems.texi +@include ack.texi +@include index.texi + +@c @shortcontents +@contents + +@bye diff --git a/crypto/kerberosIV/doc/latin1.tex b/crypto/kerberosIV/doc/latin1.tex new file mode 100644 index 0000000..e683dd2 --- /dev/null +++ b/crypto/kerberosIV/doc/latin1.tex @@ -0,0 +1,95 @@ +% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts. +% Jan Michael Rynning 1990-10-12 +\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi} +\global\catcode`\^^a0=\active \global\let^^a0=~ % no-break space +\global\catcode`\^^a1=\active \global\def^^a1{!`} % inverted exclamation mark +\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}} % cent sign +\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}} % pound sign +% currency sign, yen sign, broken bar +\global\catcode`\^^a7=\active \global\let^^a7=\S % section sign +\global\catcode`\^^a8=\active \global\def^^a8{\"{}} % diaeresis +\global\catcode`\^^a9=\active \global\let^^a9=\copyright % copyright sign +% feminine ordinal indicator, left angle quotation mark +\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign +\global\catcode`\^^ad=\active \global\let^^ad=\- % soft hyphen +% registered trade mark sign +\global\catcode`\^^af=\active \global\def^^af{\={}} % macron +% ... +\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm} % plus minus +\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}} +\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}} +\global\catcode`\^^b4=\active \global\def^^b4{\'{}} % acute accent +\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu} % mu +\global\catcode`\^^b6=\active \global\let^^b6=\P % pilcroy +\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}} +\global\catcode`\^^b8=\active \global\def^^b8{\c{}} % cedilla +\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}} +% ... +\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}} +\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}} +\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}} +\global\catcode`\^^bf=\active \global\def^^bf{?`} % inverted question mark +\global\catcode`\^^c0=\active \global\def^^c0{\`A} +\global\catcode`\^^c1=\active \global\def^^c1{\'A} +\global\catcode`\^^c2=\active \global\def^^c2{\^A} +\global\catcode`\^^c3=\active \global\def^^c3{\~A} +\global\catcode`\^^c4=\active \global\def^^c4{\"A} % capital a with diaeresis +\global\catcode`\^^c5=\active \global\let^^c5=\AA % capital a with ring above +\global\catcode`\^^c6=\active \global\let^^c6=\AE +\global\catcode`\^^c7=\active \global\def^^c7{\c C} +\global\catcode`\^^c8=\active \global\def^^c8{\`E} +\global\catcode`\^^c9=\active \global\def^^c9{\'E} +\global\catcode`\^^ca=\active \global\def^^ca{\^E} +\global\catcode`\^^cb=\active \global\def^^cb{\"E} +\global\catcode`\^^cc=\active \global\def^^cc{\`I} +\global\catcode`\^^cd=\active \global\def^^cd{\'I} +\global\catcode`\^^ce=\active \global\def^^ce{\^I} +\global\catcode`\^^cf=\active \global\def^^cf{\"I} +% capital eth +\global\catcode`\^^d1=\active \global\def^^d1{\~N} +\global\catcode`\^^d2=\active \global\def^^d2{\`O} +\global\catcode`\^^d3=\active \global\def^^d3{\'O} +\global\catcode`\^^d4=\active \global\def^^d4{\^O} +\global\catcode`\^^d5=\active \global\def^^d5{\~O} +\global\catcode`\^^d6=\active \global\def^^d6{\"O} % capital o with diaeresis +\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign +\global\catcode`\^^d8=\active \global\let^^d8=\O +\global\catcode`\^^d9=\active \global\def^^d9{\`U} +\global\catcode`\^^da=\active \global\def^^da{\'U} +\global\catcode`\^^db=\active \global\def^^db{\^U} +\global\catcode`\^^dc=\active \global\def^^dc{\"U} +\global\catcode`\^^dd=\active \global\def^^dd{\'Y} +% capital thorn +\global\catcode`\^^df=\active \global\def^^df{\ss} +\global\catcode`\^^e0=\active \global\def^^e0{\`a} +\global\catcode`\^^e1=\active \global\def^^e1{\'a} +\global\catcode`\^^e2=\active \global\def^^e2{\^a} +\global\catcode`\^^e3=\active \global\def^^e3{\~a} +\global\catcode`\^^e4=\active \global\def^^e4{\"a} % small a with diaeresis +\global\catcode`\^^e5=\active \global\let^^e5=\aa % small a with ring above +\global\catcode`\^^e6=\active \global\let^^e6=\ae +\global\catcode`\^^e7=\active \global\def^^e7{\c c} +\global\catcode`\^^e8=\active \global\def^^e8{\`e} +\global\catcode`\^^e9=\active \global\def^^e9{\'e} +\global\catcode`\^^ea=\active \global\def^^ea{\^e} +\global\catcode`\^^eb=\active \global\def^^eb{\"e} +\global\catcode`\^^ec=\active \global\def^^ec{\`\i} +\global\catcode`\^^ed=\active \global\def^^ed{\'\i} +\global\catcode`\^^ee=\active \global\def^^ee{\^\i} +\global\catcode`\^^ef=\active \global\def^^ef{\"\i} +% small eth +\global\catcode`\^^f1=\active \global\def^^f1{\~n} +\global\catcode`\^^f2=\active \global\def^^f2{\`o} +\global\catcode`\^^f3=\active \global\def^^f3{\'o} +\global\catcode`\^^f4=\active \global\def^^f4{\^o} +\global\catcode`\^^f5=\active \global\def^^f5{\~o} +\global\catcode`\^^f6=\active \global\def^^f6{\"o} % small o with diaeresis +\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign +\global\catcode`\^^f8=\active \global\let^^f8=\o +\global\catcode`\^^f9=\active \global\def^^f9{\`u} +\global\catcode`\^^fa=\active \global\def^^fa{\'u} +\global\catcode`\^^fb=\active \global\def^^fb{\^u} +\global\catcode`\^^fc=\active \global\def^^fc{\"u} +\global\catcode`\^^fd=\active \global\def^^fd{\'y} +% capital thorn +\global\catcode`\^^ff=\active \global\def^^ff{\"y} diff --git a/crypto/kerberosIV/doc/otp.texi b/crypto/kerberosIV/doc/otp.texi new file mode 100644 index 0000000..0a5929f --- /dev/null +++ b/crypto/kerberosIV/doc/otp.texi @@ -0,0 +1,127 @@ +@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top +@chapter One-Time Passwords + +@cindex OTP +@cindex One time passwords +There is also support for using @dfn{one time passwords} (OTP) in this +package. Specifically @code{login}, @code{ftpd}, and @code{popper} have +support for using them. + +@menu +* What are one time passwords?:: +* When to use one time passwords?:: +* Configuring OTPs:: +@end menu + +@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords +@comment node-name, next, previous, up +@section What are one time passwords? + +One time passwords are, as the name implies, passwords that can only +be used once. This means that even if someone is eavesdropping on the +network, they will not be able to make use of the passwords they steal. + +The OTPs used in this package support @cite{RFC 1938}. This standard is +also backwards compatible with the well-known S/Key. There are lots of +programs for generating these on everything from HP 48's to Crays. +@cindex S/Key + +@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords +@comment node-name, next, previous, up +@section When to use one time passwords? + +Why would you want to use OTPs instead of Kerberos? The advantage of +OTPs is that they don't require a computer to operate. You can print +out a list of passwords and take with you, or you could use your +calculator or hand-held computer to generate them. + +The downside is that they only protect you against passive attacks. +Only the initial connection is authenticated. After that, anyone can +eavesdrop on your session, so you should not send or view any sensitive +data (e.g. passwords) over a OTP-initiated link. You are also +vulnerable to active attacks where intruders try to take over your +TCP-session and/or introduce data in the middle of it. In other words, +they provide initial authentication, but neither integrity nor +confidentiality. + +The OTPs are generated from the tuple (@var{seed}, @var{sequence +number}, @var{pass-phrase}). The seed and the sequence number will be +printed as part of the @dfn{challenge} and you will have to generate the +corresponding password or pick it from a list. + +In conclusion, they are simple and can be used everywhere but don't +protect against all threats that Kerberos does. Use them when you can't +use Kerberos. + +@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords +@comment node-name, next, previous, up +@section Configuring OTPs + +@heading Initializing + +To initialize your OTPs use the @code{otp} program. This program will +write an entry in a local file on this host with your current password +(in this case the 100th) and the corresponding seed (@samp{foobar}). +@pindex otp + +@example +@cartouche +datan:>otp 100 foobar +Pass-phrase: +Verifying password Pass-phrase: +@end cartouche +@end example + +@heading Generating + +To print out a list of them there is a program called +@code{otpprint}. +@pindex otpprint + +@example +@cartouche +datan:>otpprint 100 foobar +Pass-phrase: +91: SLAM BUY SUP DUSK SKY BEST +92: DEEM SIGH ROB RASH JUG MAT +93: DUET FISK HERS AREA TOLL SUP +94: WOW RAIN LEAK SARA MARK WING +95: COG YELL MILK CART ABE BAWL +96: GROW SILK GIST OMEN CAM ANNE +97: JAG QUAD NUT BEAT BHOY MAGI +98: ADAM USED GENE NIP EYE SIS +99: MY SUNG HERO AT DASH RAKE +100: CORN KNIT BOTH TOGO SOUL BOG +@end cartouche +@end example + +@heading Using the OTPs + +When you try to use one and have initialized a series of +one-time passwords for yourself you will get a challenge with the +algorithm being used, the sequence number, and the seed. Enter those in +your generator or find the corresponding password in your list. + +@example +@cartouche +login: assar +assar's [ otp-md5 99 foobar ] Password: +@end cartouche +@end example + +The sequence number of the password will start at one less that the +number you gave to @code{otp} and decrease by one every time you use it. +You should try to keep track of which should be the current one so that +you can be assured that nobody has stolen some of your passwords and +used them. When the number has reached zero you need to acquire a new +series of passwords. + +Once you have initialized your series of passwords, you can always use +them at any password prompt where you get the challenge as shown above. + +@heading Configuring servers + +@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to +require one-time passwords when the connection has not been kerberos +authenticated. Check the man pages for these programs for the correct +options. diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi new file mode 100644 index 0000000..9e3630e --- /dev/null +++ b/crypto/kerberosIV/doc/problems.texi @@ -0,0 +1,156 @@ +@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top +@chapter Resolving frequent problems + +@menu +* Problems compiling Kerberos:: +* Common error messages:: +@end menu + +@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems +@section Problems compiling Kerberos + +Many compilers require a switch to become ANSI compliant. Since kth-krb +is written in ANSI C it is necessary to specify the name of the compiler +to be used and the required switch to make it ANSI compliant. This is +most easily done when running configure using the @kbd{env} command. For +instance to build under HP-UX using the native compiler do: + +@cartouche +@example +datan$ env CC="cc -Ae" ./configure +@end example +@end cartouche + +In general @kbd{gcc} works. The following combinations have also been +verified to successfully compile the distribution: + +@table @asis + +@item @samp{HP-UX} +@kbd{cc -Ae} +@item @samp{Digital UNIX} +@kbd{cc -std1} +@item @samp{AIX} +@kbd{xlc} +@item @samp{Solaris 2.x} +@kbd{cc} (unbundled one) +@item @samp{IRIX} +@kbd{cc} + +@end table + +@subheading Linux problems + +Some systems have lost @file{/usr/include/ndbm.h} which is necessary to +build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to +the source distribution. + +There has been reports of non-working @file{libdb} on some Linux +distributions. If that happens, use the @kbd{--without-berkeley-db} +when configuring. + +@subheading HP-UX problems + +The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all +systems. To make problems even worse, there is never an archive version +for static linking either. Therefore, when building ``truly portable'' +binaries first install GNU gdbm or Berkeley DB, and make sure that you +are linking against that library. + +@subheading Cray problems + +@kbd{rlogind} won't work on Crays until @code{forkpty()} has been +ported, in the mean time use @kbd{telnetd}. + +@subheading AIX problems + +@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile +@file{appl/telnet/telnetd/sys_term.c} (and possibily +@file{appl/bsd/forkpty.c}), if used with too much optimization. + +@subheading C2 problems + +@cindex C2 +The programs that checks passwords works with @file{passwd}, OTP, and +Kerberos paswords. This is problem if you use C2 security (or use some +other password database), that normally keeps passwords in some obscure +place. If you want to use Kerberos with C2 security you will have to +think about what kind of changes are necessary. See also the discussion +about Digital's SIA and C2 security, see @ref{Digital SIA}. + +@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems +@section Common error messages + +These are some of the more obscure error messages you might encounter: + +@table @asis + +@item @samp{Time is out of bounds} + +The time on your machine differs from the time on either the kerberos +server or the machine you are trying to login to. If it isn't obvious +that this is the case, remember that all times are compared in UTC. + +On unix systems you usually can find out what the local time is by doing +@code{telnet machine daytime}. This time (again, usually is the keyword) +is with correction for time-zone and daylight savings. + +If you have problem keeping your clocks synchronized, consider using a +time keeping system such as NTP (see also the discussion in +@ref{Install the client programs}). + +@item @samp{Ticket issue date too far in the future} + +The time on the kerberos server is more than five minutes ahead of the +time on the server. + +@item @samp{Can't decode authenticator} + +This means that there is a mismatch between the service key in the +kerberos server and the service key file on the specific machine. +Either: +@itemize @bullet +@item +the server couldn't find a service key matching the request +@item +the service key (or version number) does not match the key the packet +was encrypted with +@end itemize + +@item @samp{Incorrect network address} + +The address in the ticket does not match the address you sent the +request from. This happens on systems with more than one network +address, either physically or logically. You can list addresses which +should be considered equal in @file{/etc/krb.equiv} on your servers. + +A note to programmers: a server should not pass @samp{*} as the instance +to @samp{krb_rd_req}. It should try to figure out on which interface the +request was received, for instance by using @samp{k_getsockinst}. + +If you change addresses on your computer you invalidate any tickets you +might have. The easiest way to fix this is to get new tickets with the +new address. + +@item @samp{Message integrity error} + +The packet is broken in some way: +@itemize @bullet +@item +the lengths does not match the size of the packet, or +@item +the checksum does not match the contents of the packet +@end itemize + +@item @samp{Can't send request} +There is some problem contacting the kerberos server. Either the server +is down, or it is using the wrong port (compare the entries for +@samp{kerberos-iv} in @file{/etc/services}). The client might also have +failed to guess what kerberos server to talk to (check +@file{/etc/krb.conf} and @file{/etc/krb.realms}). + +@item @samp{Generic kerberos error} +This is a generic catch-all error message. + +@end table + diff --git a/crypto/kerberosIV/doc/setup.texi b/crypto/kerberosIV/doc/setup.texi new file mode 100644 index 0000000..1b4b395 --- /dev/null +++ b/crypto/kerberosIV/doc/setup.texi @@ -0,0 +1,794 @@ +@node How to set up a realm, One-Time Passwords, Installing programs, Top +@chapter How to set up a realm + +@quotation +@flushleft + Who willed you? or whose will stands but mine? + There's none protector of the realm but I. + Break up the gates, I'll be your warrantize. + Shall I be flouted thus by dunghill grooms? + --- King Henry VI, 6.1 +@end flushleft +@end quotation + +@menu +* How to set up the kerberos server:: +* Install the client programs:: +* Install the kerberised services:: +* Install a slave kerberos server:: +* Cross-realm functionality :: +@end menu + +@node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm +@section How to set up the kerberos server + +@menu +* Choose a realm name:: +* Choose a kerberos server:: +* Install the configuration files:: +* Install the /etc/services:: +* Install the kerberos server:: +* Set up the server:: +* Add a few important principals:: +* Start the server:: +* Try to get tickets:: +* Create initial ACL for the admin server:: +* Start the admin server:: +* Add users to the database:: +* Automate the startup of the servers:: +@end menu + +@node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server +@subsection Choose a realm name + +A +@cindex realm +realm is an administrative domain. Kerberos realms are usually +written in uppercase and consist of a Internet domain +name@footnote{Using lowercase characters in the realm name might break +in mysterious ways. This really should have been fixed, but has not.}. +Call your realm the same as your Internet domain name if you do not have +strong reasons for not doing so. It will make life easier for you and +everyone else. + +@node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server +@subsection Choose a kerberos server + +You need to choose a machine to run the +@pindex kerberos +kerberos server program. If the kerberos database residing on this host +is compromised, your entire realm will be compromised. Therefore, this +machine must be as secure as possible. Preferably it should not run any +services other than Kerberos. The secure-minded administrator might +only allow logins on the console. + +This machine has also to be reliable. If it is down, you will not be +able to use any kerberised services unless you have also configured a +slave server (@xref{Install a slave kerberos server}). + +Running the kerberos server requires very little CPU power and a small +amount of disk. An old PC with some hundreds of megabytes of free disk +space should do fine. Most of the disk space will be used for various +logs. + +@node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server +@subsection Install the configuration files + +There are two important configuration files: @file{/etc/krb.conf} and +@file{/etc/krb.realms}. +@pindex krb.conf +@pindex krb.realms + +The @file{krb.conf} file determines which machines are servers for +different realms. The format of this file is: + +@example +THIS.REALM +THIS.REALM kerberos.this.realm admin server +THIS.REALM kerberos-1.this.realm +ANOTHER.REALM kerberos.another.realm +@end example + +The first line defines the name of the local realm. Line two defines the +name of the master kerberos server and the database administration +server for this realm. You can define any number of kerberos slave +servers similar to the one defined in line three. The clients will try +to contact the servers in the order they are defined in @file{krb.conf}. + +The @samp{admin server} clause at the first entry states that this is +the master server +@cindex master server +(the one to contact when modifying the database, such as changing +passwords). There should be only one such entry for each realm. + +In the original MIT Kerberos 4 (as in most others), the server +specification could only take the form of a host-name. To facilitate +having kerberos servers in odd places (such as behind a firewall), +support has been added for ports other than the default (750), and +protocols other than UDP. + +The formal syntax for an entry is now +@samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either +@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default +value for @var{proto} is @samp{udp} and for @var{port} whatever +@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if +undefined. + +If the information about a realm is missing from the @file{krb.conf} +file, or if the information is wrong, the following methods will be +tried in order. + +@enumerate +@item +If you have an SRV-record (@cite{RFC 2052}) for your realm it will be +used. This record should be of the form +@samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is +either @samp{udp} or @samp{tcp}. (Note: the current implementation does +not look at priority or weight when deciding which server to talk to.) +@item +If there isn't any SRV-record, it tries to find a TXT-record for the +same domain. The contents of the record should have the same format as the +host specification in @file{krb.conf}. (Note: this is a temporary +solution if your name server doesn't support SRV records. The clients +should work fine with SRV records, so if your name server supports them, +they are very much preferred.) +@item +If no valid kerberos server is found, it will try to talk udp to the +service @samp{kerberos-iv} with fall-back to port 750 with +@samp{kerberos.@var{REALM}} (which is also assumed to be the master +server), and then @samp{kerberos-1.@var{REALM}}, +@samp{kerberos-2.@var{REALM}}, and so on. +@end enumerate + +We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}} +pointing to your kerberos master server. + +The @file{krb.realms} file is used to find out what realm a particular +host belongs to. An example of this file could look like: + +@example +this.realm THIS.REALM +.this.realm THIS.REALM +foo.com SOME.OTHER.REALM +www.foo.com A.STRANGE.REALM +.foo.com FOO.REALM +@end example + +Entries starting with a dot are taken as the name of a domain. Entries +not starting with a dot are taken as a host-name. The first entry matched +is used. The entry for @samp{this.realm} is only necessary if there is a +host named @samp{this.realm}. + +If no matching realm is found in @file{krb.realms}, DNS is searched for +the correct realm. For example, if we are looking for host @samp{a.b.c}, +@samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c} +and so on. The entry should be a TXT record containing the name of the +realm, such as: + +@example +krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" +@end example + +If this didn't help the domain name sans the first part in uppercase is +tried. + +The plain vanilla version of Kerberos doesn't have any fancy methods of +getting realms and servers so it is generally a good idea to keep +@file{krb.conf} and @file{krb.realms} up to date. + +@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server +@subsection Updating /etc/services + +You should append or merge the contents of @file{services.append} to +your @file{/etc/services} files or NIS-map. Remove any unused factory +installed kerberos port definitions to avoid possible conflicts. +@pindex services + +Most of the programs will fall back to the default ports if the port +numbers are not found in @file{/etc/services}, but it is convenient to +have them there anyway. + +@node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server +@subsection Install the kerberos server + +You should have already chosen the machine where you want to run the +kerberos server and the realm name. The machine should also be as +secure as possible (@xref{Choose a kerberos server}) before installing +the kerberos server. In this example, we will install a kerberos server +for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}. + +@node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server +@subsection Setup the server + +Login as root on the console of the kerberos server. Add +@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Run +@kbd{kdb_init}: +@pindex kdb_init + +@example +@cartouche +hemlig# kdb_init +Realm name [default FOO.SE ]: +You will be prompted for the database Master Password. +It is important that you NOT FORGET this password. + +Enter Kerberos master password: +Verifying password +Enter Kerberos master password: +@end cartouche +@end example + +If you have set up the configuration files correctly, @kbd{kdb_init} +should choose the correct realm as the default, otherwise a (good) guess +is made. Enter the master password. + +This password will only be used for encrypting the kerberos database on +disk and for generating new random keys. You will not have to remember +it, only to type it again when you run @kbd{kstash}. Choose something +long and random. Now run @kbd{kstash} using the same password: +@pindex kstash + +@example +@cartouche +hemlig# kstash + +Enter Kerberos master password: + +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +Wrote master key to /.k +@end cartouche +@end example + +After entering the same master password it will be saved in the file +@file{/.k} and the kerberos server will read it when needed. Write down +the master password and put it in a sealed envelope in a safe, you might +need it if your disk crashes or should you want to set up a slave +server. + +@code{kdb_init} initializes the database with a few entries: + +@table @samp +@item krbtgt.@var{REALM} +The key used for authenticating to the kerberos server. + +@item changepw.kerberos +The key used for authenticating to the administrative server, i.e. when +adding users, changing passwords, and so on. + +@item default +This entry is copied to new items when these are added. Enter here the +values you want new entries to have, particularly the expiry date. + +@item K.M +This is the master key and it is only used to verify that the master key +that is saved un-encrypted in @file{/.k} is correct and corresponds to +this database. + +@end table + +@code{kstash} only reads the master password and writes it to +@file{/.k}. This enables the kerberos server to start without you +having to enter the master password. This file (@file{/.k}) is only +readable by root and resides on a ``secure'' machine. + +@node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server +@subsection Add a few important principals + +Now the kerberos database has been created, containing only a few +principals. The next step is to add a few more so that you can test +that it works properly and so that you can administer your realm without +having to use the console on the kerberos server. Use @kbd{kdb_edit} +to edit the kerberos database directly on the server. +@pindex kdb_edit + +@code{kdb_edit} is intended as a bootstrapping and fall-back mechanism +for editing the database. For normal purposes, use the @code{kadmin} +program (@xref{Add users to the database}). + +The following example shows the adding of the principal +@samp{nisse.admin} into the kerberos database. This principal is used +by @samp{nisse} when administrating the kerberos database. Later on the +normal principal for @samp{nisse} will be created. Replace @samp{nisse} +and @samp{password} with your own username and password. + +@example +@cartouche +hemlig# kdb_edit -n +Opening database... +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +Previous or default values are in [brackets] , +enter return to leave the same, or new value. + +Principal name: +Instance: + +, Create [y] ? <> + +Principal: nisse, Instance: admin, kdc_key_ver: 1 +New Password: +Verifying password +New Password: + +Principal's new key version = 1 +Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <> +Max ticket lifetime (*5 minutes) [ 255 ] ? <> +Attributes [ 0 ] ? <> +Edit O.K. +Principal name: <> +@end cartouche +@end example + +@code{kdb_edit} will loop until you hit the @kbd{return} key at the +``Principal name'' prompt. Now you have added nisse as an administrator. + +@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server +@subsection Start the server + +@pindex kerberos +@example +@cartouche +hemlig# /usr/athena/libexec/kerberos & +Kerberos server starting +Sleep forever on error +Log file is /var/log/kerberos.log +Current Kerberos master key version is 1. + +Master key entered. BEWARE! + +Current Kerberos master key version is 1 +Local realm: FOO.SE +@end cartouche +@end example + +@node Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server +@subsection Try to get tickets + +You can now verify that these principals have been added and that the +server is working correctly. + +@pindex kinit +@example +@cartouche +hemlig# kinit +eBones International (hemlig.foo.se) +Kerberos Initialization +Kerberos name: +Password: +@end cartouche +@end example + +If you do not get any error message from @code{kinit}, then everything +is working (otherwise, see @ref{Common error messages}). Use +@code{klist} to verify the tickets you acquired with @code{kinit}: + +@pindex klist +@example +@cartouche +hemlig# klist +Ticket file: /tmp/tkt0 +Principal: nisse.admin@@FOO.SE + +Issued Expires Principal +May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE +@end cartouche +@end example + +@node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server +@subsection Create initial ACL for the admin server + +The admin server, @code{kadmind}, uses a series of files to determine who has +@pindex kadmind +the right to perform certain operations. The files are: +@file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and +@file{admin_acl.mod}. Create these with @samp{nisse.admin@@FOO.SE} as +the contents. +@pindex admin_acl.add +@pindex admin_acl.get +@pindex admin_acl.del +@pindex admin_acl.mod + +@example +@cartouche +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.add +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.get +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.mod +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.del +@end cartouche +@end example + +Later on you may wish to add more users with administration +privileges. Make sure that you create both the administration principals +and add them to the admin server ACL. + +@node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server +@subsection Start the admin server + +@pindex kadmind +@example +@cartouche +hemlig# /usr/athena/libexec/kadmind & +KADM Server KADM0.0A initializing +Please do not use 'kill -9' to kill this job, use a +regular kill instead + +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +@end cartouche +@end example + +@node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server +@subsection Add users to the database + +Use the @code{kadmin} client to add users to the database: +@pindex kadmin + +@example +@cartouche +hemlig# kadmin -u nisse.admin -m +Welcome to the Kerberos Administration Program, version 2 +Type "help" if you need it. +admin: +Admin password: +Maximum ticket lifetime? (255) [Forever] +Attributes? [0x00] +Expiration date (enter yyyy-mm-dd) ? [Sat Jan 1 05:59:00 2000] +Password for nisse: +Verifying password Password for nisse: +nisse added to database. +@end cartouche +@end example + +Add whatever other users you want to have in the same way. Verify that +a user is in the database and check the database entry for that user: + +@example +@cartouche +admin: +Info in Database for nisse.: +Max Life: 255 (Forever) Exp Date: Sat Jan 1 05:59:59 2000 + +Attribs: 00 key: 0 0 +admin: <^D> +Cleaning up and exiting. +@end cartouche +@end example + +@node Automate the startup of the servers, , Add users to the database, How to set up the kerberos server +@subsection Automate the startup of the servers + +Add the lines that were used to start the kerberos server and the +admin server to your startup scripts (@file{/etc/rc} or similar). +@pindex rc + +@node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm +@section Install the client programs + +Making a machine a kerberos client only requires a few steps. First you +might need to change the configuration files as with the kerberos +server. (@xref{Install the configuration files} and @ref{Install the +/etc/services}.) Also you need to make the programs in +@file{/usr/athena/bin} available. This can be done by adding the +@file{/usr/athena/bin} directory to the users' paths, by making symbolic +links, or even by copying the programs. + +You should also verify that the local time on the client is synchronised +with the time on the kerberos server by some means. The maximum allowed +time difference between the participating servers and a client is 5 +minutes. +@cindex NTP. +One good way to synchronize the time is NTP (Network Time Protocol), see +@code{http://www.eecis.udel.edu/~ntp/}. + +If you need to run the client programs on a machine where you do not +have root-access, you can hopefully just use the binaries and no +configuration will be needed. The heuristics used are mentioned above +(see @ref{Install the configuration files}). If this is not the case +and you need to have @file{krb.conf} and/or @file{krb.realms}, you can +copy them into a directory of your choice and +@pindex krb.conf +@pindex krb.realms +set the environment variable @var{KRBCONFDIR} to point at this +@cindex KRBCONFDIR +directory. + +To test the client functionality, run the @code{kinit} program: + +@example +@cartouche +foo$ kinit +eBones International (foo.foo.se) +Kerberos Initialization +Kerberos name: +Password: + +foo$ klist +Ticket file: /tmp/tkt4711 +Principal: nisse@@FOO.SE + +Issued Expires Principal +May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE +@end cartouche +@end example + +@node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm +@section Install the kerberised services + +These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp}, +@code{rxtelnet}, and so on. +@pindex rsh +@pindex rlogin +@pindex telnet +@pindex ftp +@pindex rxtelnet + +First follow the steps mentioned in the prior section to make it a +client and verify its operation. Change @file{inetd.conf} next to use +the new daemons. Look at the file +@pindex inetd.conf +@file{etc/inetd.conf.changes} to see the changes that we recommend you +perform on @file{inetd.conf}. + +You should at this point decide what services you want to run on +each machine. + +@subsection rsh, rlogin, and rcp +@pindex rsh +@pindex rlogin +@pindex rcp + +These exist in kerberised versions and ``old-style'' versions. The +different versions use different port numbers, so you can choose none, +one, or both. If you do not want to use ``old-style'' r* services, you +can let the programs output the text ``Remote host requires Kerberos +authentication'' instead of just refusing connections to that port. +This is enabled with the @samp{-v} option. The kerberised services +exist in encrypted and non-encrypted versions. The encrypted services +have an ``e'' prepended to the name and the programs take @samp{-x} as an +option indicating encryption. + +Our recommendation is to only use the kerberised services and give +explanation messages for the old ports. + +@subsection telnet +@pindex telnet + +The telnet service always uses the same port and negotiates as to which +authentication method should be used. The @code{telnetd} program has +@pindex telnetd +an option ``-a user'' that only allows kerberised and authenticated +connections. If this is not included, it falls back to using clear text +passwords. For obvious reasons, we recommend that you enable this +option. If you want to use one-time passwords (@xref{One-Time +Passwords}) you can use the ``-a otp'' option which will allow OTPs or +kerberised connections. + +@subsection ftp +@pindex ftp + +The ftp service works as telnet does, with just one port being used. By +default only kerberos authenticated connections are allowed. You can +specify additional levels that are thus allowed with these options: + +@table @asis +@item @kbd{-a otp} +Allow one-time passwords (@xref{One-Time Passwords}). +@item @kbd{-a ftp} +Allow anonymous login (as user ``ftp'' or ``anonymous''). +@item @kbd{-a safe} +The same as @kbd{-a ftp}, for backwards compatibility. +@item @kbd{-a plain} +Allow clear-text passwords. +@item @kbd{-a none} +The same as @kbd{-a ftp -a plain}. +@item @kbd{-a user} +A no-op, also there for backwards compatibility reasons. +@end table + +When running anonymous ftp you should read the man page on @code{ftpd} +which explains how to set it up. + +@subsection pop +@pindex popper + +The Post Office Protocol (POP) is used to retrieve mail from the mail +hub. The @code{popper} program implements the standard POP3 protocol +and the kerberised KPOP. Use the @samp{-k} option to run the kerberos +version of the protocol. This service should only be run on your mail +hub. + +@subsection kx +@pindex kx + +@code{kx} allows you to run X over a kerberos-authenticated and +encrypted connection. This program is used by @code{rxtelnet}, +@code{tenletxr}, and @code{rxterm}. + +If you have some strange kind of operating system with X libraries that +do not allow you to use unix-sockets, you need to specify the @samp{-t} +@pindex kxd +option to @code{kxd}. Otherwise it should be sufficient by adding the +daemon in @file{inetd.conf}. + +@subsection kauth +@pindex kauth + +This service allows you to create tickets on a remote host. To +enable it just insert the corresponding line in @file{inetd.conf}. + +@section srvtabs +@pindex srvtab + +In the same way every user needs to have a password registered with +the kerberos server, every service needs to have a shared key with the +kerberos server. The service keys are stored in a file, usually called +@file{/etc/srvtab}. This file should not be readable to anyone but +root, in order to keep the key from being divulged. The name of this principal +in the kerberos database is usually the service and the host. The key +for the pop service is called @samp{pop.@var{hostname}}. The one for +rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from +``remote command''). To create these keys you will use the the +@code{ksrvutil} program. Perform the +@pindex ksrvutil +following: + +@example +@cartouche +bar# ksrvutil -p nisse.admin get +Name [rcmd]: <> +Instance [bar]: <> +Realm [FOO.SE]: <> +Is this correct? (y,n) [y] <> +Add more keys? (y,n) [n] <> +Password for nisse.admin@@FOO.SE: +Written rcmd.bar +rcmd.bar@@FOO.SE +Old keyfile in /etc/srvtab.old. +@end cartouche +@end example + +@subsection Complete test of the kerberised services + +Obtain a ticket on one machine (@samp{foo}) and use it to login with a +kerberised service to a second machine (@samp{bar}). The test should +look like this if successful: + +@example +@cartouche +foo$ kinit nisse +eBones International (foo.foo.se) +Kerberos Initialization for "nisse" +Password: +foo$ klist +Ticket file: /tmp/tkt4711 +Principal: nisse@@FOO.SE + +Issued Expires Principal +May 30 13:48:03 May 30 23:48:03 krbtgt.FOO.SE@@FOO.SE +foo$ telnet bar +Trying 17.17.17.17... +Connected to bar.foo.se +Escape character is '^]'. +[ Trying mutual KERBEROS4 ... ] +[ Kerberos V4 accepts you ] +[ Kerberos V4 challenge successful ] +bar$ +@end cartouche +@end example + +You can also try with @code{rsh}, @code{rcp}, @code{rlogin}, +@code{rlogin -x}, and some other commands to see that everything is +working all right. + +@node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm +@section Install a slave kerberos server + +It is desirable to have at least one backup (slave) server in case the +master server fails. It is possible to have any number of such slave +servers but more than three usually doesn't buy much more redundancy. + +First select a good server machine. @xref{Choose a kerberos +server}. Since the master and slave servers will use copies of the same +database, they need to use the same master key. + +On the master, add a @samp{rcmd.kerberos} principal (using +@samp{ksrvutil get}). The +@pindex kprop +@code{kprop} program, running on the master, will use this when +authenticating to the +@pindex kpropd +@code{kpropd} daemons running on the slave servers. + +On your master server, create a file, e.g. @file{/var/kerberos/slaves}, +that contains the hostnames of your kerberos slave servers. + +Start @code{kpropd} with @samp{kpropd -i} on your slave servers. + +On your master server, create a dump of the database with @samp{kdb_util +slave_dump /var/kerberos/slave_dump}, and then run @code{kprop}. + +You should now have copies of the database on your slave servers. You +can verify this by issuing @samp{kdb_util dump @var{file}} on your +slave servers, and comparing with the original file on the master +server. Note that the entries will not be in the same order. + +This procedure should be automated with a script run regularly by cron, +for instance once an hour. + +To start the kerberos server on slaves, you first have to copy the +master key from the master server. You can do this either by remembering +the master password and issuing @samp{kstash}, or you can just copy the +keyfile. Remember that if you copy the file, do so on a safe media, not +over the network. Good means include floppy or paper. Paper is better, +since it is easier to swallow afterwards. + +The kerberos server should be started with @samp{-s} on the slave +servers. This enables sanity checks, for example checking the time since +the last update from the master. + +All changes to the database are made by @code{kadmind} at the master, +and then propagated to the slaves, so you should @strong{not} run +@code{kadmind} on the slaves. + +Finally add the slave servers to +@file{/etc/krb.conf}. The clients will ask the servers in the order +specified by that file. + +Consider adding CNAMEs to your slave servers, see @ref{Install the +configuration files}. + +@node Cross-realm functionality , , Install a slave kerberos server, How to set up a realm +@section Cross-realm functionality + +Suppose you are residing in the realm @samp{MY.REALM}, how do you +authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in +@samp{MY.REALM} allows you to communicate with kerberised services in that +realm. However, the computer in the other realm does not have a secret +key shared with the kerberos server in your realm. + +It is possible to add a shared key between two realms that trust each +other. When a client program, such as @code{telnet}, finds that the +other computer is in a different realm, it will try to get a ticket +granting ticket for that other realm, but from the local kerberos +server. With that ticket granting ticket, it will then obtain service +tickets from the kerberos server in the other realm. + +To add this functionality you have to add a principal to each realm. The +principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and +@samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different +principals should have the same key (and key version number). Remember +to transfer this key in a safe manner. This is all that is required. + +@example +@cartouche +blubb$ klist +Ticket file: /tmp/tkt3008 +Principal: joda@@NADA.KTH.SE + + Issued Expires Principal +Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE +blubb$ telnet agat.e.kth.se +Trying 130.237.48.12... +Connected to agat.e.kth.se. +Escape character is '^]'. +[ Trying mutual KERBEROS4 ... ] +[ Kerberos V4 accepts you ] +[ Kerberos V4 challenge successful ] +Last login: Sun Jun 2 20:51:50 from emma.pdc.kth.se + +agat$ exit +Connection closed by foreign host. +blubb$ klist +Ticket file: /tmp/tkt3008 +Principal: joda@@NADA.KTH.SE + + Issued Expires Principal +Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE +Jun 7 02:26:50 Jun 7 12:26:50 krbtgt.E.KTH.SE@@NADA.KTH.SE +Jun 7 02:26:51 Jun 7 12:26:51 rcmd.agat@@E.KTH.SE +@end cartouche +@end example diff --git a/crypto/kerberosIV/doc/whatis.texi b/crypto/kerberosIV/doc/whatis.texi new file mode 100644 index 0000000..16989bb --- /dev/null +++ b/crypto/kerberosIV/doc/whatis.texi @@ -0,0 +1,137 @@ +@node What is Kerberos?, Installing programs, Introduction, Top +@chapter What is Kerberos? + +@quotation +@flushleft + Now this Cerberus had three heads of dogs, + the tail of a dragon, and on his back the + heads of all sorts of snakes. + --- Pseudo-Apollodorus Library 2.5.12 +@end flushleft +@end quotation + +Kerberos is a system for authenticating users and services on a network. +It is built upon the assumption that the network is ``unsafe''. For +example, data sent over the network can be eavesdropped and altered, and +addresses can also be faked. Therefore they cannot be used for +authentication purposes. +@cindex authentication + +Kerberos is a trusted third-party service. That means that there is a +third party (the kerberos server) that is trusted by all the entities on +the network (users and services, usually called @dfn{principals}). All +principals share a secret password (or key) with the kerberos server and +this enables principals to verify that the messages from the kerberos +server are authentic. Thus trusting the kerberos server, users and +services can authenticate each other. + +@section Basic mechanism + +@ifinfo +@macro sub{arg} +<\arg\> +@end macro +@end ifinfo + +@tex +@def@xsub#1{$_{#1}$} +@global@let@sub=@xsub +@end tex + +In Kerberos, principals use @dfn{tickets} to prove that they are who +they claim to be. In the following example, @var{A} is the initiator of +the authentication exchange, usually a user, and @var{B} is the service +that @var{A} wishes to use. + +To obtain a ticket for a specific service, @var{A} sends a ticket +request to the kerberos server. The request basically contains @var{A}'s +and @var{B}'s names. The kerberos server checks that both @var{A} and +@var{B} are valid principals. + +Having verified the validity of the principals, it creates a packet +containing @var{A}'s and @var{B}'s names, @var{A}'s network address +(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime +of the ticket (@var{life}), and a secret @dfn{session key} +@cindex session key +(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key +(@var{K@sub{B}}). The actual ticket (@var{T@sub{AB}}) looks like this: +(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life}, +@var{K@sub{AB}}@}@var{K@sub{B}}). + +The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s +name, the current time, the lifetime of the ticket, and the session key, all +encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}}, +@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A} +decrypts the reply and retains it for later use. + +@sp 1 + +Before sending a message to @var{B}, @var{A} creates an authenticator +consisting of @var{A}'s name, @var{A}'s address, the current time, and a +``checksum'' chosen by @var{A}, all encrypted with the secret session +key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}}, +@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket +received from the kerberos server to @var{B}. Upon reception, @var{B} +decrypts the ticket using @var{B}'s secret key. Since the ticket +contains the session key that the authenticator was encrypted with, +@var{B} can now also decrypt the authenticator. To verify that @var{A} +really is @var{A}, @var{B} now has to compare the contents of the ticket +with that of the authenticator. If everything matches, @var{B} now +considers @var{A} as properly authenticated. + +@c (here we should have some more explanations) + +@section Different attacks + +@subheading Impersonating A + +An impostor, @var{C} could steal the authenticator and the ticket as it +is transmitted across the network, and use them to impersonate +@var{A}. The address in the ticket and the authenticator was added to +make it more difficult to perform this attack. To succeed @var{C} will +have to either use the same machine as @var{A} or fake the source +addresses of the packets. By including the time stamp in the +authenticator, @var{C} does not have much time in which to mount the +attack. + +@subheading Impersonating B + +@var{C} can hijack @var{B}'s network address, and when @var{A} sends +her credentials, @var{C} just pretend to verify them. @var{C} can't +be sure that she is talking to @var{A}. + +@section Defense strategies + +It would be possible to add a @dfn{replay cache} +@cindex replay cache +to the server side. The idea is to save the authenticators sent during +the last few minutes, so that @var{B} can detect when someone is trying +to retransmit an already used message. This is somewhat impractical +(mostly regarding efficiency), and is not part of Kerberos 4; MIT +Kerberos 5 contains it. + +To authenticate @var{B}, @var{A} might request that @var{B} sends +something back that proves that @var{B} has access to the session +key. An example of this is the checksum that @var{A} sent as part of the +authenticator. One typical procedure is to add one to the checksum, +encrypt it with the session key and send it back to @var{A}. This is +called @dfn{mutual authentication}. + +The session key can also be used to add cryptographic checksums to the +messages sent between @var{A} and @var{B} (known as @dfn{message +integrity}). Encryption can also be added (@dfn{message +confidentiality}). This is probably the best approach in all cases. +@cindex integrity +@cindex confidentiality + +@section Further reading + +The original paper on Kerberos from 1988 is @cite{Kerberos: An +Authentication Service for Open Network Systems}, by Jennifer Steiner, +Clifford Neuman and Jeffrey I. Schiller. + +A less technical description can be found in @cite{Designing an +Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also +from 1988. + +These and several other documents can be found on our web-page. diff --git a/crypto/kerberosIV/eBones-p9.README b/crypto/kerberosIV/eBones-p9.README new file mode 100644 index 0000000..8442985 --- /dev/null +++ b/crypto/kerberosIV/eBones-p9.README @@ -0,0 +1,26 @@ +The file eBones-p9.patch.Z is the compressed patch for Bones (patchlevel 9) +that puts back the calls to the DES encryption libraries. + +eBones-p9-des.tar.Z is a compressed tar file of MIT compatible +des encryption routines. Install these routines in src/lib/des. +The des_quad_cksum is not compatible with the MIT version +but I should fix that when I have access to ultrix 4 +* [It has now been fixed and is the same as MIT's] +(it has a binary copy of libdes.a)). There are two extra routines, +des_enc_read and des_enc_write. These routines are used in the +kerberos rcp, rlogin and rlogind to encrypt all network traffic. + +eBones-p9.tar.Z is a compressed tar file of Bones (patchlevel 9) +with the eBones-p9.patch applied and eBones-p9-des.tar.Z installed. + +When applying the patch to Bones, don't do a +find src -name "*.orig" -exec /bin/rm {} \; +There is a file called src/util/ss/ss.h.orig that is needed and +the above find will remove it. + +The Imakefile in src/lib/des assumes you have gcc. If you don't, +you will have to change the Imakefile. Compile this directory with +the maximum optimization your compiler has available. + +These modifications have been successfully unpacked and compiled +on a microvax 3600. diff --git a/crypto/kerberosIV/etc/README b/crypto/kerberosIV/etc/README new file mode 100644 index 0000000..68865ec --- /dev/null +++ b/crypto/kerberosIV/etc/README @@ -0,0 +1,41 @@ + + How to update your files in the /etc directory! + +/etc/services (all machines) + + The contents of services.append can probably just be appended to +your local file. If you use NIS (YP) you need to do this on the NIS +master. Delete and duplicate definitions to prevent inconsistencies. + +/etc/krb.conf (all machines) + + Create a krb.conf file by substituting MY.REALM.NAME with your +domain name. If you create a domain name alias (CNAME) kerberos.domain +pointing to your master server, unconfigured clients will have a +chance to find your realm. + + It is no longer necessary to put each and every realm in +krb.{conf,realms}. If the domain name matches your realm name and you +have a CNAME kerberos.REALMNAME pointing at your kerberos server other +sites will find your realm even if it is not listed in krb.conf. +*** Please add this CNAME to your local DNS *** + +/etc/krb.realms (all machines) + + Substitue MY.REALM.NAME in krb.realms with your domain name. + Not strictly necessary when domain and realm names match. + +/etc/inetd.conf (all machines supporting incoming telnet, rsh etc.) + + Comment out the lines starting with shell, login and telnet and +append inetd.conf.changes. Be carefull to check that there are no +additional old entries of kshell, ekshell, klogin and eklogin left. + + The -v option to rshd and rlogin turns off that service and echo +an informational message to the user. + +/etc/srvtab + + With 'ksrvutil get' you can add entries to the Kerberos database and +put the service keys into your srvtab file. + diff --git a/crypto/kerberosIV/etc/default.login b/crypto/kerberosIV/etc/default.login new file mode 100644 index 0000000..f01b2ee --- /dev/null +++ b/crypto/kerberosIV/etc/default.login @@ -0,0 +1,47 @@ +# +# Sample /etc/default/login file, read by the login program +# +# For more info consult SysV login(1) +# +# Most things are environment variables. +# HZ and TZ are set only if they are still uninitialized. + +# This really variable TZ +#TIMEZONE=EST5EDT + +#HZ=100 + +# File size limit, se ulimit(2). +# Note that the limit must be specified in units of 512-byte blocks. +#ULIMIT=0 + +# If CONSOLE is set, root can only login on that device. +# When not set root can log in on any device. +#CONSOLE=/dev/console + +# PASSREQ determines if login requires a password. +PASSREQ=YES + +# ALTSHELL, really set SHELL=/bin/bash or other shell +# Extension: when ALTSHELL=YES, we set the SHELL variable even if it is /bin/sh +ALTSHELL=YES + +# Default PATH +#PATH=/usr/bin: + +# Default PATH for root user +#SUPATH=/usr/sbin:/usr/bin + +# TIMEOUT sets the number of seconds (between 0 and 900) to wait before +# abandoning a login session. +# +#TIMEOUT=300 + +# Use this for default umask(2) value +#UMASK=022 + +# Sleeptime between failed logins +# SLEEPTIME + +# Maximum number of failed login attempts, well the user can always reconnect +# MAXTRYS diff --git a/crypto/kerberosIV/etc/fbtab b/crypto/kerberosIV/etc/fbtab new file mode 100644 index 0000000..3e21376 --- /dev/null +++ b/crypto/kerberosIV/etc/fbtab @@ -0,0 +1,15 @@ +# Sample /etc/fbtab file read by the login program +# This file can also be called /etc/logindevperm. + +# Use this to give away devices to the console user. The group of the +# devices is set to the owner's group specified in /etc/passwd. +# +# First column specifies the console device. +# +# Second the mode bits of the given away devices +# +# Third is a : separated list of devices to give away + +# console mode devices +/dev/console 0600 /dev/console:/dev/mouse +/dev/console 0600 /dev/floppy diff --git a/crypto/kerberosIV/etc/hosts.equiv b/crypto/kerberosIV/etc/hosts.equiv new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/crypto/kerberosIV/etc/hosts.equiv @@ -0,0 +1 @@ +localhost diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes new file mode 100644 index 0000000..a9721a0 --- /dev/null +++ b/crypto/kerberosIV/etc/inetd.conf.changes @@ -0,0 +1,33 @@ +# +# $Id: inetd.conf.changes,v 1.12 1996/10/27 11:58:02 bg Exp $ +# +# Turn off vanilla rshd and rlogind with an informational message. +# If you really want this security problem remove the '-v' option! +shell stream tcp nowait root /usr/athena/libexec/rshd rshd -l -L -v +login stream tcp nowait root /usr/athena/libexec/rlogind rlogind -l -v +# +# Kerberos rsh +kshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k +ekshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x +ekshell2 stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x +# +# Kerberos rlogin +klogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k +eklogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k -x +# +# Kerberized telnet and ftp, consider adding '-a user' to +# disallow cleartext passwords to both telnetd and ftpd. +telnet stream tcp nowait root /usr/athena/libexec/telnetd telnetd -a none +ftp stream tcp nowait root /usr/athena/libexec/ftpd ftpd -a none +# +# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname! +#kpop stream tcp nowait root /usr/athena/libexec/popper popper -k +# +# Old POP3 with passwords in clear (not recommended, uses cleartext passwords) +#pop3 stream tcp nowait root /usr/athena/libexec/popper popper +# +# Kauthd, support for putting tickets on other machines in a secure fashion. +kauth stream tcp nowait root /usr/athena/libexec/kauthd kauthd +# +# Encrypted X connections +kx stream tcp nowait root /usr/athena/libexec/kxd kxd diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf new file mode 100644 index 0000000..6114c85 --- /dev/null +++ b/crypto/kerberosIV/etc/krb.conf @@ -0,0 +1,56 @@ +MY.REALM.NAME +MY.REALM.NAME kerberos.MY.REALM.NAME admin server +SICS.SE kerberos.sics.se admin server +NADA.KTH.SE kerberos.nada.kth.se admin server +NADA.KTH.SE sysman.nada.kth.se +NADA.KTH.SE server.nada.kth.se +ADMIN.KTH.SE ulysses.admin.kth.se admin server +ADMIN.KTH.SE graziano.admin.kth.se +ADMIN.KTH.SE montano.admin.kth.se +BION.KTH.SE chaplin.bion.kth.se admin server +DSV.SU.SE ssi.dsv.su.se admin server +DSV.SU.SE vall.dsv.su.se +E.KTH.SE heimdal.e.kth.se admin server +E.KTH.SE elixir.e.kth.se +E.KTH.SE malt.e.kth.se +IT.KTH.SE gaia.it.kth.se +IT.KTH.SE isolde.it.kth.se +IT.KTH.SE tristan.it.kth.se +KTH.SE kth.se admin server +ML.KVA.SE gustava.ml.kva.se admin server +PI.SE liszt.adm.pi.se admin server +STACKEN.KTH.SE linnea.stacken.kth.se admin server +STACKEN.KTH.SE marcel.stacken.kth.se +STACKEN.KTH.SE sune.stacken.kth.se +SUNET.SE bar.pilsnet.sunet.se admin server +CYGNUS.COM kerberos.cygnus.com admin server +CYGNUS.COM kerberos-1.cygnus.com +CYGNUS.COM dumb.cygnus.com +DEVO.CYGNUS.COM dumber.cygnus.com admin server +MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server +KITHRUP.COM KITHRUP.COM admin server +ATHENA.MIT.EDU kerberos.mit.edu admin server +ATHENA.MIT.EDU kerberos-1.mit.edu +ATHENA.MIT.EDU kerberos-2.mit.edu +ATHENA.MIT.EDU kerberos-3.mit.edu +LCS.MIT.EDU kerberos.lcs.mit.edu admin server +SMS_TEST.MIT.EDU dodo.mit.edu admin server +LS.MIT.EDU ls.mit.edu admin server +IFS.UMICH.EDU kerberos.ifs.umich.edu +CS.WASHINGTON.EDU hawk.cs.washington.edu +CS.WASHINGTON.EDU aspen.cs.washington.edu +CS.BERKELEY.EDU okeeffe.berkeley.edu +SOUP.MIT.EDU soup.mit.edu admin server +TELECOM.MIT.EDU bitsy.mit.edu +MEDIA.MIT.EDU kerberos.media.mit.edu +NEAR.NET kerberos.near.net +CATS.UCSC.EDU mehitabel.ucsc.edu admin server +CATS.UCSC.EDU ucsch.ucsc.edu +WATCH.MIT.EDU kerberos.watch.mit.edu admin server +TELEBIT.COM napa.telebit.com. admin server +ARMADILLO.COM monad.armadillo.com admin server +TOAD.COM toad.com admin server +ZEN.ORG zen.org admin server +LLOYD.COM harry.lloyd.com admin server +EPRI.COM kerberos.epri.com admin server +EPRI.COM kerberos-2.epri.com diff --git a/crypto/kerberosIV/etc/krb.equiv b/crypto/kerberosIV/etc/krb.equiv new file mode 100644 index 0000000..6205c1f --- /dev/null +++ b/crypto/kerberosIV/etc/krb.equiv @@ -0,0 +1,14 @@ +# List of host with multiple adresses. +# +193.10.156.253 130.237.232.44 193.10.156.252 # scws scws-fddi scws-2. +193.10.156.250 130.237.232.15 # salmon-sp salmon. +# +# new krb.equiv syntax for all of SP. +# +193.10.156.0/24 193.10.157.0/24 \ # syk-X.pdc.kth.se syk-X-hps.pdc.kth.se +130.237.232.31 130.237.232.32 \ # syk-0101-fddi syk-0201-fddi +130.237.232.38 130.237.232.39 \ # syk-0115-fddi syk-0116-fddi +130.237.232.33 130.237.232.34 \ # syk-0301-fddi syk-0401-fddi +130.237.232.35 130.237.232.36 \ # syk-0501-fddi syk-0601-fddi +130.237.232.37 130.237.230.66 \ # syk-0602-fddi syk-0602-fcs +130.237.230.36 # syk-0606-hippi. diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms new file mode 100644 index 0000000..85e955a --- /dev/null +++ b/crypto/kerberosIV/etc/krb.realms @@ -0,0 +1,51 @@ +.MY.REALM.NAME MY.REALM.NAME +sics.se SICS.SE +.sics.se SICS.SE +nada.kth.se NADA.KTH.SE +pdc.kth.se NADA.KTH.SE +.hydro.kth.se NADA.KTH.SE +.math.kth.se NADA.KTH.SE +.mech.kth.se NADA.KTH.SE +.nada.kth.se NADA.KTH.SE +.pdc.kth.se NADA.KTH.SE +.sans.kth.se NADA.KTH.SE +.admin.kth.se ADMIN.KTH.SE +.e.kth.se E.KTH.SE +.electrum.kth.se IT.KTH.SE +.it.kth.se IT.KTH.SE +.sth.sunet.se SUNET.SE +.pilsnet.sunet.se SUNET.SE +.sunet.se SUNET.SE +.ml.kva.se ML.KVA.SE +pi.se PI.SE +.pi.se PI.SE +.adm.pi.se PI.SE +.stacken.kth.se STACKEN.KTH.SE +kth.se KTH.SE +.kth.se KTH.SE +.bion.kth.se BION.KTH.SE +.dsv.su.se DSV.SU.SE +.MIT.EDU ATHENA.MIT.EDU +.MIT.EDU. ATHENA.MIT.EDU +MIT.EDU ATHENA.MIT.EDU +DODO.MIT.EDU SMS_TEST.MIT.EDU +.UCSC.EDU CATS.UCSC.EDU +.UCSC.EDU. CATS.UCSC.EDU +CYGNUS.COM CYGNUS.COM +.CYGNUS.COM CYGNUS.COM +MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM +KITHRUP.COM KITHRUP.COM +.KITHRUP.COM KITHRUP.COM +.berkeley.edu EECS.BERKELEY.EDU +.CS.berkeley.edu EECS.BERKELEY.EDU +.MIT.EDU ATHENA.MIT.EDU +.mit.edu ATHENA.MIT.EDU +.BSDI.COM BSDI.COM +ARMADILLO.COM ARMADILLO.COM +.ARMADILLO.COM ARMADILLO.COM +ZEN.ORG ZEN.ORG +.ZEN.ORG ZEN.ORG +toad.com TOAD.COM +.toad.com TOAD.COM +lloyd.com LLOYD.COM +.lloyd.com LLOYD.COM diff --git a/crypto/kerberosIV/etc/login.access b/crypto/kerberosIV/etc/login.access new file mode 100644 index 0000000..f811616 --- /dev/null +++ b/crypto/kerberosIV/etc/login.access @@ -0,0 +1,54 @@ +# Sample /etc/login.access file read by the login program +# +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Only groups are matched in which users are explicitly +# listed: the program does not look at a user's primary group id value. +# +############################################################################## +# +# Disallow console logins to all but a few accounts. +# +-:ALL EXCEPT wheel shutdown sync:console +# +# Disallow non-local logins to privileged accounts (group wheel). +# +-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append new file mode 100644 index 0000000..8101e72 --- /dev/null +++ b/crypto/kerberosIV/etc/services.append @@ -0,0 +1,22 @@ +# +# Kerberos +# +# $Id: services.append,v 1.11 1996/10/18 15:25:17 bg Exp $ +# +kerberos-sec 88/udp # Kerberos secondary port UDP +kerberos-sec 88/tcp # Kerberos secondary port TCP +klogin 543/tcp # Kerberos authenticated rlogin +kshell 544/tcp krcmd # and remote shell +ekshell 545/tcp # Kerberos encrypted remote shell -kfall +ekshell2 2106/tcp # What U of Colorado @ Boulder uses? +kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp +kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp +kerberos_master 751/udp # Kerberos authentication +kerberos_master 751/tcp # Kerberos authentication +krb_prop 754/tcp # Kerberos slave propagation +kpop 1109/tcp # Pop with Kerberos +eklogin 2105/tcp # Kerberos encrypted rlogin +rkinit 2108/tcp # Kerberos remote kinit +kx 2111/tcp # X over kerberos +kip 2112/tcp # IP over kerberos +kauth 2120/tcp # Remote kauth diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in new file mode 100644 index 0000000..5061c08 --- /dev/null +++ b/crypto/kerberosIV/include/Makefile.in @@ -0,0 +1,147 @@ +# $Id: Makefile.in,v 1.36 1997/05/20 18:58:39 bg Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +CC = @CC@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +LN_S = @LN_S@ +EXECSUFFIX = @EXECSUFFIX@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +includedir = @includedir@ +libdir = @libdir@ + +HAVE_ERR_H = @ac_cv_header_err_h@ + +@SET_MAKE@ + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +HEADERS = krb_err.h kadm_err.h acl.h com_err.h des.h kadm.h kafs.h \ + kdc.h klog.h krb.h krb_db.h prot.h otp.h sl.h ktypes.h + +KTYPES_OBJECTS = ktypes.o + +SOURCES = ktypes.c + +LOCL_HEADERS = roken.h protos.h resolve.h xdbm.h + +MAYBE_HEADERS = err.h + +SUBDIRS = sys + +all: stamp-headers + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +ALL_INC = com_err.h des.h kadm.h kafs.h kdc.h klog.h krb.h krb_db.h otp.h + +install: + $(MKINSTALLDIRS) $(includedir) + for x in $(HEADERS); \ + do $(INSTALL_DATA) $$x $(includedir)/$$x; done + -if test "$(HAVE_ERR_H)" != yes; then \ + $(INSTALL_DATA) err.h $(includedir)/err.h; \ + fi + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for x in $(HEADERS); do \ + rm -f $(includedir)/$$x; \ + done + -if test "$(HAVE_ERR_H)" != yes; then \ + rm -f $(includedir)/err.h; \ + fi + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean: + rm -f $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) *.o ktypes stamp-headers + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + $(MAKE) clean + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +err.h: + if test "$(HAVE_ERR_H)" != yes; then \ + $(LN_S) $(srcdir)/../lib/roken/err.h err.h; \ + fi || true + +krb_err.h: + cd ../lib/krb && $(MAKE) krb_err.h + $(LN_S) ../lib/krb/krb_err.h . +kadm_err.h: + cd ../lib/kadm && $(MAKE) kadm_err.h + $(LN_S) ../lib/kadm/kadm_err.h . +acl.h: + $(LN_S) $(srcdir)/../lib/acl/acl.h . +com_err.h: + $(LN_S) $(srcdir)/../util/et/com_err.h . +des.h: + $(LN_S) $(srcdir)/../lib/des/des.h . +kadm.h: + $(LN_S) $(srcdir)/../lib/kadm/kadm.h . +kafs.h: + $(LN_S) $(srcdir)/../lib/kafs/kafs.h . +kdc.h: + $(LN_S) $(srcdir)/../lib/kdb/kdc.h . +klog.h: + $(LN_S) $(srcdir)/../lib/krb/klog.h . +krb.h: + $(LN_S) $(srcdir)/../lib/krb/krb.h . +resolve.h: + $(LN_S) $(srcdir)/../lib/krb/resolve.h . +krb_db.h: + $(LN_S) $(srcdir)/../lib/kdb/krb_db.h . +prot.h: + $(LN_S) $(srcdir)/../lib/krb/prot.h . + +protos.h: + $(LN_S) $(srcdir)/protos.H protos.h +roken.h: + $(LN_S) $(srcdir)/../lib/roken/roken.h . +xdbm.h: + $(LN_S) $(srcdir)/../lib/roken/xdbm.h . + +otp.h: + $(LN_S) $(srcdir)/../lib/otp/otp.h . + +sl.h: + $(LN_S) $(srcdir)/../lib/sl/sl.h . + +ktypes$(EXECSUFFIX): $(KTYPES_OBJECTS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KTYPES_OBJECTS) + +ktypes.o: ktypes.c + +ktypes.h: ktypes$(EXECSUFFIX) + ./ktypes$(EXECSUFFIX) > $@ + +stamp-headers: Makefile + $(MAKE) $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) + touch stamp-headers diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in new file mode 100644 index 0000000..826dc76 --- /dev/null +++ b/crypto/kerberosIV/include/config.h.in @@ -0,0 +1,984 @@ +/* include/config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define if using alloca.c. */ +#undef C_ALLOCA + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems. + This function is required for alloca.c support on those systems. */ +#undef CRAY_STACKSEG_END + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define if you have alloca, as a function or macro. */ +#undef HAVE_ALLOCA + +/* Define if you have and it should be used (not on Ultrix). */ +#undef HAVE_ALLOCA_H + +/* Define if you have a working `mmap' system call. */ +#undef HAVE_MMAP + +/* Define if your struct stat has st_blksize. */ +#undef HAVE_ST_BLKSIZE + +/* Define to `long' if doesn't define. */ +#undef off_t + +/* Define to `int' if doesn't define. */ +#undef pid_t + +/* Define if you need to in order for stat and other things to work. */ +#undef _POSIX_SOURCE + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define to `unsigned' if doesn't define. */ +#undef size_t + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at run-time. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown + */ +#undef STACK_DIRECTION + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if `sys_siglist' is declared by . */ +#undef SYS_SIGLIST_DECLARED + +/* Define if you can safely include both and . */ +#undef TIME_WITH_SYS_TIME + +/* Define to `int' if doesn't define. */ +#undef uid_t + +/* Define if your processor stores words with the most significant + byte first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +/* Define if the X Window System is missing or not being used. */ +#undef X_DISPLAY_MISSING + +/* Define this if RETSIGTYPE == void */ +#undef VOID_RETSIGTYPE + +/* Define this if struct utmp have ut_user */ +#undef HAVE_UT_USER + +/* Define this if struct utmp have ut_host */ +#undef HAVE_UT_HOST + +/* Define this if struct utmp have ut_addr */ +#undef HAVE_UT_ADDR + +/* Define this if struct utmp have ut_type */ +#undef HAVE_UT_TYPE + +/* Define this if struct utmp have ut_pid */ +#undef HAVE_UT_PID + +/* Define this if struct utmp have ut_id */ +#undef HAVE_UT_ID + +/* Define this if struct utmpx have ut_syslen */ +#undef HAVE_UT_SYSLEN + +/* Define this if struct winsize is declared in sys/termios.h */ +#undef HAVE_STRUCT_WINSIZE + +/* Define this if struct winsize have ws_xpixel */ +#undef HAVE_WS_XPIXEL + +/* Define this if struct winsize have ws_ypixel */ +#undef HAVE_WS_YPIXEL + +/* Define this to be the directory where the dictionary for cracklib */ +/* resides */ +#undef DICTPATH + +/* Define this if you want to use SOCKS v5 */ +#undef SOCKS + +/* Define this to the path of the mail spool directory */ +#undef KRB4_MAILDIR + +/* Define this if `struct sockaddr' includes sa_len */ +#undef SOCKADDR_HAS_SA_LEN + +/* Define this if `struct siaentity' includes ouid */ +#undef SIAENTITY_HAS_OUID + +/* Define if getlogin has POSIX flavour, as opposed to BSD */ +#undef POSIX_GETLOGIN + +/* Define if getpwnam_r has POSIX flavour */ +#undef POSIX_GETPWNAM_R + +/* define if getcwd() is broken (such as in SunOS) */ +#undef BROKEN_GETCWD + +/* define if the system is missing a prototype for crypt() */ +#undef NEED_CRYPT_PROTO + +/* define if the system is missing a prototype for strtok_r() */ +#undef NEED_STRTOK_R_PROTO + +/* define if /bin/ls takes -A */ +#undef HAVE_LS_A + +/* define if you have h_errno */ +#undef HAVE_H_ERRNO + +/* define if you have h_errlist but not hstrerror */ +#undef HAVE_H_ERRLIST + +/* define if you have h_nerr but not hstrerror */ +#undef HAVE_H_NERR + +/* define if your system doesn't declare h_errlist */ +#undef HAVE_H_ERRLIST_DECLARATION + +/* define if your system doesn't declare h_nerr */ +#undef HAVE_H_NERR_DECLARATION + +/* define this if you need a declaration for h_errno */ +#undef HAVE_H_ERRNO_DECLARATION + +/* define if you need a declaration for optarg */ +#undef HAVE_OPTARG_DECLARATION + +/* define if you need a declaration for optind */ +#undef HAVE_OPTIND_DECLARATION + +/* define if you need a declaration for opterr */ +#undef HAVE_OPTERR_DECLARATION + +/* define if you need a declaration for optopt */ +#undef HAVE_OPTOPT_DECLARATION + +/* define if you need a declaration for __progname */ +#undef HAVE___PROGNAME_DECLARATION + +/* Define if you have the XauReadAuth function. */ +#undef HAVE_XAUREADAUTH + +/* Define if you have the XauWriteAuth function. */ +#undef HAVE_XAUWRITEAUTH + +/* Define if you have the _getpty function. */ +#undef HAVE__GETPTY + +/* Define if you have the _scrsize function. */ +#undef HAVE__SCRSIZE + +/* Define if you have the _setsid function. */ +#undef HAVE__SETSID + +/* Define if you have the _stricmp function. */ +#undef HAVE__STRICMP + +/* Define if you have the asnprintf function. */ +#undef HAVE_ASNPRINTF + +/* Define if you have the asprintf function. */ +#undef HAVE_ASPRINTF + +/* Define if you have the chown function. */ +#undef HAVE_CHOWN + +/* Define if you have the daemon function. */ +#undef HAVE_DAEMON + +/* Define if you have the dbm_firstkey function. */ +#undef HAVE_DBM_FIRSTKEY + +/* Define if you have the dbopen function. */ +#undef HAVE_DBOPEN + +/* Define if you have the dn_expand function. */ +#undef HAVE_DN_EXPAND + +/* Define if you have the el_init function. */ +#undef HAVE_EL_INIT + +/* Define if you have the err function. */ +#undef HAVE_ERR + +/* Define if you have the errx function. */ +#undef HAVE_ERRX + +/* Define if you have the fchmod function. */ +#undef HAVE_FCHMOD + +/* Define if you have the fchown function. */ +#undef HAVE_FCHOWN + +/* Define if you have the fcntl function. */ +#undef HAVE_FCNTL + +/* Define if you have the flock function. */ +#undef HAVE_FLOCK + +/* Define if you have the forkpty function. */ +#undef HAVE_FORKPTY + +/* Define if you have the frevoke function. */ +#undef HAVE_FREVOKE + +/* Define if you have the getattr function. */ +#undef HAVE_GETATTR + +/* Define if you have the getcwd function. */ +#undef HAVE_GETCWD + +/* Define if you have the getdtablesize function. */ +#undef HAVE_GETDTABLESIZE + +/* Define if you have the gethostbyname function. */ +#undef HAVE_GETHOSTBYNAME + +/* Define if you have the gethostname function. */ +#undef HAVE_GETHOSTNAME + +/* Define if you have the getlogin function. */ +#undef HAVE_GETLOGIN + +/* Define if you have the getopt function. */ +#undef HAVE_GETOPT + +/* Define if you have the getpagesize function. */ +#undef HAVE_GETPAGESIZE + +/* Define if you have the getpriority function. */ +#undef HAVE_GETPRIORITY + +/* Define if you have the getpwnam_r function. */ +#undef HAVE_GETPWNAM_R + +/* Define if you have the getservbyname function. */ +#undef HAVE_GETSERVBYNAME + +/* Define if you have the getsockopt function. */ +#undef HAVE_GETSOCKOPT + +/* Define if you have the getspnam function. */ +#undef HAVE_GETSPNAM + +/* Define if you have the getspuid function. */ +#undef HAVE_GETSPUID + +/* Define if you have the gettimeofday function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define if you have the getudbnam function. */ +#undef HAVE_GETUDBNAM + +/* Define if you have the getuid function. */ +#undef HAVE_GETUID + +/* Define if you have the getusershell function. */ +#undef HAVE_GETUSERSHELL + +/* Define if you have the grantpt function. */ +#undef HAVE_GRANTPT + +/* Define if you have the hstrerror function. */ +#undef HAVE_HSTRERROR + +/* Define if you have the inet_aton function. */ +#undef HAVE_INET_ATON + +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + +/* Define if you have the innetgr function. */ +#undef HAVE_INNETGR + +/* Define if you have the iruserok function. */ +#undef HAVE_IRUSEROK + +/* Define if you have the logout function. */ +#undef HAVE_LOGOUT + +/* Define if you have the logwtmp function. */ +#undef HAVE_LOGWTMP + +/* Define if you have the lstat function. */ +#undef HAVE_LSTAT + +/* Define if you have the memmove function. */ +#undef HAVE_MEMMOVE + +/* Define if you have the mkstemp function. */ +#undef HAVE_MKSTEMP + +/* Define if you have the mktime function. */ +#undef HAVE_MKTIME + +/* Define if you have the odm_initialize function. */ +#undef HAVE_ODM_INITIALIZE + +/* Define if you have the ptsname function. */ +#undef HAVE_PTSNAME + +/* Define if you have the putenv function. */ +#undef HAVE_PUTENV + +/* Define if you have the rand function. */ +#undef HAVE_RAND + +/* Define if you have the random function. */ +#undef HAVE_RANDOM + +/* Define if you have the rcmd function. */ +#undef HAVE_RCMD + +/* Define if you have the readline function. */ +#undef HAVE_READLINE + +/* Define if you have the res_search function. */ +#undef HAVE_RES_SEARCH + +/* Define if you have the revoke function. */ +#undef HAVE_REVOKE + +/* Define if you have the setegid function. */ +#undef HAVE_SETEGID + +/* Define if you have the setenv function. */ +#undef HAVE_SETENV + +/* Define if you have the seteuid function. */ +#undef HAVE_SETEUID + +/* Define if you have the setitimer function. */ +#undef HAVE_SETITIMER + +/* Define if you have the setlim function. */ +#undef HAVE_SETLIM + +/* Define if you have the setlogin function. */ +#undef HAVE_SETLOGIN + +/* Define if you have the setpcred function. */ +#undef HAVE_SETPCRED + +/* Define if you have the setpgid function. */ +#undef HAVE_SETPGID + +/* Define if you have the setpriority function. */ +#undef HAVE_SETPRIORITY + +/* Define if you have the setproctitle function. */ +#undef HAVE_SETPROCTITLE + +/* Define if you have the setregid function. */ +#undef HAVE_SETREGID + +/* Define if you have the setresgid function. */ +#undef HAVE_SETRESGID + +/* Define if you have the setresuid function. */ +#undef HAVE_SETRESUID + +/* Define if you have the setreuid function. */ +#undef HAVE_SETREUID + +/* Define if you have the setsid function. */ +#undef HAVE_SETSID + +/* Define if you have the setsockopt function. */ +#undef HAVE_SETSOCKOPT + +/* Define if you have the setutent function. */ +#undef HAVE_SETUTENT + +/* Define if you have the snprintf function. */ +#undef HAVE_SNPRINTF + +/* Define if you have the socket function. */ +#undef HAVE_SOCKET + +/* Define if you have the strcasecmp function. */ +#undef HAVE_STRCASECMP + +/* Define if you have the strdup function. */ +#undef HAVE_STRDUP + +/* Define if you have the strerror function. */ +#undef HAVE_STRERROR + +/* Define if you have the strftime function. */ +#undef HAVE_STRFTIME + +/* Define if you have the strlwr function. */ +#undef HAVE_STRLWR + +/* Define if you have the strnlen function. */ +#undef HAVE_STRNLEN + +/* Define if you have the strtok_r function. */ +#undef HAVE_STRTOK_R + +/* Define if you have the strupr function. */ +#undef HAVE_STRUPR + +/* Define if you have the swab function. */ +#undef HAVE_SWAB + +/* Define if you have the syslog function. */ +#undef HAVE_SYSLOG + +/* Define if you have the tgetent function. */ +#undef HAVE_TGETENT + +/* Define if you have the ttyname function. */ +#undef HAVE_TTYNAME + +/* Define if you have the ttyslot function. */ +#undef HAVE_TTYSLOT + +/* Define if you have the ulimit function. */ +#undef HAVE_ULIMIT + +/* Define if you have the uname function. */ +#undef HAVE_UNAME + +/* Define if you have the unlockpt function. */ +#undef HAVE_UNLOCKPT + +/* Define if you have the unsetenv function. */ +#undef HAVE_UNSETENV + +/* Define if you have the vasnprintf function. */ +#undef HAVE_VASNPRINTF + +/* Define if you have the vasprintf function. */ +#undef HAVE_VASPRINTF + +/* Define if you have the verr function. */ +#undef HAVE_VERR + +/* Define if you have the verrx function. */ +#undef HAVE_VERRX + +/* Define if you have the vhangup function. */ +#undef HAVE_VHANGUP + +/* Define if you have the vsnprintf function. */ +#undef HAVE_VSNPRINTF + +/* Define if you have the vwarn function. */ +#undef HAVE_VWARN + +/* Define if you have the vwarnx function. */ +#undef HAVE_VWARNX + +/* Define if you have the warn function. */ +#undef HAVE_WARN + +/* Define if you have the warnx function. */ +#undef HAVE_WARNX + +/* Define if you have the yp_get_default_domain function. */ +#undef HAVE_YP_GET_DEFAULT_DOMAIN + +/* Define if you have the header file. */ +#undef HAVE_ARPA_FTP_H + +/* Define if you have the header file. */ +#undef HAVE_ARPA_INET_H + +/* Define if you have the header file. */ +#undef HAVE_ARPA_NAMESER_H + +/* Define if you have the header file. */ +#undef HAVE_ARPA_TELNET_H + +/* Define if you have the header file. */ +#undef HAVE_BIND_BITYPES_H + +/* Define if you have the header file. */ +#undef HAVE_BSD_BSD_H + +/* Define if you have the header file. */ +#undef HAVE_BSDSETJMP_H + +/* Define if you have the header file. */ +#undef HAVE_CRYPT_H + +/* Define if you have the header file. */ +#undef HAVE_DBM_H + +/* Define if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define if you have the header file. */ +#undef HAVE_ERR_H + +/* Define if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define if you have the header file. */ +#undef HAVE_GRP_H + +/* Define if you have the header file. */ +#undef HAVE_IO_H + +/* Define if you have the header file. */ +#undef HAVE_LASTLOG_H + +/* Define if you have the header file. */ +#undef HAVE_LOGIN_H + +/* Define if you have the header file. */ +#undef HAVE_MAILLOCK_H + +/* Define if you have the header file. */ +#undef HAVE_NDBM_H + +/* Define if you have the header file. */ +#undef HAVE_NET_IF_H + +/* Define if you have the header file. */ +#undef HAVE_NET_IF_TUN_H + +/* Define if you have the header file. */ +#undef HAVE_NET_IF_VAR_H + +/* Define if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IN_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IN6_MACHTYPES_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IN_SYSTM_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IP_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define if you have the header file. */ +#undef HAVE_PTY_H + +/* Define if you have the header file. */ +#undef HAVE_PWD_H + +/* Define if you have the header file. */ +#undef HAVE_RESOLV_H + +/* Define if you have the header file. */ +#undef HAVE_RPCSVC_DBM_H + +/* Define if you have the header file. */ +#undef HAVE_SAC_H + +/* Define if you have the header file. */ +#undef HAVE_SECURITY_PAM_MODULES_H + +/* Define if you have the header file. */ +#undef HAVE_SHADOW_H + +/* Define if you have the header file. */ +#undef HAVE_SIAD_H + +/* Define if you have the header file. */ +#undef HAVE_SIGNAL_H + +/* Define if you have the header file. */ +#undef HAVE_STROPTS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_BITYPES_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_CATEGORY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_CDEFS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FILE_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FILIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IOCCOM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_LOCKING_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PROC_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PTYIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PTYVAR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STR_TTY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STREAM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STROPTS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STRTTY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SYSCALL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SYSCTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TERMIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIMEB_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIMES_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TTY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_UIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_UTSNAME_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_WAIT_H + +/* Define if you have the header file. */ +#undef HAVE_SYSLOG_H + +/* Define if you have the header file. */ +#undef HAVE_TERMIO_H + +/* Define if you have the header file. */ +#undef HAVE_TERMIOS_H + +/* Define if you have the header file. */ +#undef HAVE_TMPDIR_H + +/* Define if you have the header file. */ +#undef HAVE_TTYENT_H + +/* Define if you have the header file. */ +#undef HAVE_UDB_H + +/* Define if you have the header file. */ +#undef HAVE_ULIMIT_H + +/* Define if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define if you have the header file. */ +#undef HAVE_USERPW_H + +/* Define if you have the header file. */ +#undef HAVE_USERSEC_H + +/* Define if you have the header file. */ +#undef HAVE_UTIL_H + +/* Define if you have the header file. */ +#undef HAVE_UTIME_H + +/* Define if you have the header file. */ +#undef HAVE_UTMP_H + +/* Define if you have the header file. */ +#undef HAVE_UTMPX_H + +/* Define if you have the header file. */ +#undef HAVE_WAIT_H + +/* Define if you have the header file. */ +#undef HAVE_WINSOCK_H + +/* Define if you have the X11 library (-lX11). */ +#undef HAVE_LIBX11 + +/* Define if you have the Xau library (-lXau). */ +#undef HAVE_LIBXAU + +/* Define if you have the c_r library (-lc_r). */ +#undef HAVE_LIBC_R + +/* Define if you have the cfg library (-lcfg). */ +#undef HAVE_LIBCFG + +/* Define if you have the edit library (-ledit). */ +#undef HAVE_LIBEDIT + +/* Define if you have the gdbm library (-lgdbm). */ +#undef HAVE_LIBGDBM + +/* Define if you have the ndbm library (-lndbm). */ +#undef HAVE_LIBNDBM + +/* Define if you have the nsl library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define if you have the odm library (-lodm). */ +#undef HAVE_LIBODM + +/* Define if you have the readline library (-lreadline). */ +#undef HAVE_LIBREADLINE + +/* Define if you have the resolv library (-lresolv). */ +#undef HAVE_LIBRESOLV + +/* Define if you have the s library (-ls). */ +#undef HAVE_LIBS + +/* Define if you have the socket library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define if you have the syslog library (-lsyslog). */ +#undef HAVE_LIBSYSLOG + +/* Define if you have the termcap library (-ltermcap). */ +#undef HAVE_LIBTERMCAP + +/* Define if you have the util library (-lutil). */ +#undef HAVE_LIBUTIL + +#undef HAVE_INT8_T +#undef HAVE_INT16_T +#undef HAVE_INT32_T +#undef HAVE_INT64_T +#undef HAVE_U_INT8_T +#undef HAVE_U_INT16_T +#undef HAVE_U_INT32_T +#undef HAVE_U_INT64_T + +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } + +/* + * Set ORGANIZATION to be the desired organization string printed + * by the 'kinit' program. It may have spaces. + */ +#define ORGANIZATION "eBones International" + +#if 0 +#undef BINDIR +#undef LIBDIR +#undef LIBEXECDIR +#undef SBINDIR +#endif + +#if 0 +#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} +#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} +#define KRB_EQUIV "/etc/krb.equiv" + +#define KEYFILE "/etc/srvtab" + +#define KRBDIR "/var/kerberos" +#define DBM_FILE KRBDIR "/principal" +#define DEFAULT_ACL_DIR KRBDIR + +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +/* + * Define NDBM if you are using the 4.3 ndbm library (which is part of + * libc). If not defined, 4.2 dbm will be assumed. + */ +#if defined(HAVE_DBM_FIRSTKEY) +#define NDBM +#endif + +/* ftp stuff -------------------------------------------------- */ + +#define KERBEROS + +/* telnet stuff ----------------------------------------------- */ + +/* define this if you have kerberos 4 */ +#undef KRB4 + +/* define this if you want encryption */ +#undef ENCRYPTION + +/* define this if you want authentication */ +#undef AUTHENTICATION + +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 +#endif + +/* Set this if you want des encryption */ +#undef DES_ENCRYPTION + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +#undef USE_IM + +/* define this if you want diagnostics in telnetd */ +#undef DIAGNOSTICS + +/* define this if you want support for broken ENV_{VALUE,VAR} systems */ +#undef ENV_HACK + +/* */ +#undef OLD_ENVIRON + +/* Used with login -p */ +#undef LOGIN_ARGS + +/* Define if there are working stream ptys */ +#undef STREAMSPTY + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif + + +/* ------------------------------------------------------------ */ + +/* + * Define this if your ndbm-library really is berkeley db and creates + * files that ends in .db. + */ +#undef HAVE_NEW_DB + +/* Define this if you have a working getmsg */ +#undef HAVE_GETMSG + +/* Define to enable new master key code */ +#undef RANDOM_MKEY + +/* Location of the master key file, default value lives in */ +#undef MKEYFILE + +/* Define if you don't want support for afs, might be a good idea on + AIX if you don't have afs */ +#undef NO_AFS + +/* Define if you have a readline compatible library */ +#undef HAVE_READLINE + +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +/* Define this if your compiler supports '#pragma weak' */ +#undef HAVE_PRAGMA_WEAK + +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +/* Set this to one of the constants above to specify default checksum + type to emit */ +#undef DES_QUAD_DEFAULT + +/* + * AIX braindamage! + */ +#if _AIX +#define _ALL_SOURCE +#define _POSIX_SOURCE +/* this is left for hysteric reasons :-) */ +#define unix /* well, ok... */ +#endif + +/* + * SunOS braindamage! (Sun include files are generally braindead) + */ +#if (defined(sun) || defined(__sun)) +#if defined(__svr4__) || defined(__SVR4) +#define SunOS 5 +#else +#define SunOS 4 +#endif +#endif + +#if defined(__sgi) || defined(sgi) +#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) +#define IRIX 5 +#else +#define IRIX 4 +#endif +#endif + +/* IRIX 4 braindamage */ +#if IRIX == 4 && !defined(__STDC__) +#define __STDC__ 0 +#endif diff --git a/crypto/kerberosIV/include/ktypes.c b/crypto/kerberosIV/include/ktypes.c new file mode 100644 index 0000000..eb6ad48 --- /dev/null +++ b/crypto/kerberosIV/include/ktypes.c @@ -0,0 +1,64 @@ +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $"); +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_BITYPES_H +#include +#endif +#ifdef HAVE_BIND_BITYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include +#endif + +int +main(void) +{ + printf ("/*\n" + " * This file was automatically generated by\n" + " * $Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $.\n" + " * Please do not edit\n" + " */\n\n"); + + printf ("#ifndef __KTYPES_H__\n" + "#define __KTYPES_H__\n\n"); + +#ifdef HAVE_SYS_TYPES_H + printf("#include \n"); +#endif +#ifdef HAVE_SYS_BITYPES_H + printf("#include \n"); +#endif +#ifdef HAVE_BIND_BITYPES_H + printf("#include \n"); +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H + printf("#include \n"); +#endif + +#ifndef HAVE_INT8_T + printf("typedef signed char int8_t;\n"); +#endif +#ifndef HAVE_U_INT8_T + printf("typedef unsigned char u_int8_t;\n"); +#endif +#ifndef HAVE_INT16_T + printf("typedef short int16_t;\n"); +#endif +#ifndef HAVE_U_INT16_T + printf("typedef unsigned short u_int16_t;\n"); +#endif +#ifndef HAVE_INT32_T + printf("typedef int int32_t;\n"); +#endif +#ifndef HAVE_U_INT32_T + printf("typedef unsigned int u_int32_t;\n"); +#endif + + printf("\n#endif /* __KTYPES_H__ */\n"); + return 0; +} diff --git a/crypto/kerberosIV/include/protos.h b/crypto/kerberosIV/include/protos.h new file mode 100644 index 0000000..0ceb122 --- /dev/null +++ b/crypto/kerberosIV/include/protos.h @@ -0,0 +1,276 @@ +/* -*- C -*- + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Add here functions that don't have a prototype on your system. + * + * $Id: protos.H,v 1.43 1997/05/28 01:09:36 assar Exp $ + */ + +#ifdef NEED_CRYPT_PROTO +char *crypt(const char*, const char*); +#endif + +#ifdef NEED_STRTOK_R_PROTO +char *strtok_r (char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_OPTARG_DECLARATION +extern char *optarg; +#endif +#ifndef HAVE_OPTERR_DECLARATION +extern int opterr; +#endif +#ifndef HAVE_OPTIND_DECLARATION +extern int optind; +#endif +#ifndef HAVE_OPTOPT_DECLARATION +extern int optopt; +#endif + +#if defined(__GNUC__) && SunOS == 4 + +/* To get type fd_set */ +#include +#include + +/* To get struct sockaddr, struct in_addr and struct hostent */ +#include +#include +#include + +/* To get struct stat */ +#include + +/* To get struct utimbuf */ +#include + +int utime(const char *, struct utimbuf *); +int syscall(int, ...); +pid_t getpid(void); +int ftruncate(int, off_t); +int fchmod(int, mode_t); +int fchown(int fd, int owner, int group); +int fsync(int); +int seteuid(uid_t); +int setreuid(int, int); +int flock(int, int); +int gettimeofday(struct timeval *tp, struct timezone *tzp); +int lstat(const char *, struct stat *); +int ioctl(int, int, void *); +int getpriority(int which, int who); +int setpriority(int which, int who, int priority); +int getdtablesize(void); +int initgroups(const char *name, int basegid); +long ulimit(int cmd, long newlimit); +int vhangup(void); + +int sigblock(int); +int sigsetmask(int); +int setitimer(int which, struct itimerval *value, struct itimerval *ovalue); + +int munmap(caddr_t addr, int len); + +int socket(int, int, int); +int setsockopt(int, int, int, void *, int); +int bind(int, void *, int); +int getsockname(int, struct sockaddr *, int *); +int accept(int, struct sockaddr *, int *); +int connect(int, struct sockaddr *, int); +int listen(int, int); +int recv(int s, void *buf, int len, int flags); +int recvfrom(int, char *, int, int, void *, int *); +int sendto(int, const char *, int, int, void *, int); +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +int shutdown(int, int); +int getpeername(int, struct sockaddr *, int *); +int getsockopt(int, int, int, void *, int *); +int send(int s, const void *msg, int len, int flags); +struct strbuf; +int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags); + +char *inet_ntoa(struct in_addr in); +unsigned long inet_addr(const char *cp); +int gethostname(char *, int); +struct hostent *gethostbyname(const char *); +int dn_expand(const u_char *msg, + const u_char *eomorig, + const u_char *comp_dn, + char *exp_dn, + int length); +int res_search(const char *dname, + int class, + int type, + u_char *answer, + int anslen); + +int yp_get_default_domain (char **outdomain); +int innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain); + +char *getwd(char *pathname); + +void bzero(char *b, int length); +int strcasecmp(const char *, const char *); +void swab(const char *, char *, int); +int atoi(const char *str); +char *mktemp(char *); +void srandom(int seed); +int random(void); + +int rcmd(char **, unsigned short, char *, char *, char *, int *); +int rresvport(int *); +int openlog(const char *ident, int logopt, int facility); +int syslog(int priority, const char *message, ...); +int ttyslot(void); + +char *getpass(const char *); + +char *getusershell(void); +void setpwent(); +void endpwent(); + +#include +int fclose(FILE *); + +#endif /* SunOS4 */ + +#if SunOS == 5 + +#include +#include + +char *getusershell(void); +char *strtok_r(char *, const char *, char **); +int getpriority (int which, id_t who); +int setpriority (int which, id_t who, int prio); +int getdtablesize (void); +char *getusershell(void); +void setusershell(void); +void endusershell(void); + +#if defined(__GNUC__) + +int syscall(int, ...); +int gethostname(char *, int); + +struct timeval; +int gettimeofday(struct timeval *tp, void *); + +#endif +#endif + +#if defined(__osf__) /* OSF/1 */ + +#if 0 +/* To get type fd_set */ +#include +#include + +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +int fsync(int fildes); +int gethostname(char *address, int address_len); +int setreuid(int ruid, int euid); +int ioctl(int d, unsigned long request, void * arg); +#endif +int flock(int fildes, int operation); +int syscall(int, ...); + +unsigned short htons(unsigned short hostshort); +unsigned int htonl(unsigned int hostint); +unsigned short ntohs(unsigned short netshort); +unsigned int ntohl(unsigned int netint); + +char *mktemp(char *template); +char *getusershell(void); + +int rcmd(char **, unsigned short, char *, char *, char *, int *); +int rresvport (int *port); + +#endif /* OSF/1 */ + +#if defined(__sgi) +#include + +char *ptsname(int fd); +struct spwd *getspuid(uid_t); +#endif /* IRIX */ + +#if defined(__GNUC__) && defined(_AIX) /* AIX */ + +struct timeval; +struct timezone; +int gettimeofday (struct timeval *Tp, void *Tzp); + +#endif /* AIX */ + +#if defined(__GNUC__) && defined(__hpux) /* HP-UX */ + +int syscall(int, ...); + +int vhangup(void); + +char *ptsname(int fildes); + +void utmpname(const char *file); + +int innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain); + +int dn_comp(char *exp_dn, char *comp_dn, int length, + char **dnptrs, char **lastdnptr); + +int res_query(char *dname, int class, int type, + unsigned char *answer, int anslen); + +int dn_expand(char *msg, char *eomorig, char *comp_dn, + char *exp_dn, int length); + +int res_search(char *dname, int class, int type, + unsigned char *answer, int anslen); + +#endif /* HP-UX */ + +#if defined(WIN32) /* Visual C++ 4.0 (Windows95/NT) */ + +int open(const char *, int, ...); +int close(int); +int read(int, void *, unsigned int); +int write(int, const void *, unsigned int); + +#endif /* WIN32 */ diff --git a/crypto/kerberosIV/include/sys/Makefile.in b/crypto/kerberosIV/include/sys/Makefile.in new file mode 100644 index 0000000..d6a58e0 --- /dev/null +++ b/crypto/kerberosIV/include/sys/Makefile.in @@ -0,0 +1,53 @@ +# $Id: Makefile.in,v 1.18 1997/05/11 04:29:47 assar Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +LN_S = @LN_S@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +includedir = @includedir@ +HAVE_CDEFS = @ac_cv_header_sys_cdefs_h@ + +@SET_MAKE@ + +HEADERS = cdefs.h + +all: stamp-headers + +Wall: + $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: all + $(MKINSTALLDIRS) $(includedir)/sys + -if test "$(HAVE_CDEFS)" != yes; then \ + $(INSTALL_DATA) cdefs.h $(includedir)/sys/cdefs.h ; \ + fi + +uninstall: + -if test "$(HAVE_CDEFS)" != yes; then \ + rm -f $(includedir)/sys/cdefs.h ; \ + fi + +clean: + rm -f $(HEADERS) stamp-headers + +mostlyclean: clean +distclean: clean + rm -f Makefile config.status *~ + +realclean: clean + +cdefs.h: + if test "$(HAVE_CDEFS)" != yes; then \ + $(LN_S) ${srcdir}/cdefs.H cdefs.h; \ + fi || true + +stamp-headers: + $(MAKE) $(HEADERS) + touch stamp-headers diff --git a/crypto/kerberosIV/include/sys/cdefs.H b/crypto/kerberosIV/include/sys/cdefs.H new file mode 100644 index 0000000..196d476 --- /dev/null +++ b/crypto/kerberosIV/include/sys/cdefs.H @@ -0,0 +1,149 @@ +/* -*- C -*- + * + * ++Copyright++ 1991, 1993 + * - + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * - + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * - + * --Copyright-- + */ + +/* + * @(#)cdefs.h 8.1 (Berkeley) 6/2/93 + * $Id: cdefs.H,v 1.2 1995/09/10 20:18:56 d91-jda Exp $ + */ + +#ifndef _CDEFS_H_ +#define _CDEFS_H_ + +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS }; +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif + +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +#if defined(__STDC__) || defined(__cplusplus) +#ifndef __P /* it's quite popular to define this */ +#define __P(protos) protos /* full-blown ANSI C */ +#endif +#define __CONCAT(x,y) x ## y +#define __STRING(x) #x + +#define __const const /* define reserved names to standard */ +#define __signed signed +#define __volatile volatile +#if defined(__cplusplus) +#define __inline inline /* convert to C++ keyword */ +#else +#ifndef __GNUC__ +#define __inline /* delete GCC keyword */ +#endif /* !__GNUC__ */ +#endif /* !__cplusplus */ + +#else /* !(__STDC__ || __cplusplus) */ +#ifndef __P +#define __P(protos) () /* traditional C preprocessor */ +#endif +#define __CONCAT(x,y) x/**/y +#define __STRING(x) "x" + +#ifndef __GNUC__ +#define __const /* delete pseudo-ANSI C keywords */ +#define __inline +#define __signed +#define __volatile +/* + * In non-ANSI C environments, new programs will want ANSI-only C keywords + * deleted from the program and old programs will want them left alone. + * When using a compiler other than gcc, programs using the ANSI C keywords + * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. + * When using "gcc -traditional", we assume that this is the intent; if + * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. + */ +#ifndef NO_ANSI_KEYWORDS +#define const /* delete ANSI C keywords */ +#define inline +#define signed +#define volatile +#endif +#endif /* !__GNUC__ */ +#endif /* !(__STDC__ || __cplusplus) */ + +/* + * GCC1 and some versions of GCC2 declare dead (non-returning) and + * pure (no side effects) functions using "volatile" and "const"; + * unfortunately, these then cause warnings under "-ansi -pedantic". + * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of + * these work for GNU C++ (modulo a slight glitch in the C++ grammar + * in the distribution version of 2.5.5). + */ +#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 +#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ +#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#define __dead __volatile +#define __pure __const +#endif +#endif + +/* Delete pseudo-keywords wherever they are not available or needed. */ +#ifndef __dead +#define __dead +#define __pure +#endif + +#endif /* !_CDEFS_H_ */ diff --git a/crypto/kerberosIV/install-sh b/crypto/kerberosIV/install-sh new file mode 100644 index 0000000..ebc6691 --- /dev/null +++ b/crypto/kerberosIV/install-sh @@ -0,0 +1,250 @@ +#! /bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/crypto/kerberosIV/kadmin/Design.txt b/crypto/kerberosIV/kadmin/Design.txt new file mode 100644 index 0000000..7763a04 --- /dev/null +++ b/crypto/kerberosIV/kadmin/Design.txt @@ -0,0 +1,23 @@ +// This file attempts to present the internal functioning of the new kerberos +// admin server and interface.. + +// +// The calling side +// + +// Outer interface (programmers interface) +kadm_mod_entry(vals *old_dat, vals *new_dat) returns (vals *cur_dat) + // sends a command telling the server to change all entries which match + // old_dat to entries matching new_dat + // returns in cur_dat the actual current values of the modified records + // implemented with calls to _vals_to_stream, _send_out, _take_in, and + // _stream_to_vals, _interpret_ret + +// Inner calls +_vals_to_stream (vals *, unsigned char *) + // converts a vals structure to a byte stream for transmission over the net + +_stream_to_vals (unsigned char *, vals *) + // converts a byte stream recieved into a vals structure + + diff --git a/crypto/kerberosIV/kadmin/Makefile.in b/crypto/kerberosIV/kadmin/Makefile.in new file mode 100644 index 0000000..947248e --- /dev/null +++ b/crypto/kerberosIV/kadmin/Makefile.in @@ -0,0 +1,125 @@ +# $Id: Makefile.in,v 1.37 1997/05/02 17:50:35 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir=.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +LIB_tgetent = @LIB_tgetent@ +LIB_readline = @LIB_readline@ +LIB_DBM = @LIB_DBM@ +LIBS = @LIBS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +CRACKLIB = @CRACKLIB@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kpasswd$(EXECSUFFIX) \ + kadmin$(EXECSUFFIX) +PROG_SBIN = ksrvutil$(EXECSUFFIX) +PROG_LIBEXEC = kadmind$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC) + +SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \ + admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \ + new_pwd.c + +OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \ + admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \ + new_pwd.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(sbindir) + for x in $(PROG_SBIN); do \ + $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x | sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + @rm -f $(prefix)/sbin/kadmin + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_SBIN); do \ + rm -f $(sbindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../util/et -lcom_err +LIBROKEN=-L../lib/roken -lroken + +kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kadmin$(EXECSUFFIX): kadmin.o new_pwd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ new_pwd.o kadmin.o -L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/sl -lsl -L../util/et -lcom_err $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN) + +KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o + +kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c new file mode 100644 index 0000000..2654c77 --- /dev/null +++ b/crypto/kerberosIV/kadmin/admin_server.c @@ -0,0 +1,432 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Top-level loop of the kerberos Administration server + */ + +/* + admin_server.c + this holds the main loop and initialization and cleanup code for the server +*/ + +#include "kadm_locl.h" + +RCSID("$Id: admin_server.c,v 1.41 1997/05/27 15:52:53 bg Exp $"); + +/* Almost all procs and such need this, so it is global */ +admin_params prm; /* The command line parameters struct */ + +/* GLOBAL */ +char *acldir = DEFAULT_ACL_DIR; +static char krbrlm[REALM_SZ]; + +static unsigned pidarraysize = 0; +static int *pidarray = (int *)0; + +static int exit_now = 0; + +static +RETSIGTYPE +doexit(int sig) +{ + exit_now = 1; + SIGRETURN(0); +} + +static +RETSIGTYPE +do_child(int sig) +{ + int pid; + int i, j; + + int status; + + pid = wait(&status); + + /* Reinstall signal handlers for SysV. Must be done *after* wait */ + signal(SIGCHLD, do_child); + + for (i = 0; i < pidarraysize; i++) + if (pidarray[i] == pid) { + /* found it */ + for (j = i; j < pidarraysize-1; j++) + /* copy others down */ + pidarray[j] = pidarray[j+1]; + pidarraysize--; + if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) + || WIFSIGNALED(status)) + krb_log("child %d: termsig %d, retcode %d", pid, + WTERMSIG(status), WEXITSTATUS(status)); + SIGRETURN(0); + } + krb_log("child %d not in list: termsig %d, retcode %d", pid, + WTERMSIG(status), WEXITSTATUS(status)); + SIGRETURN(0); +} + +static void +kill_children(void) +{ + int i; + + for (i = 0; i < pidarraysize; i++) { + kill(pidarray[i], SIGINT); + krb_log("killing child %d", pidarray[i]); + } +} + +/* close the system log file */ +static void +close_syslog(void) +{ + krb_log("Shutting down admin server"); +} + +static void +byebye(void) /* say goodnight gracie */ +{ + printf("Admin Server (kadm server) has completed operation.\n"); +} + +static void +clear_secrets(void) +{ + memset(server_parm.master_key, 0, sizeof(server_parm.master_key)); + memset(server_parm.master_key_schedule, 0, + sizeof(server_parm.master_key_schedule)); + server_parm.master_key_version = 0L; +} + +#ifdef DEBUG +#define cleanexit(code) {kerb_fini(); return;} +#endif + +#ifndef DEBUG +static void +cleanexit(int val) +{ + kerb_fini(); + clear_secrets(); + exit(val); +} +#endif + +static void +process_client(int fd, struct sockaddr_in *who) +{ + u_char *dat; + int dat_len; + u_short dlen; + int retval; + int on = 1; + Principal service; + des_cblock skey; + int more; + int status; + +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) + krb_log("setsockopt keepalive: %d",errno); +#endif + + server_parm.recv_addr = *who; + + if (kerb_init()) { /* Open as client */ + krb_log("can't open krb db"); + cleanexit(1); + } + /* need to set service key to changepw.KRB_MASTER */ + + status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, + 1, &more); + if (status == -1) { + /* db locked */ + int32_t retcode = KADM_DB_INUSE; + char *pdat; + + dat_len = KADM_VERSIZE + sizeof(retcode); + dat = (u_char *) malloc((unsigned)dat_len); + pdat = (char *) dat; + retcode = htonl((u_int32_t) KADM_DB_INUSE); + strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode)); + goto out; + } else if (!status) { + krb_log("no service %s.%s",server_parm.sname, server_parm.sinst); + cleanexit(2); + } + + copy_to_key(&service.key_low, &service.key_high, skey); + memset(&service, 0, sizeof(service)); + kdb_encrypt_key (&skey, &skey, &server_parm.master_key, + server_parm.master_key_schedule, DES_DECRYPT); + krb_set_key(skey, 0); /* if error, will show up when + rd_req fails */ + memset(skey, 0, sizeof(skey)); + + while (1) { + if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) != + sizeof(u_short)) { + if (retval < 0) + krb_log("dlen read: %s",error_message(errno)); + else if (retval) + krb_log("short dlen read: %d",retval); + close(fd); + cleanexit(retval ? 3 : 0); + } + if (exit_now) { + cleanexit(0); + } + dat_len = ntohs(dlen); + dat = (u_char *) malloc(dat_len); + if (!dat) { + krb_log("malloc: No memory"); + close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) { + if (retval < 0) + krb_log("data read: %s",error_message(errno)); + else + krb_log("short read: %d vs. %d", dat_len, retval); + close(fd); + cleanexit(5); + } + if (exit_now) { + cleanexit(0); + } + if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + krb_log("processing request: %s", error_message(retval)); + + /* kadm_ser_in did the processing and returned stuff in + dat & dat_len , return the appropriate data */ + + out: + dlen = htons(dat_len); + + if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) { + krb_log("writing dlen to client: %s",error_message(errno)); + close(fd); + cleanexit(6); + } + + if (krb_net_write(fd, dat, dat_len) < 0) { + krb_log("writing to client: %s", error_message(errno)); + close(fd); + cleanexit(7); + } + free(dat); + } + /*NOTREACHED*/ +} + +/* +kadm_listen +listen on the admin servers port for a request +*/ +static int +kadm_listen(void) +{ + int found; + int admin_fd; + int peer_fd; + fd_set mask, readfds; + struct sockaddr_in peer; + int addrlen; + int pid; + + signal(SIGINT, doexit); + signal(SIGTERM, doexit); + signal(SIGHUP, doexit); + signal(SIGQUIT, doexit); + signal(SIGPIPE, SIG_IGN); /* get errors on write() */ + signal(SIGALRM, doexit); + signal(SIGCHLD, do_child); + if (setsid() < 0) + krb_log("setsid() failed"); + + if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + return KADM_NO_SOCK; +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + { + int one=1; + setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)); + } +#endif + if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, + sizeof(struct sockaddr_in)) < 0) + return KADM_NO_BIND; + listen(admin_fd, 1); + FD_ZERO(&mask); + FD_SET(admin_fd, &mask); + + for (;;) { /* loop nearly forever */ + if (exit_now) { + clear_secrets(); + kill_children(); + return(0); + } + readfds = mask; + if ((found = select(admin_fd+1, &readfds, 0, + 0, (struct timeval *)0)) == 0) + continue; /* no things read */ + if (found < 0) { + if (errno != EINTR) + krb_log("select: %s",error_message(errno)); + continue; + } + if (FD_ISSET(admin_fd, &readfds)) { + /* accept the conn */ + addrlen = sizeof(peer); + if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, + &addrlen)) < 0) { + krb_log("accept: %s",error_message(errno)); + continue; + } +#ifndef DEBUG + /* if you want a sep daemon for each server */ + if ((pid = fork())) { + /* parent */ + if (pid < 0) { + krb_log("fork: %s",error_message(errno)); + close(peer_fd); + continue; + } + /* fork succeded: keep tabs on child */ + close(peer_fd); + if (pidarray) { + pidarray = (int *)realloc(pidarray, ++pidarraysize); + pidarray[pidarraysize-1] = pid; + } else { + pidarray = (int *)malloc(pidarraysize = 1); + pidarray[0] = pid; + } + } else { + /* child */ + close(admin_fd); +#endif /* DEBUG */ + /* + * If we are multihomed we need to figure out which + * local address that is used this time since it is + * used in "direction" comparison. + */ + getsockname(peer_fd, + (struct sockaddr *)&server_parm.admin_addr, + &addrlen); + /* do stuff */ + process_client (peer_fd, &peer); +#ifndef DEBUG + } +#endif + } else { + krb_log("something else woke me up!"); + return(0); + } + } + /*NOTREACHED*/ +} + +/* +** Main does the logical thing, it sets up the database and RPC interface, +** as well as handling the creation and maintenance of the syslog file... +*/ +int +main(int argc, char **argv) /* admin_server main routine */ +{ + int errval; + int c; + + set_progname (argv[0]); + + umask(077); /* Create protected files */ + + /* initialize the admin_params structure */ + prm.sysfile = KADM_SYSLOG; /* default file name */ + prm.inter = 0; + + memset(krbrlm, 0, sizeof(krbrlm)); + + while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != EOF) + switch(c) { + case 'f': /* Syslog file name change */ + prm.sysfile = optarg; + break; + case 'n': + prm.inter = 0; + break; + case 'm': + prm.inter = 1; + break; + case 'a': /* new acl directory */ + acldir = optarg; + break; + case 'd': + /* put code to deal with alt database place */ + if ((errval = kerb_db_set_name(optarg))) + errx (1, "opening database %s: %s", + optarg, error_message(errval)); + break; + case 'r': + strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + break; + case 'h': /* get help on using admin_server */ + default: + errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]"); + } + + if (krbrlm[0] == 0) + if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) + errx (1, "Unable to get local realm. Fix krb.conf or use -r."); + + printf("KADM Server %s initializing\n",KADM_VERSTR); + printf("Please do not use 'kill -9' to kill this job, use a\n"); + printf("regular kill instead\n\n"); + + kset_logfile(prm.sysfile); + krb_log("Admin server starting"); + + kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); + errval = kerb_init(); /* Open the Kerberos database */ + if (errval) { + warnx ("error: kerb_init() failed"); + close_syslog(); + byebye(); + } + /* set up the server_parm struct */ + if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + kerb_fini(); /* Close the Kerberos database-- + will re-open later */ + errval = kadm_listen(); /* listen for calls to server from + clients */ + } + if (errval != KADM_SUCCESS) { + warnx("error: %s",error_message(errval)); + kerb_fini(); /* Close if error */ + } + close_syslog(); /* Close syslog file, print + closing note */ + byebye(); /* Say bye bye on the terminal + in use */ + exit(1); +} /* procedure main */ diff --git a/crypto/kerberosIV/kadmin/kadm_funcs.c b/crypto/kerberosIV/kadmin/kadm_funcs.c new file mode 100644 index 0000000..34a34b0 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_funcs.c @@ -0,0 +1,411 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +*/ + +/* + * Kerberos administration server-side database manipulation routines + */ + +/* + * kadm_funcs.c + * the actual database manipulation code + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $"); + +static int +check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype) +{ + char checkname[MAX_K_NAME_SZ]; + char filename[MaxPathLen]; + + snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm); + + switch (acltype) { + case ADDACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE); + break; + case GETACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE); + break; + case MODACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE); + break; + case DELACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE); + break; + default: + krb_log("WARNING in check_access: default case in switch"); + return 0; + } + return(acl_check(filename, checkname)); +} + +static int +wildcard(char *str) +{ + if (!strcmp(str, WILDCARD_STR)) + return(1); + return(0); +} + +static int +fail(int code, char *oper, char *princ) +{ + krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code)); + return code; +} + +#define failadd(code) { fail(code, "ADD", victim); return code; } +#define faildelete(code) { fail(code, "DELETE", victim); return code; } +#define failget(code) { fail(code, "GET", victim); return code; } +#define failmod(code) { fail(code, "MOD", victim); return code; } +#define failchange(code) { fail(code, "CHANGE", admin); return code; } + +int +kadm_add_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, Kadm_vals *valsout) +{ + long numfound; /* check how many we get written */ + int more; /* pointer to more grabbed records */ + Principal data_i, data_o; /* temporary principal */ + u_char flags[4]; + des_cblock newpw; + Principal default_princ; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("ADD: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, ADDACL)) { + krb_log("WARNING: ADD: %s permission denied", admin); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failadd(KADM_ILL_WILDCARD); + } + + numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound != 1) { + failadd(KADM_UK_RERROR); + } + + kadm_vals_to_prin(valsin->fields, &data_i, valsin); + strncpy(data_i.name, valsin->name, ANAME_SZ); + strncpy(data_i.instance, valsin->instance, INST_SZ); + + if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) + data_i.exp_date = default_princ.exp_date; + if (!IS_FIELD(KADM_ATTR,valsin->fields)) + data_i.attributes = default_princ.attributes; + if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) + data_i.max_life = default_princ.max_life; + + memset(&default_princ, 0, sizeof(default_princ)); + + /* convert to host order */ + data_i.key_low = ntohl(data_i.key_low); + data_i.key_high = ntohl(data_i.key_high); + + + copy_to_key(&data_i.key_low, &data_i.key_high, newpw); + + /* encrypt new key in master key */ + kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + copy_from_key(newpw, &data_i.key_low, &data_i.key_high); + memset(newpw, 0, sizeof(newpw)); + + data_o = data_i; + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_INUSE); + } else { + data_i.key_version++; + data_i.kdc_key_ver = server_parm.master_key_version; + strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); + strncpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)-1); + + numfound = kerb_put_principal(&data_i, 1); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((numfound!=1) || (more!=0)) { + failadd(KADM_UK_RERROR); + } + memset(flags, 0, sizeof(flags)); + SET_FIELD(KADM_NAME,flags); + SET_FIELD(KADM_INST,flags); + SET_FIELD(KADM_EXPDATE,flags); + SET_FIELD(KADM_ATTR,flags); + SET_FIELD(KADM_MAXLIFE,flags); + kadm_prin_to_vals(flags, valsout, &data_o); + krb_log("ADD: %s added", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } + } +} + +int +kadm_delete_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin) +{ + int ret; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("DELETE: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, DELACL)) { + krb_log("WARNING: DELETE: %s permission denied", admin); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + faildelete(KADM_ILL_WILDCARD); + } + +#define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0) + + if(EQ(valsin, PWSERV_NAME, KRB_MASTER) || + EQ(valsin, "K", "M") || + EQ(valsin, "default", "") || + EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){ + krb_log("WARNING: DELETE: %s is immutable", victim); + return KADM_IMMUTABLE; /* XXX */ + } + + ret = kerb_delete_principal(valsin->name, valsin->instance); + if(ret == -1) + return KADM_DB_INUSE; /* XXX */ + krb_log("DELETE: %s removed.", victim); + return KADM_SUCCESS; +} + + +int +kadm_get_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout) +{ + long numfound; /* check how many were returned */ + int more; /* To point to more name.instances */ + Principal data_o; /* Data object to hold Principal */ + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("GET: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, GETACL)) { + krb_log("WARNING: GET: %s permission denied", admin); + return KADM_UNAUTH; + } + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failget(KADM_ILL_WILDCARD); + } + + /* Look up the record in the database */ + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failget(KADM_DB_INUSE); + } else if (numfound) { /* We got the record, let's return it */ + kadm_prin_to_vals(flags, valsout, &data_o); + krb_log("GET: %s retrieved", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } else { + failget(KADM_NOENTRY); /* Else whimper and moan */ + } +} + +int +kadm_mod_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout) +{ + long numfound; + int more; + Principal data_o, temp_key; + u_char fields[4]; + des_cblock newpw; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("MOD: %s by %s", victim, admin); + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failmod(KADM_ILL_WILDCARD); + } + + if (!check_access(rname, rinstance, rrealm, MODACL)) { + krb_log("WARNING: MOD: %s permission denied", admin); + return KADM_UNAUTH; + } + + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failmod(KADM_DB_INUSE); + } else if (numfound) { + kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); + strncpy(data_o.name, valsin->name, ANAME_SZ); + strncpy(data_o.instance, valsin->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) + data_o.exp_date = temp_key.exp_date; + if (IS_FIELD(KADM_ATTR,valsin2->fields)) + data_o.attributes = temp_key.attributes; + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) + data_o.max_life = temp_key.max_life; + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + + + /* convert to host order */ + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + + + copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw); + + /* encrypt new key in master key */ + kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + copy_from_key(newpw, &data_o.key_low, &data_o.key_high); + memset(newpw, 0, sizeof(newpw)); + } + memset(&temp_key, 0, sizeof(temp_key)); + + strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + + memset(&data_o, 0, sizeof(data_o)); + + if (more == -1) { + failmod(KADM_DB_INUSE); + } else if (more) { + failmod(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((more!=0)||(numfound!=1)) { + failmod(KADM_UK_RERROR); + } + memset(fields, 0, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + krb_log("MOD: %s modified", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } + } + else { + failmod(KADM_NOENTRY); + } +} + +int +kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw) +{ + long numfound; + int more; + Principal data_o; + des_cblock local_pw; + + char admin[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + + krb_log("CHANGE: %s", admin); + + if (strcmp(server_parm.krbrlm, rrealm)) { + krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm); + return(KADM_WRONG_REALM); + } + + if (wildcard(rname) || wildcard(rinstance)) { + failchange(KADM_ILL_WILDCARD); + } + + memcpy(local_pw, newpw, sizeof(local_pw)); + + /* encrypt new key in master key */ + kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + + numfound = kerb_get_principal(rname, rinstance, + &data_o, 1, &more); + if (numfound == -1) { + failchange(KADM_DB_INUSE); + } else if (numfound) { + copy_from_key(local_pw, &data_o.key_low, &data_o.key_high); + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + memset(local_pw, 0, sizeof(local_pw)); + memset(&data_o, 0, sizeof(data_o)); + if (more == -1) { + failchange(KADM_DB_INUSE); + } else if (more) { + failchange(KADM_UK_SERROR); + } else { + krb_log("CHANGE: %s's password changed", admin); + return KADM_SUCCESS; + } + } + else { + failchange(KADM_NOENTRY); + } +} diff --git a/crypto/kerberosIV/kadmin/kadm_locl.h b/crypto/kerberosIV/kadmin/kadm_locl.h new file mode 100644 index 0000000..07f9093 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_locl.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm_locl.h,v 1.25 1997/05/20 18:40:43 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif + +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include +#endif +#ifdef HAVE_PWD_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_SYSLOG_H +#include +#endif + +#include + +#ifdef SOCKS +#include +#endif + +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "kadm_server.h" +#include "pw_check.h" + +/* from libacl */ +/* int acl_check(char *acl, char *principal); */ + +/* GLOBALS */ +extern char *acldir; +extern Kadm_Server server_parm; + +/* Utils */ +int kadm_change __P((char *, char *, char *, des_cblock)); +int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *)); +int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *)); +int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *)); +int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *)); +int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_init __P((int inter, char realm[])); +int kadm_ser_in __P((u_char **, int *)); + +int get_pw_new_pwd __P((char *pword, int pwlen, krb_principal *pr, int print_realm)); + +/* cracklib */ +char *FascistCheck __P((char *password, char *path, char **strings)); diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c new file mode 100644 index 0000000..6909a9f --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c @@ -0,0 +1,213 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server-side support functions + */ + +/* +kadm_ser_wrap.c +unwraps wrapped packets and calls the appropriate server subroutine +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_ser_wrap.c,v 1.20 1997/05/02 10:29:14 joda Exp $"); + +/* GLOBAL */ +Kadm_Server server_parm; + +/* +kadm_ser_init +set up the server_parm structure +*/ +int +kadm_ser_init(int inter, char *realm) + /* interactive or from file */ + +{ + struct hostent *hp; + char hostname[MaxHostNameLen]; + + init_kadm_err_tbl(); + init_krb_err_tbl(); + if (k_gethostname(hostname, sizeof(hostname))) + return KADM_NO_HOSTNAME; + + strcpy(server_parm.sname, PWSERV_NAME); + strcpy(server_parm.sinst, KRB_MASTER); + strcpy(server_parm.krbrlm, realm); + + server_parm.admin_fd = -1; + /* setting up the addrs */ + memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr)); + + server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME, + "tcp", + htons(751)); + server_parm.admin_addr.sin_family = AF_INET; + if ((hp = gethostbyname(hostname)) == NULL) + return KADM_NO_HOSTNAME; + server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + /* setting up the database */ + if (kdb_get_master_key((inter==1), &server_parm.master_key, + server_parm.master_key_schedule) != 0) + return KADM_NO_MAST; + if ((server_parm.master_key_version = + kdb_verify_master_key(&server_parm.master_key, + server_parm.master_key_schedule,stderr))<0) + return KADM_NO_VERI; + return KADM_SUCCESS; +} + +static void errpkt(u_char **dat, int *dat_len, int code) +{ + u_int32_t retcode; + char *pdat; + + free(*dat); /* free up req */ + *dat_len = KADM_VERSIZE + sizeof(u_int32_t); + *dat = (u_char *) malloc((unsigned)*dat_len); + pdat = (char *) *dat; + retcode = htonl((u_int32_t) code); + strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t)); + return; +} + +/* +kadm_ser_in +unwrap the data stored in dat, process, and return it. +*/ +int +kadm_ser_in(u_char **dat, int *dat_len) +{ + u_char *in_st; /* pointer into the sent packet */ + int in_len,retc; /* where in packet we are, for + returns */ + u_int32_t r_len; /* length of the actual packet */ + KTEXT_ST authent; /* the authenticator */ + AUTH_DAT ad; /* who is this, klink */ + u_int32_t ncksum; /* checksum of encrypted data */ + des_key_schedule sess_sched; /* our schedule */ + MSG_DAT msg_st; + u_char *retdat, *tmpdat; + int retval, retlen; + + if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { + errpkt(dat, dat_len, KADM_BAD_VER); + return KADM_BAD_VER; + } + in_len = KADM_VERSIZE; + /* get the length */ + if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) + return KADM_LENGTH_ERROR; + in_len += retc; + authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t); + memcpy(authent.dat, (char *)(*dat) + in_len, authent.length); + authent.mbz = 0; + /* service key should be set before here */ + if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, + server_parm.recv_addr.sin_addr.s_addr, &ad, NULL))) + { + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + +#define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));} + + in_st = *dat + *dat_len - r_len; +#ifdef NOENCRYPTION + ncksum = 0; +#else + ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session); +#endif + if (ncksum!=ad.checksum) { /* yow, are we correct yet */ + clr_cli_secrets(); + errpkt(dat, dat_len,KADM_BAD_CHK); + return KADM_BAD_CHK; + } +#ifdef NOENCRYPTION + memset(sess_sched, 0, sizeof(sess_sched)); +#else + des_key_sched(&ad.session, sess_sched); +#endif + if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session, + &server_parm.recv_addr, + &server_parm.admin_addr, &msg_st))) { + clr_cli_secrets(); + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + switch (msg_st.app_data[0]) { + case CHANGE_PW: + retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case ADD_ENT: + retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case GET_ENT: + retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case MOD_ENT: + retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case DEL_ENT: + retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + default: + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_OPCODE); + return KADM_NO_OPCODE; + } + /* Now seal the response back into a priv msg */ + free(*dat); + tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + + sizeof(u_int32_t))); + strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); + retval = htonl((u_int32_t)retval); + memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t)); + if (retlen) { + memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat, + retlen); + free(retdat); + } + /* slop for mk_priv stuff */ + *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + + sizeof(u_int32_t) + 200)); + if ((*dat_len = krb_mk_priv(tmpdat, *dat, + (u_int32_t) (retlen + KADM_VERSIZE + + sizeof(u_int32_t)), + sess_sched, + &ad.session, &server_parm.admin_addr, + &server_parm.recv_addr)) < 0) { + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_ENCRYPT); + return KADM_NO_ENCRYPT; + } + clr_cli_secrets(); + return KADM_SUCCESS; +} diff --git a/crypto/kerberosIV/kadmin/kadm_server.c b/crypto/kerberosIV/kadmin/kadm_server.c new file mode 100644 index 0000000..1006f20 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_server.c @@ -0,0 +1,198 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server-side subroutines + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $"); + +/* +kadm_ser_cpw - the server side of the change_password routine + recieves : KTEXT, {key} + returns : CKSUM, RETCODE + acl : caller can change only own password + +Replaces the password (i.e. des key) of the caller with that specified in key. +Returns no actual data from the master server, since this is called by a user +*/ +int +kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + u_int32_t keylow, keyhigh; + des_cblock newkey; + int status; + int stvlen=0; + char *pw_msg; + char pword[MAX_KPW_LEN]; + char *strings[4]; + + /* take key off the stream, and change the database */ + + if ((status = stv_long(dat, &keyhigh, 0, len)) < 0) + return(KADM_LENGTH_ERROR); + stvlen=status; + if ((status = stv_long(dat, &keylow, stvlen, len)) < 0) + return(KADM_LENGTH_ERROR); + stvlen+=status; + + if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0) + pword[0]=0; + + keylow = ntohl(keylow); + keyhigh = ntohl(keyhigh); + memcpy(((char *)newkey) + 4, &keyhigh, 4); + memcpy(newkey, &keylow, 4); + + strings[0] = ad->pname; + strings[1] = ad->pinst; + strings[2] = ad->prealm; + strings[3] = NULL; + status = kadm_pw_check(pword, &newkey, &pw_msg, strings); + + memset(pword, 0, sizeof(pword)); + memset(dat, 0, len); + + if(status != KADM_SUCCESS){ + *datout=malloc(0); + *outlen=vts_string(pw_msg, datout, 0); + return status; + } + *datout=0; + *outlen=0; + + return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); +} + + +/* +kadm_ser_add - the server side of the add_entry routine + recieves : KTEXT, {values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as alloc) + +Adds and entry containing values to the database +returns the values of the entry, so if you leave certain fields blank you will + be able to determine the default values they are set to +*/ +int +kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals values, retvals; + long status; + + if ((status = stream_to_vals(dat, &values, len)) < 0) + return(KADM_LENGTH_ERROR); + if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, + &values, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_mod - the server side of the mod_entry routine + recieves : KTEXT, {values, values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as register or dealloc) + +Modifies all entries corresponding to the first values so they match the + second values. +returns the values for the changed entries +*/ +int +kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals vals1, vals2, retvals; + int wh; + long status; + + if ((wh = stream_to_vals(dat, &vals1, len)) < 0) + return KADM_LENGTH_ERROR; + if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) + return KADM_LENGTH_ERROR; + if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, + &vals2, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +int +kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad, + u_char **datout, int *outlen) +{ + Kadm_vals values; + int wh; + int status; + + if((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if(wh != len) + return KADM_LENGTH_ERROR; + status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm, + &values); + *outlen = 0; + return status; +} + +/* +kadm_ser_get + recieves : KTEXT, {values, flags} + returns : CKSUM, RETCODE, {count, values, values, values} + acl : su + +gets the fields requested by flags from all entries matching values +returns this data for each matching recipient, after a count of how many such + matches there were +*/ +int +kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals values, retvals; + u_char fl[FLDSZ]; + int loop,wh; + long status; + + if ((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if (wh + FLDSZ > len) + return KADM_LENGTH_ERROR; + for (loop=FLDSZ-1; loop>=0; loop--) + fl[loop] = dat[wh++]; + if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, + &values, fl, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + diff --git a/crypto/kerberosIV/kadmin/kadm_server.h b/crypto/kerberosIV/kadmin/kadm_server.h new file mode 100644 index 0000000..c730574 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_server.h @@ -0,0 +1,66 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* $Id: kadm_server.h,v 1.10 1997/05/11 04:08:26 assar Exp $ */ + +/* + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + des_cblock master_key; + des_cblock session_key; + des_key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +/* the default syslog file */ +#ifndef KADM_SYSLOG +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#endif /* KADM_SYSLOG */ + +#ifndef DEFAULT_ACL_DIR +#define DEFAULT_ACL_DIR "/var/kerberos" +#endif /* DEFAULT_ACL_DIR */ +#define ADD_ACL_FILE "/admin_acl.add" +#define GET_ACL_FILE "/admin_acl.get" +#define MOD_ACL_FILE "/admin_acl.mod" +#define DEL_ACL_FILE "/admin_acl.del" + +#endif /* KADM_SERVER_DEFS */ diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c new file mode 100644 index 0000000..f117b6b --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadmin.c @@ -0,0 +1,845 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos database administrator's tool. + * + * The default behavior of kadmin is if the -m option is given + * on the commandline, multiple requests are allowed to be given + * with one entry of the admin password (until the tickets expire). + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadmin.c,v 1.48 1997/05/13 09:43:06 bg Exp $"); + +static void change_password(int argc, char **argv); +static void change_key(int argc, char **argv); +static void change_admin_password(int argc, char **argv); +static void add_new_key(int argc, char **argv); +static void del_entry(int argc, char **argv); +static void get_entry(int argc, char **argv); +static void mod_entry(int argc, char **argv); +static void help(int argc, char **argv); +static void clean_up_cmd(int argc, char **argv); +static void quit_cmd(int argc, char **argv); + +static SL_cmd cmds[] = { + {"change_password", change_password, "Change a user's password"}, + {"cpw"}, + {"passwd"}, + {"change_key", change_key, "Change a user's password as a DES binary key"}, + {"ckey"}, + {"change_admin_password", change_admin_password, + "Change your admin password"}, + {"cap"}, + {"add_new_key", add_new_key, "Add new user to kerberos database"}, + {"ank"}, + {"del_entry", del_entry, "Delete entry from database"}, + {"del"}, + {"delete"}, + {"get_entry", get_entry, "Get entry from kerberos database"}, + {"mod_entry", mod_entry, "Modify entry in kerberos database"}, + {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"}, + {"exit", quit_cmd, "Exit program"}, + {"quit"}, + {"help", help, "Help"}, + {"?"}, + {NULL} +}; + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +/* for get_password, whether it should do the swapping...necessary for + using vals structure, unnecessary for change_pw requests */ +#define DONTSWAP 0 +#define SWAP 1 + +static krb_principal pr; +static char default_realm[REALM_SZ]; /* default kerberos realm */ +static char krbrlm[REALM_SZ]; /* current realm being administered */ +static int multiple = 0; /* Allow multiple requests per ticket */ + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + +static void +get_maxlife(Kadm_vals *vals) +{ + char buff[BUFSIZ]; + time_t life; + int l; + + do { + printf("Maximum ticket lifetime? (%d) [%s] ", + vals->max_life, krb_life_to_atime(vals->max_life)); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + life = krb_atime_to_life(buff); + } while (life <= 0); + + l = strlen(buff); + if (buff[l-2] == 'm') + life = krb_time_to_life(0L, life*60); + if (buff[l-2] == 'h') + life = krb_time_to_life(0L, life*60*60); + + vals->max_life = life; + SET_FIELD(KADM_MAXLIFE,vals->fields); +} + +static void +get_attr(Kadm_vals *vals) +{ + char buff[BUFSIZ], *out; + int attr; + + do { + printf("Attributes? [0x%.2x] ", vals->attributes); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + attr = strtol(buff, &out, 0); + if (attr == 0 && out == buff) + attr = -1; + } while (attr < 0 || attr > 0xffff); + + vals->attributes = attr; + SET_FIELD(KADM_ATTR,vals->fields); +} + +static void +get_expdate(Kadm_vals *vals) +{ + char buff[BUFSIZ]; + struct tm edate; + + memset(&edate, 0, sizeof(edate)); + do { + printf("Expiration date (enter yyyy-mm-dd) ? [%.24s] ", + asctime(k_localtime(&vals->exp_date))); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + if (sscanf(buff, "%d-%d-%d", + &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) { + edate.tm_mon--; /* January is 0, not 1 */ + edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_min = 59; /* specified day */ + } + } while (krb_check_tm (edate)); + + edate.tm_year -= 1900; + vals->exp_date = tm2time (edate, 1); + SET_FIELD(KADM_EXPDATE,vals->fields); +} + +static int +princ_exists(char *name, char *instance, char *realm) +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +static int +get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap) +{ + char new_passwd[MAX_KPW_LEN]; /* new password */ + des_cblock newkey; + + if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) + return(BAD_PW); + if (strlen(new_passwd) == 0) { + printf("Using random password.\n"); +#ifdef NOENCRYPTION + memset(newkey, 0, sizeof(newkey)); +#else + des_new_random_key(&newkey); +#endif + } else { +#ifdef NOENCRYPTION + memset(newkey, 0, sizeof(newkey)); +#else + des_string_to_key(new_passwd, &newkey); +#endif + memset(new_passwd, 0, sizeof(new_passwd)); + } + + memcpy(low, newkey, 4); + memcpy(high, ((char *)newkey) + 4, 4); + + memset(newkey, 0, sizeof(newkey)); + +#ifdef NOENCRYPTION + *low = 1; +#endif + + if (byteswap != DONTSWAP) { + *low = htonl(*low); + *high = htonl(*high); + } + return(GOOD_PW); +} + +static int +get_admin_password(void) +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ + CREDENTIALS c; + + if (multiple) { + /* If admin tickets exist and are valid, just exit. */ + memset(&c, 0, sizeof(c)); + if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) + /* + * If time is less than lifetime - FUDGE_VALUE after issue date, + * tickets will probably last long enough for the next + * transaction. + */ + if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) + return(KADM_SUCCESS); + ticket_life = DEFAULT_TKT_LIFE; + } + + if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) { + char prompt[256]; + snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr)); + if (read_long_pw_string(admin_passwd, + sizeof(admin_passwd)-1, + prompt, 0)) { + warnx ("Error reading admin password."); + goto bad; + } + status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm, + PWSERV_NAME, KADM_SINST, + ticket_life, admin_passwd); + memset(admin_passwd, 0, sizeof(admin_passwd)); + + /* Initialize non shared random sequence from session key. */ + memset(&c, 0, sizeof(c)); + krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); + des_init_random_number_generator(&c.session); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s does not exist.\n", krb_unparse_name(&pr)); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + + bad: + memset(admin_passwd, 0, sizeof(admin_passwd)); + dest_tkt(); + return(BAD_PW); +} + +static void +usage(void) +{ + fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]" + " [-m]\n" + " -m allows multiple admin requests to be " + "serviced with one entry of admin\n" + " password.\n"); + exit (1); +} + +/* GLOBAL */ +static void +clean_up() +{ + dest_tkt(); +} + +static void +clean_up_cmd (int argc, char **argv) +{ + clean_up(); +} + +/* GLOBAL */ +static void +quit() +{ + printf("Cleaning up and exiting.\n"); + clean_up(); + exit(0); +} + +static void +quit_cmd (int argc, char **argv) +{ + quit(); +} + +static void +do_init(int argc, char **argv) +{ + int c; + int tflag = 0; + char tktstring[MaxPathLen]; + int k_errno; + + set_progname (argv[0]); + + memset(&pr, 0, sizeof(pr)); + if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0) + errx (1, "I could not even guess who you might be"); + while ((c = getopt(argc, argv, "p:u:r:mt")) != EOF) + switch (c) { + case 'p': + case 'u': + if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS) + errx (1, "%s", krb_get_err_text(k_errno)); + break; + case 'r': + memset(default_realm, 0, sizeof(default_realm)); + strncpy(default_realm, optarg, sizeof(default_realm) - 1); + break; + case 'm': + multiple++; + break; + case 't': + tflag++; + break; + default: + usage(); + break; + } + if (optind < argc) + usage(); + strcpy(krbrlm, default_realm); + + if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) + *krbrlm = '\0'; + if (pr.realm[0] == '\0') + strcpy (pr.realm, krbrlm); + if (pr.instance[0] == '\0') + strcpy(pr.instance, "admin"); + + if (!tflag) { + snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid()); + krb_set_tkt_string(tktstring); + } + +} + +int +main(int argc, char **argv) +{ + do_init(argc, argv); + + printf("Welcome to the Kerberos Administration Program, version 2\n"); + printf("Type \"help\" if you need it.\n"); + sl_loop (cmds, "kadmin: "); + printf("\n"); + quit(); + exit(0); +} + +static int +setvals(Kadm_vals *vals, char *string) +{ + char realm[REALM_SZ]; + int status = KADM_SUCCESS; + + memset(vals, 0, sizeof(*vals)); + memset(realm, 0, sizeof(realm)); + + SET_FIELD(KADM_NAME,vals->fields); + SET_FIELD(KADM_INST,vals->fields); + if ((status = kname_parse(vals->name, vals->instance, realm, string))) { + printf("kerberos error: %s\n", krb_get_err_text(status)); + return status; + } + if (!realm[0]) + strcpy(realm, default_realm); + if (strcmp(realm, krbrlm)) { + strcpy(krbrlm, realm); + if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) + != KADM_SUCCESS) + printf("kadm error for realm %s: %s\n", + krbrlm, error_message(status)); + } + if (status) + return 1; + else + return KADM_SUCCESS; +} + +static void +change_password(int argc, char **argv) +{ + Kadm_vals old, new; + int status; + char pw_prompt[BUFSIZ]; + + if (argc != 2) { + printf("Usage: change_password loginname\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Password changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing password for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading password; password unchanged\n"); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (old.name, old.instance, krbrlm)); + return; +} + +static int +getkey(unsigned char *k) +{ + int i, c; + for (i = 0; i < 8; i++) + { + c = getchar(); + if (c == EOF) + return 0; + else if (c == '\\') + { + int oct = -1; + scanf("%03o", &oct); + if (oct < 0 || oct > 255) + return 0; + k[i] = oct; + } + else if (!isalpha(c)) + return 0; + else + k[i] = c; + } + c = getchar(); + if (c != '\n') + return 0; + return 1; /* Success */ +} + +static void +printkey(unsigned char *tkey) +{ + int j; + for(j = 0; j < 8; j++) + if(tkey[j] != '\\' && isalpha(tkey[j]) != 0) + printf("%c", tkey[j]); + else + printf("\\%03o",(unsigned char)tkey[j]); + printf("\n"); +} + +static void +change_key(int argc, char **argv) +{ + Kadm_vals old, new; + unsigned char newkey[8]; + int status; + + if (argc != 2) { + printf("Usage: change_key principal-name\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + printf("New DES key for %s: ", argv[1]); + + if (getkey(newkey)) { + memcpy(&new.key_low, newkey, 4); + memcpy(&new.key_high, ((char *)newkey) + 4, 4); + printf("Entered key for %s: ", argv[1]); + printkey(newkey); + memset(newkey, 0, sizeof(newkey)); + + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Key changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing key for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading key; key unchanged\n"); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (old.name, old.instance, krbrlm)); + return; +} + +static void +change_admin_password(int argc, char **argv) +{ + des_cblock newkey; + int status; + char pword[MAX_KPW_LEN]; + char *pw_msg; + + if (argc != 1) { + printf("Usage: change_admin_password\n"); + return; + } + if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) { + des_string_to_key(pword, &newkey); + status = kadm_change_pw_plain(newkey, pword, &pw_msg); + if(status == KADM_INSECURE_PW) + printf("Insecure password: %s\n", pw_msg); + else if (status == KADM_SUCCESS) + printf("Admin password changed\n"); + else + printf("kadm error: %s\n",error_message(status)); + memset(newkey, 0, sizeof(newkey)); + memset(pword, 0, sizeof(pword)); + } + if (!multiple) + clean_up(); + return; +} + +static void +add_new_key(int argc, char **argv) +{ + Kadm_vals new; + char pw_prompt[BUFSIZ]; + int status; + + if (argc != 2) { + printf("Usage: add_new_key user_name.\n"); + return; + } + if (setvals(&new, argv[1]) != KADM_SUCCESS) + return; + + SET_FIELD(KADM_EXPDATE,new.fields); + SET_FIELD(KADM_ATTR,new.fields); + SET_FIELD(KADM_MAXLIFE,new.fields); + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { + Kadm_vals vals; + u_char fields[4]; + char n[ANAME_SZ + INST_SZ + 1]; + + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + memset(fields, 0, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + snprintf (n, sizeof(n), "default.%s", new.instance); + if (setvals(&vals, n) != KADM_SUCCESS) + return; + + if (kadm_get(&vals, fields) != KADM_SUCCESS) { + if (setvals(&vals, "default") != KADM_SUCCESS) + return; + if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) { + printf ("kadm error: %s\n", error_message(status)); + return; + } + } + + if (vals.max_life == 255) /* Defaults not set! */ { + /* This is the default maximum lifetime for new principals. */ + if (strcmp(new.instance, "admin") == 0) + vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */ + else if (strcmp(new.instance, "root") == 0) + vals.max_life = 96; /* 8 hours */ + else if (krb_life_to_time(0, 162) >= 24*60*60) + vals.max_life = 162; /* ca 100 hours */ + else + vals.max_life = 255; /* ca 21 hours (maximum) */ + + /* Also fix expiration date. */ + if (strcmp(new.name, "rcmd") == 0) + vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */ + else + vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */ + } + + new.max_life = vals.max_life; + new.exp_date = vals.exp_date; + new.attributes = vals.attributes; + get_maxlife(&new); + get_attr(&new); + get_expdate(&new); + + /* get the new password */ + snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_add(&new); + if (status == KADM_SUCCESS) { + printf("%s added to database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + } else + printf("Error reading password; %s not added\n",argv[1]); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal already exists.\n"); + return; +} + +static void +del_entry(int argc, char **argv) +{ + int status; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: del_entry username\n"); + return; + } + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_del(&vals)) == KADM_SUCCESS){ + printf("%s removed from database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (vals.name, vals.instance, krbrlm)); + return; +} + +static void +get_entry(int argc, char **argv) +{ + int status; + u_char fields[4]; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: get_entry username\n"); + return; + } + + memset(fields, 0, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); +#if 0 + SET_FIELD(KADM_DESKEY,fields); +#endif + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) + prin_vals(&vals); + else + printf("kadm error: %s\n",error_message(status)); + + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (vals.name, vals.instance, krbrlm)); + return; +} + +static void +mod_entry(int argc, char **argv) +{ + int status; + u_char fields[4]; + Kadm_vals ovals, nvals; + + if (argc != 2) { + printf("Usage: mod_entry username\n"); + return; + } + + memset(fields, 0, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + + if (setvals(&ovals, argv[1]) != KADM_SUCCESS) + return; + + nvals = ovals; + + if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) { + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (ovals.name, ovals.instance, krbrlm)); + return; + } + + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { + printf("[ unable to retrieve current settings: %s ]\n", + error_message(status)); + nvals.max_life = DEFAULT_TKT_LIFE; + nvals.exp_date = 0; + nvals.attributes = 0; + } else { + nvals.max_life = ovals.max_life; + nvals.exp_date = ovals.exp_date; + nvals.attributes = ovals.attributes; + } + + get_maxlife(&nvals); + get_attr(&nvals); + get_expdate(&nvals); + + if (IS_FIELD(KADM_MAXLIFE, nvals.fields) || + IS_FIELD(KADM_ATTR, nvals.fields) || + IS_FIELD(KADM_EXPDATE, nvals.fields)) { + if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) { + printf("kadm error: %s\n",error_message(status)); + goto out; + } + if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { + printf("kadm error: %s\n",error_message(status)); + goto out; + } + } + prin_vals(&ovals); + +out: + if (!multiple) + clean_up(); + return; +} + +static void +help(int argc, char **argv) +{ + sl_help (cmds, argc, argv); +} diff --git a/crypto/kerberosIV/kadmin/kpasswd.c b/crypto/kerberosIV/kadmin/kpasswd.c new file mode 100644 index 0000000..f4c0cda --- /dev/null +++ b/crypto/kerberosIV/kadmin/kpasswd.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * change your password with kerberos + */ + +#include "kadm_locl.h" + +RCSID("$Id: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $"); + +static void +usage(int value) +{ + fprintf(stderr, "Usage: "); + fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] "); + fprintf(stderr, "[-u fullname]\n"); + exit(value); +} + +int +main(int argc, char **argv) +{ + krb_principal principal; + krb_principal default_principal; + int realm_given = 0; /* True if realm was give on cmdline */ + int use_default = 1; /* True if we should use default name */ + int status; /* return code */ + char pword[MAX_KPW_LEN]; + int c; + char tktstring[MaxPathLen]; + + set_progname (argv[0]); + + memset (&principal, 0, sizeof(principal)); + memset (&default_principal, 0, sizeof(default_principal)); + + krb_get_default_principal (default_principal.name, + default_principal.instance, + default_principal.realm); + + while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) { + switch (c) { + case 'u': + status = krb_parse_name (optarg, &principal); + if (status != KSUCCESS) + errx (2, "%s", krb_get_err_text(status)); + if (principal.realm[0]) + realm_given++; + else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS) + errx (1, "Could not find default realm!"); + break; + case 'n': + if (k_isname(optarg)) + strncpy(principal.name, optarg, sizeof(principal.name) - 1); + else { + warnx("Bad name: %s", optarg); + usage(1); + } + break; + case 'i': + if (k_isinst(optarg)) + strncpy(principal.instance, + optarg, + sizeof(principal.instance) - 1); + else { + warnx("Bad instance: %s", optarg); + usage(1); + } + break; + case 'r': + if (k_isrealm(optarg)) { + strncpy(principal.realm, optarg, sizeof(principal.realm) - 1); + realm_given++; + } else { + warnx("Bad realm: %s", optarg); + usage(1); + } + break; + case 'h': + usage(0); + break; + default: + usage(1); + break; + } + use_default = 0; + } + if (optind < argc) { + use_default = 0; + status = krb_parse_name (argv[optind], &principal); + if(status != KSUCCESS) + errx (1, "%s", krb_get_err_text (status)); + } + + if (use_default) { + strcpy(principal.name, default_principal.name); + strcpy(principal.instance, default_principal.instance); + strcpy(principal.realm, default_principal.realm); + } else { + if (!principal.name[0]) + strcpy(principal.name, default_principal.name); + if (!principal.realm[0]) + strcpy(principal.realm, default_principal.realm); + } + + snprintf(tktstring, sizeof(tktstring), + TKT_ROOT "_cpw_%u", (unsigned)getpid()); + krb_set_tkt_string(tktstring); + + if (get_pw_new_pwd(pword, sizeof(pword), &principal, + realm_given)) { + dest_tkt (); + exit(1); + } + + status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm); + if (status != KADM_SUCCESS) + com_err(argv[0], status, "while initializing"); + else { + des_cblock newkey; + char *pw_msg; /* message from server */ + + des_string_to_key(pword, &newkey); + status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg); + memset(newkey, 0, sizeof(newkey)); + + if (status == KADM_INSECURE_PW) + warnx ("Insecure password: %s", pw_msg); + else if (status != KADM_SUCCESS) + com_err(argv[0], status, " attempting to change password."); + } + memset(pword, 0, sizeof(pword)); + + if (status != KADM_SUCCESS) + fprintf(stderr,"Password NOT changed.\n"); + else + printf("Password changed.\n"); + + dest_tkt(); + if (status) + return 2; + else + return 0; +} diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c new file mode 100644 index 0000000..108481c --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil.c @@ -0,0 +1,601 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * list and update contents of srvtab files + */ + +/* + * ksrvutil + * list and update the contents of srvtab files + */ + +#include "kadm_locl.h" + +RCSID("$Id: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $"); + +#include "ksrvutil.h" + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else /* NOENCRYPTION */ +#define read_long_pw_string des_read_pw_string +#endif /* NOENCRYPTION */ + +#define SRVTAB_MODE 0600 /* rw------- */ +#define PAD " " +#define VNO_HEADER "Version" +#define VNO_FORMAT "%4d " +#define KEY_HEADER " Key " /* 17 characters long */ +#define PRINC_HEADER " Principal\n" +#define PRINC_FORMAT "%s" + +char u_name[ANAME_SZ]; +char u_inst[INST_SZ]; +char u_realm[REALM_SZ]; + +int destroyp = FALSE; /* Should the ticket file be destroyed? */ + +static unsigned short +get_mode(char *filename) +{ + struct stat statbuf; + unsigned short mode; + + memset(&statbuf, 0, sizeof(statbuf)); + + if (stat(filename, &statbuf) < 0) + mode = SRVTAB_MODE; + else + mode = statbuf.st_mode; + + return(mode); +} + +static void +copy_keyfile(char *keyfile, char *backup_keyfile) +{ + int keyfile_fd; + int backup_keyfile_fd; + int keyfile_mode; + char buf[BUFSIZ]; /* for copying keyfiles */ + int rcount; /* for copying keyfiles */ + int try_again; + + memset(buf, 0, sizeof(buf)); + + do { + try_again = FALSE; + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) + err (1, "read %s", keyfile); + else { + try_again = TRUE; + if ((keyfile_fd = + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) + err(1, "create %s", keyfile); + else + if (close(keyfile_fd) < 0) + err (1, "close %s", keyfile); + } + } + } while(try_again); + + keyfile_mode = get_mode(keyfile); + + if ((backup_keyfile_fd = + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) + err (1, "write %s", backup_keyfile); + do { + if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0) + err (1, "read %s", keyfile); + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) + err (1, "write %s", backup_keyfile); + } while (rcount); + if (close(backup_keyfile_fd) < 0) + err(1, "close %s", backup_keyfile); + if (close(keyfile_fd) < 0) + err(1, "close %s", keyfile); +} + +void +leave(char *str, int x) +{ + if (str) + fprintf(stderr, "%s\n", str); + if (destroyp) + dest_tkt(); + exit(x); +} + +void +safe_read_stdin(char *prompt, char *buf, size_t size) +{ + printf("%s", prompt); + fflush(stdout); + memset(buf, 0, size); + if (read(0, buf, size - 1) < 0) { + warn("read stdin"); + leave(NULL, 1); + } + buf[strlen(buf)-1] = 0; +} + +void +safe_write(char *filename, int fd, void *buf, size_t len) +{ + if (write(fd, buf, len) != len) { + warn("write %s", filename); + close(fd); + leave("In progress srvtab in this file.", 1); + } +} + +static int +yes_no(char *string, int dflt) +{ + char ynbuf[5]; + + printf("%s (y,n) [%c]", string, dflt?'y':'n'); + for (;;) { + safe_read_stdin("", ynbuf, sizeof(ynbuf)); + + if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) + return(0); + else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y')) + return(1); + else if(ynbuf[0] == 0) + return dflt; + else { + printf("Please enter 'y' or 'n': "); + fflush(stdout); + } + } +} + +int yn(char *string) +{ + return yes_no(string, 1); +} + +int ny(char *string) +{ + return yes_no(string, 0); +} + +static void +append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key) +{ + /* Add one to append null */ + safe_write(filename, fd, sname, strlen(sname) + 1); + safe_write(filename, fd, sinst, strlen(sinst) + 1); + safe_write(filename, fd, srealm, strlen(srealm) + 1); + safe_write(filename, fd, &key_vno, 1); + safe_write(filename, fd, key, sizeof(des_cblock)); + fsync(fd); +} + +static void +print_key(unsigned char *key) +{ + int i; + + for (i = 0; i < 4; i++) + printf("%02x", key[i]); + printf(" "); + for (i = 4; i < 8; i++) + printf("%02x", key[i]); +} + +static void +print_name(char *name, char *inst, char *realm) +{ + printf("%s", krb_unparse_name_long(name, inst, realm)); +} + +static int +get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, + char *srealm, char *keyfile) +{ + int status = KADM_SUCCESS; + + if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, + KADM_SINST, 1, keyfile)) == KSUCCESS) && + ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) == + KADM_SUCCESS)) { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + (*new_key)[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + des_new_random_key(new_key); +#endif /* NOENCRYPTION */ + return(KADM_SUCCESS); + } + + return(status); +} + +static void +get_key_from_password(des_cblock (*key), char *cellname) +{ + char password[MAX_KPW_LEN]; /* storage for the password */ + + if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) + leave("Error reading password.", 1); + +#ifdef NOENCRYPTION + memset(key, 0, sizeof(des_cblock)); + (*key)[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + if (strlen(cellname) == 0) + des_string_to_key(password, key); + else + afs_string_to_key(password, cellname, key); +#endif /* NOENCRYPTION */ + memset(password, 0, sizeof(password)); +} + +static void +usage(void) +{ + fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); + fprintf(stderr, "[-p principal] [-r realm] "); + fprintf(stderr, "[-c AFS cellname] "); + fprintf(stderr, "{list | change | add | get}\n"); + fprintf(stderr, " -i causes the program to ask for "); + fprintf(stderr, "confirmation before changing keys.\n"); + fprintf(stderr, " -k causes the key to printed for list or "); + fprintf(stderr, "change.\n"); + exit(1); +} + +int +main(int argc, char **argv) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + unsigned char key_vno; /* key version number */ + int status; /* general purpose error status */ + des_cblock new_key; + des_cblock old_key; + char change_tkt[MaxPathLen]; /* Ticket to use for key change */ + char keyfile[MaxPathLen]; /* Original keyfile */ + char work_keyfile[MaxPathLen]; /* Working copy of keyfile */ + char backup_keyfile[MaxPathLen]; /* Backup copy of keyfile */ + unsigned short keyfile_mode; /* Protections on keyfile */ + int work_keyfile_fd = -1; /* Initialize so that */ + int backup_keyfile_fd = -1; /* compiler doesn't complain */ + char local_realm[REALM_SZ]; /* local kerberos realm */ + char cellname[1024]; /* AFS cell name */ + int c; + int interactive = FALSE; + int list = FALSE; + int change = FALSE; + int add = FALSE; + int get = FALSE; + int key = FALSE; /* do we show keys? */ + int arg_entered = FALSE; + int change_this_key = FALSE; + char databuf[BUFSIZ]; + int first_printed = FALSE; /* have we printed the first item? */ + + memset(sname, 0, sizeof(sname)); + memset(sinst, 0, sizeof(sinst)); + memset(srealm, 0, sizeof(srealm)); + + memset(change_tkt, 0, sizeof(change_tkt)); + memset(keyfile, 0, sizeof(keyfile)); + memset(work_keyfile, 0, sizeof(work_keyfile)); + memset(backup_keyfile, 0, sizeof(backup_keyfile)); + memset(local_realm, 0, sizeof(local_realm)); + memset(cellname, 0, sizeof(cellname)); + + set_progname (argv[0]); + + if (krb_get_default_principal(u_name, u_inst, u_realm) < 0) + errx (1, "could not get default principal"); + + /* This is used only as a default for adding keys */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, KRB_REALM); + + while((c = getopt(argc, argv, "ikc:f:p:r:")) != EOF) { + switch (c) { + case 'i': + interactive++; + break; + case 'k': + key++; + break; + case 'c': + strcpy(cellname, optarg); + break; + case 'f': + strcpy(keyfile, optarg); + break; + case 'p': + if((status = kname_parse (u_name, u_inst, u_realm, optarg)) != + KSUCCESS) + errx (1, "principal %s: %s", optarg, + krb_get_err_text(status)); + break; + case 'r': + strcpy(u_realm, optarg); + break; + case '?': + usage(); + } + } + if (optind >= argc) + usage(); + if (*u_realm == '\0') + strcpy (u_realm, local_realm); + if (strcmp(argv[optind], "list") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + list++; + } + } + else if (strcmp(argv[optind], "change") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + change++; + } + } + else if (strcmp(argv[optind], "add") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + add++; + } + } + else if (strcmp(argv[optind], "get") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + get++; + } + } + else + usage(); + ++optind; + + if (!arg_entered) + usage(); + + if (!keyfile[0]) + strcpy(keyfile, KEYFILE); + + strcpy(work_keyfile, keyfile); + strcpy(backup_keyfile, keyfile); + + if (change || add || get) { + strcat(work_keyfile, ".work"); + strcat(backup_keyfile, ".old"); + + copy_keyfile(keyfile, backup_keyfile); + } + + if (add || get) + copy_keyfile(backup_keyfile, work_keyfile); + + keyfile_mode = get_mode(keyfile); + + if (change || list) + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) + err (1, "open %s", backup_keyfile); + + if (change) { + if ((work_keyfile_fd = + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) + err (1, "creat %s", work_keyfile); + } + else if (add) { + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) + err (1, "open with append %s", work_keyfile ); + } + else if (get) { + if ((work_keyfile_fd = + open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0) + err (1, "open for writing %s", work_keyfile); + } + + if (change || list) { + while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && + (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && + (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && + (read(backup_keyfile_fd, &key_vno, 1) > 0) && + (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) { + if (list) { + if (!first_printed) { + printf(VNO_HEADER); + printf(PAD); + if (key) { + printf(KEY_HEADER); + printf(PAD); + } + printf(PRINC_HEADER); + first_printed = 1; + } + printf(VNO_FORMAT, key_vno); + printf(PAD); + if (key) { + print_key(old_key); + printf(PAD); + } + print_name(sname, sinst, srealm); + printf("\n"); + } + else if (change) { + snprintf(change_tkt, sizeof(change_tkt), + TKT_ROOT "_ksrvutil.%u", + (unsigned)getpid()); + krb_set_tkt_string(change_tkt); + destroyp = TRUE; + + printf("\nPrincipal: "); + print_name(sname, sinst, srealm); + printf("; version %d\n", key_vno); + if (interactive) + change_this_key = yn("Change this key?"); + else if (change) + change_this_key = 1; + else + change_this_key = 0; + + if (change_this_key) + printf("Changing to version %d.\n", key_vno + 1); + else if (change) + printf("Not changing this key.\n"); + + if (change_this_key) { + /* + * This is not a good choice of seed when/if the + * key has been compromised so we also use a + * random sequence number! + */ + des_init_random_number_generator(&old_key); + { + des_cblock seqnum; + des_generate_random_block(&seqnum); + des_set_sequence_number((unsigned char *)&seqnum); + } + /* + * Pick a new key and determine whether or not + * it is safe to change + */ + if ((status = + get_svc_new_key(&new_key, sname, sinst, + srealm, keyfile)) == KADM_SUCCESS) + key_vno++; + else { + memcpy(new_key, old_key, sizeof(new_key)); + warnx ("Key NOT changed: %s\n", + krb_get_err_text(status)); + change_this_key = FALSE; + } + } + else + memcpy(new_key, old_key, sizeof(new_key)); + append_srvtab(work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + if (key && change_this_key) { + printf("Old key: "); + print_key(old_key); + printf("; new key: "); + print_key(new_key); + printf("\n"); + } + if (change_this_key) { + if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { + printf("Key changed.\n"); + dest_tkt(); + } + else { + com_err(__progname, status, + " attempting to change password."); + dest_tkt(); + /* XXX This knows the format of a keyfile */ + if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) { + key_vno--; + safe_write(work_keyfile, + work_keyfile_fd, &key_vno, 1); + safe_write(work_keyfile, work_keyfile_fd, + old_key, sizeof(des_cblock)); + fsync(work_keyfile_fd); + fprintf(stderr,"Key NOT changed.\n"); + } else { + warn ("Unable to revert keyfile"); + leave("", 1); + } + } + } + } + memset(old_key, 0, sizeof(des_cblock)); + memset(new_key, 0, sizeof(des_cblock)); + } + } + else if (add) { + do { + do { + safe_read_stdin("Name: ", databuf, sizeof(databuf)); + strncpy(sname, databuf, sizeof(sname) - 1); + if (strchr(sname, '.') != 0) { + strcpy(sinst, strchr(sname, '.') + 1); + *(strchr(sname, '.')) = 0; + } else { + safe_read_stdin("Instance: ", databuf, sizeof(databuf)); + strncpy(sinst, databuf, sizeof(sinst) - 1); + } + safe_read_stdin("Realm: ", databuf, sizeof(databuf)); + strncpy(srealm, databuf, sizeof(srealm) - 1); + safe_read_stdin("Version number: ", databuf, sizeof(databuf)); + key_vno = atoi(databuf); + if (key_vno == 0) + key_vno = 1; /* Version numbers are never 0 */ + if (!srealm[0]) + strcpy(srealm, local_realm); + printf("New principal: "); + print_name(sname, sinst, srealm); + printf("; version %d\n", key_vno); + } while (!yn("Is this correct?")); + get_key_from_password(&new_key, cellname); + if (key) { + printf("Key: "); + print_key(new_key); + printf("\n"); + } + append_srvtab(work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + printf("Key successfully added.\n"); + } while (yn("Would you like to add another key?")); + } + else if (get) { + ksrvutil_get(work_keyfile_fd, work_keyfile, + argc - optind, argv + optind); + } + + if (change || list) + if (close(backup_keyfile_fd) < 0) + warn ("close %s", backup_keyfile); + + if (change || add || get) { + if (close(work_keyfile_fd) < 0) + err (1, "close %s", work_keyfile); + if (rename(work_keyfile, keyfile) < 0) + err (1, "rename(%s, %s)", work_keyfile, keyfile); + chmod(backup_keyfile, keyfile_mode); + chmod(keyfile, keyfile_mode); + printf("Old keyfile in %s.\n", backup_keyfile); + } + return 0; +} diff --git a/crypto/kerberosIV/kadmin/ksrvutil.h b/crypto/kerberosIV/kadmin/ksrvutil.h new file mode 100644 index 0000000..64e2fe4 --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $ + * + */ + +extern char u_name[], u_inst[], u_realm[]; +extern int destroyp; + +void leave(char *str, int x); +void safe_read_stdin(char *prompt, char *buf, size_t size); +void safe_write(char *filename, int fd, void *buf, size_t len); + +int yn(char *string); +int ny(char *string); + +void ksrvutil_get(int fd, char *filename, int argc, char **argv); diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c new file mode 100644 index 0000000..7b97d35 --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c @@ -0,0 +1,400 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" +#include "ksrvutil.h" + +RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $"); + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +static char tktstring[128]; + +static int +princ_exists(char *name, char *instance, char *realm) +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +static int +get_admin_password(char *myname, char *myinst, char *myrealm) +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ + char buf[1024]; + CREDENTIALS c; + + if (princ_exists(myname, myinst, myrealm) != PE_NO) { + snprintf(buf, sizeof(buf), "Password for %s: ", + krb_unparse_name_long (myname, myinst, myrealm)); + if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1, + buf, 0)) { + fprintf(stderr, "Error reading admin password.\n"); + goto bad; + } + status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, + KADM_SINST, ticket_life, admin_passwd); + memset(admin_passwd, 0, sizeof(admin_passwd)); + + /* Initialize non shared random sequence from session key. */ + memset(&c, 0, sizeof(c)); + krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); + des_init_random_number_generator(&c.session); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s does not exist.\n", + krb_unparse_name_long(myname, myinst, myrealm)); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + +bad: + memset(admin_passwd, 0, sizeof(admin_passwd)); + dest_tkt(); + return(BAD_PW); +} + +static void +srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm, + int8_t kvno, des_cblock key) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + int8_t skvno; + des_cblock skey; + + lseek(fd, 0, SEEK_SET); + + while(getst(fd, sname, SNAME_SZ) > 0 && + getst(fd, sinst, INST_SZ) > 0 && + getst(fd, srealm, REALM_SZ) > 0 && + read(fd, &skvno, sizeof(skvno)) > 0 && + read(fd, skey, sizeof(skey)) > 0) { + if(strcmp(name, sname) == 0 && + strcmp(inst, sinst) == 0 && + strcmp(realm, srealm) == 0) { + lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET); + safe_write(filename, fd, &kvno, sizeof(kvno)); + safe_write(filename, fd, key, sizeof(des_cblock)); + return; + } + } + safe_write(filename, fd, name, strlen(name) + 1); + safe_write(filename, fd, inst, strlen(inst) + 1); + safe_write(filename, fd, realm, strlen(realm) + 1); + safe_write(filename, fd, &kvno, sizeof(kvno)); + safe_write(filename, fd, key, sizeof(des_cblock)); +} + +/* + * node list of services + */ + +struct srv_ent{ + char name[SNAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + struct srv_ent *next; +}; + +static int +key_to_key(char *user, char *instance, char *realm, void *arg, + des_cblock *key) +{ + memcpy(key, arg, sizeof(des_cblock)); + return 0; +} + +static void +get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm) +{ + char chname[128]; + des_cblock newkey; + char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen]; + char garbage_name[ANAME_SZ]; + char garbage_inst[ANAME_SZ]; + CREDENTIALS c; + u_int8_t kvno; + Kadm_vals values; + int ret; + + strncpy(chname, krb_get_phost(inst), sizeof(chname)); + if(strcmp(inst, chname)) + fprintf(stderr, + "Warning: Are you sure `%s' should not be `%s'?\n", + inst, chname); + + memset(&values, 0, sizeof(values)); + strcpy(values.name, name); + strcpy(values.instance, inst); + des_new_random_key(&newkey); + values.key_low = (newkey[0] << 24) | (newkey[1] << 16) + | (newkey[2] << 8) | (newkey[3] << 0); + values.key_high = (newkey[4] << 24) | (newkey[5] << 16) + | (newkey[6] << 8) | (newkey[7] << 0); + + SET_FIELD(KADM_NAME,values.fields); + SET_FIELD(KADM_INST,values.fields); + SET_FIELD(KADM_DESKEY,values.fields); + + ret = kadm_mod(&values, &values); + if(ret == KADM_NOENTRY) + ret = kadm_add(&values); + if (ret != KSUCCESS) { + warnx ("Couldn't get srvtab entry for %s.%s: %s", + name, inst, error_message(ret)); + return; + } + + values.key_low = values.key_high = 0; + + /* get the key version number */ + + strcpy(old_tktfile, tkt_string()); + snprintf(new_tktfile, sizeof(new_tktfile), + TKT_ROOT "_ksrvutil-get.%u", + (unsigned)getpid()); + krb_set_tkt_string(new_tktfile); + + ret = krb_get_in_tkt(name, inst, realm, name, inst, + 1, key_to_key, NULL, &newkey); + + if (ret == KSUCCESS && + (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS && + (ret = tf_get_pname(garbage_name)) == KSUCCESS && + (ret = tf_get_pinst(garbage_inst)) == KSUCCESS && + (ret = tf_get_cred(&c)) == KSUCCESS) + kvno = c.kvno; + else { + warnx ("Could not find the cred in the ticket file"); + return; + } + + tf_close(); + krb_set_tkt_string(old_tktfile); + unlink(new_tktfile); + + if(ret != KSUCCESS) { + memset(&newkey, 0, sizeof(newkey)); + warnx ("Could not get a ticket for %s: %s\n", + krb_unparse_name_long(name, inst, realm), + krb_get_err_text(ret)); + return; + } + + /* Write the new key & c:o to the srvtab file */ + + srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey); + memset(&newkey, 0, sizeof(newkey)); + + fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm)); +} + +static void +ksrvutil_kadm(int fd, char *filename, struct srv_ent *p) +{ + int ret; + CREDENTIALS c; + + ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm); + if (ret != KADM_SUCCESS) { + warnx("Couldn't initialize kadmin link: %s", error_message(ret)); + leave(NULL, 1); + } + + ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); + if (ret == KSUCCESS) + des_init_random_number_generator (&c.session); + else { + umask(077); + + /* + * create ticket file and get admin tickets + */ + snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid()); + krb_set_tkt_string(tktstring); + destroyp = TRUE; + + ret = get_admin_password(u_name, u_inst, u_realm); + if (ret) { + warnx("Couldn't get admin password."); + leave(NULL, 1); + } + } + for(;p;){ + get_srvtab_ent(fd, filename, p->name, p->inst, p->realm); + p=p->next; + } + unlink(tktstring); +} + +static void +parseinput (char *result, size_t sz, char *val, char *def) +{ + char *lim; + int inq; + + if (val[0] == '\0') { + strncpy (result, def, sz-1); + return; + } + lim = result + sz - 1; + inq = 0; + while(*val && result < lim) { + switch(*val) { + case '\'' : + inq = !inq; + ++val; + break; + case '\\' : + if(!inq) + val++; + default: + *result++ = *val++; + break; + } + } + *result = '\0'; +} + +void +ksrvutil_get(int fd, char *filename, int argc, char **argv) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + char databuf[BUFSIZ]; + char local_hostname[100]; + char prompt[100]; + struct srv_ent *head=NULL; + int i; + + k_gethostname(local_hostname, sizeof(local_hostname)); + strcpy(local_hostname, krb_get_phost(local_hostname)); + + if (argc) + for(i=0; i < argc; ++i) { + struct srv_ent *p=malloc(sizeof(*p)); + + if(p == NULL) { + warnx ("out of memory in malloc"); + leave(NULL,1); + } + p->next = head; + strcpy (p->realm, u_realm); + if (kname_parse (p->name, p->inst, p->realm, argv[i]) != + KSUCCESS) { + warnx ("parse error on '%s'\n", argv[i]); + free(p); + continue; + } + if (p->name[0] == '\0') + strcpy(p->name, "rcmd"); + if (p->inst[0] == '\0') + strcpy(p->inst, local_hostname); + if (p->realm[0] == '\0') + strcpy(p->realm, u_realm); + head = p; + } + + else + do{ + safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf)); + parseinput (sname, sizeof(sname), databuf, "rcmd"); + + snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname); + safe_read_stdin(prompt, databuf, sizeof(databuf)); + parseinput (sinst, sizeof(sinst), databuf, local_hostname); + + snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm); + safe_read_stdin(prompt, databuf, sizeof(databuf)); + parseinput (srealm, sizeof(srealm), databuf, u_realm); + + if(yn("Is this correct?")){ + struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent)); + p->next=head; + head=p; + strcpy(p->name, sname); + strcpy(p->inst, sinst); + strcpy(p->realm, srealm); + } + }while(ny("Add more keys?")); + + + ksrvutil_kadm(fd, filename, head); + + { + struct srv_ent *p=head, *q; + while(p){ + q=p; + p=p->next; + free(q); + } + } + +} diff --git a/crypto/kerberosIV/kadmin/new_pwd.c b/crypto/kerberosIV/kadmin/new_pwd.c new file mode 100644 index 0000000..88fb7a9 --- /dev/null +++ b/crypto/kerberosIV/kadmin/new_pwd.c @@ -0,0 +1,146 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" + +RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $"); + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + +static char * +check_pw (char *pword) +{ + if (strlen(pword) == 0) + return "Null passwords are not allowed - Please enter a longer password."; + + if (strlen(pword) < MIN_KPW_LEN) + return "Password is to short - Please enter a longer password."; + + /* Don't allow all lower case passwords regardless of length */ + { + char *t; + for (t = pword; *t && islower(*t); t++) + ; + if (*t == 0) + return "Please don't use an all-lower case password.\n" + "\tUnusual capitalization, delimiter characters or " + "digits are suggested."; + } + + return NULL; +} + +int +get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm) +{ + char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + + char p[MAX_K_NAME_SZ]; + + char local_realm[REALM_SZ]; + int status; + char *expl; + + /* + * We don't care about failure; this is to determine whether or + * not to print the realm in the prompt for a new password. + */ + krb_get_lrealm(local_realm, 1); + + if (strcmp(local_realm, pr->realm)) + print_realm++; + + { + char *q; + krb_unparse_name_r(pr, p); + if(print_realm == 0 && (q = strrchr(p, '@'))) + *q = 0; + } + + snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p); + if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) { + fprintf(stderr, "Error reading old password.\n"); + return -1; + } + + status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, + PWSERV_NAME, KADM_SINST, 1, pword); + if (status != KSUCCESS) { + if (status == INTK_BADPW) { + printf("Incorrect old password.\n"); + return -1; + } + else { + fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status)); + return -1; + } + } + memset(pword, 0, pwlen); + + do { + char verify[MAX_KPW_LEN]; + snprintf(npromp, sizeof(npromp), "New Password for %s:",p); + if (read_long_pw_string(pword, pwlen-1, npromp, 0)) { + fprintf(stderr, + "Error reading new password, password unchanged.\n"); + return -1; + } + expl = check_pw (pword); + if (expl) { + printf("\n\t%s\n\n", expl); + continue; + } + /* Now we got an ok password, verify it. */ + snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p); + if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) { + fprintf(stderr, + "Error reading new password, password unchanged.\n"); + return -1; + } + if (strcmp(pword, verify) != 0) { + printf("Verify failure - try again\n"); + expl = ""; /* continue */ + } + } while (expl); + return 0; +} diff --git a/crypto/kerberosIV/kadmin/pw_check.c b/crypto/kerberosIV/kadmin/pw_check.c new file mode 100644 index 0000000..ac6912b --- /dev/null +++ b/crypto/kerberosIV/kadmin/pw_check.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" + +RCSID("$Id: pw_check.c,v 1.13 1997/04/01 08:17:50 joda Exp $"); + +/* + * kadm_pw_check + * + * pw : new password or "" if none passed + * newkey : key for pw as passed from client + * strings : interesting strings to check for + * + * returns NULL if pw is ok, else an explanatory string + */ +int +kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg, + char **strings) +{ + des_cblock pwkey; + int status=KADM_SUCCESS; + + if (pw == NULL || *pw == '\0') + return status; /* XXX - Change this later */ + +#ifndef NO_PW_CHECK + *pw_msg = NULL; + des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */ + if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0) + { + /* no password or bad key */ + status=KADM_PW_MISMATCH; + *pw_msg = "Password doesn't match supplied DES key"; + } + else if (strlen(pw) < MIN_KPW_LEN) + { + status = KADM_INSECURE_PW; + *pw_msg="Password is too short"; + } + +#ifdef DICTPATH + *pw_msg = FascistCheck(pw, DICTPATH, strings); + if (*pw_msg) + return KADM_INSECURE_PW; +#endif + + memset(pwkey, 0, sizeof(pwkey)); +#endif + + return status; +} diff --git a/crypto/kerberosIV/kadmin/pw_check.h b/crypto/kerberosIV/kadmin/pw_check.h new file mode 100644 index 0000000..c5a5d69 --- /dev/null +++ b/crypto/kerberosIV/kadmin/pw_check.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: pw_check.h,v 1.6 1997/04/01 08:17:50 joda Exp $ + */ + +int kadm_pw_check(char *pw, des_cblock *newkey, + char **pw_msg, char **strings); + diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in new file mode 100644 index 0000000..aff8c19 --- /dev/null +++ b/crypto/kerberosIV/kuser/Makefile.in @@ -0,0 +1,92 @@ +# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir = .. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +KRB_KAFS_LIB = @KRB_KAFS_LIB@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +libdir = @libdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kinit$(EXECSUFFIX) \ + kdestroy$(EXECSUFFIX) \ + klist$(EXECSUFFIX) + +SOURCES = kinit.c kdestroy.c klist.c + +OBJECTS = kinit.o kdestroy.o klist.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/krb -lkrb -L../lib/des -ldes +LIBROKEN=-L../lib/roken -lroken + +kinit$(EXECSUFFIX): kinit.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kdestroy$(EXECSUFFIX): kdestroy.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +klist$(EXECSUFFIX): klist.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +# su move to appl/bsd + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c new file mode 100644 index 0000000..2fe36c3 --- /dev/null +++ b/crypto/kerberosIV/kuser/kdestroy.c @@ -0,0 +1,72 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * This program causes Kerberos tickets to be destroyed. + * Options are: + * + * -q[uiet] - no bell even if tickets not destroyed + * -f[orce] - no message printed at all + * -t - do not destroy tokens + */ + +#include "kuser_locl.h" +#include + +RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $"); + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + int fflag=0, tflag = 0, k_errno; + int c; + + set_progname(argv[0]); + + while((c = getopt(argc, argv, "fqt")) >= 0){ + switch(c){ + case 'f': + case 'q': + fflag++; + break; + case 't': + tflag++; + break; + default: + usage(); + } + } + if(argc - optind > 0) + usage(); + + k_errno = dest_tkt(); + + if(!tflag && k_hasafs()) + k_unlog(); + + if (fflag) { + if (k_errno != 0 && k_errno != RET_TKFIL) + exit(1); + else + exit(0); + } else { + if (k_errno == 0) + printf("Tickets destroyed.\n"); + else if (k_errno == RET_TKFIL) + printf("No tickets to destroy.\n"); + else { + printf("Tickets NOT destroyed.\n"); + exit(1); + } + } + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c new file mode 100644 index 0000000..64910b9 --- /dev/null +++ b/crypto/kerberosIV/kuser/kinit.c @@ -0,0 +1,158 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Routine to initialize user to Kerberos. Prompts optionally for + * user, instance and realm. Authenticates user and gets a ticket + * for the Kerberos ticket-granting service for future use. + * + * Options are: + * + * -i[instance] + * -r[realm] + * -v[erbose] + * -l[ifetime] + * -p + */ + +#include "kuser_locl.h" + +RCSID("$Id: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $"); + +#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */ +#define CHPASSLIFE 2 + +static void +get_input(char *s, int size, FILE *stream) +{ + char *p; + + if (fgets(s, size, stream) == NULL) + exit(1); + if ( (p = strchr(s, '\n')) != NULL) + *p = '\0'; +} + + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + char buf[MaxHostNameLen]; + char name[MAX_K_NAME_SZ]; + char *username = NULL; + int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno; + int i; + + set_progname (argv[0]); + + *inst = *realm = '\0'; + iflag = rflag = vflag = lflag = pflag = 0; + lifetime = LIFE; + set_progname(argv[0]); + + while (--argc) { + if ((*++argv)[0] != '-') { + if (username) + usage(); + username = *argv; + continue; + } + for (i = 1; (*argv)[i] != '\0'; i++) + switch ((*argv)[i]) { + case 'i': /* Instance */ + ++iflag; + continue; + case 'r': /* Realm */ + ++rflag; + continue; + case 'v': /* Verbose */ + ++vflag; + continue; + case 'l': + ++lflag; + continue; + case 'p': + ++pflag; /* chpass-tickets */ + lifetime = CHPASSLIFE; + break; + default: + usage(); + } + } + if (username && + (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) { + warnx("%s", krb_get_err_text(k_errno)); + iflag = rflag = 1; + username = NULL; + } + if (k_gethostname(buf, MaxHostNameLen)) + err(1, "k_gethostname failed"); + printf("%s (%s)\n", ORGANIZATION, buf); + if (username) { + printf("Kerberos Initialization for \"%s", aname); + if (*inst) + printf(".%s", inst); + if (*realm) + printf("@%s", realm); + printf("\"\n"); + } else { + printf("Kerberos Initialization\n"); + printf("Kerberos name: "); + get_input(name, sizeof(name), stdin); + if (!*name) + return 0; + if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS ) + errx(1, "%s", krb_get_err_text(k_errno)); + } + /* optional instance */ + if (iflag) { + printf("Kerberos instance: "); + get_input(inst, sizeof(inst), stdin); + if (!k_isinst(inst)) + errx(1, "bad Kerberos instance format"); + } + if (rflag) { + printf("Kerberos realm: "); + get_input(realm, sizeof(realm), stdin); + if (!k_isrealm(realm)) + errx(1, "bad Kerberos realm format"); + } + if (lflag) { + printf("Kerberos ticket lifetime (minutes): "); + get_input(buf, sizeof(buf), stdin); + lifetime = atoi(buf); + if (lifetime < 5) + lifetime = 1; + else + lifetime = krb_time_to_life(0, lifetime*60); + /* This should be changed if the maximum ticket lifetime */ + /* changes */ + if (lifetime > 255) + lifetime = 255; + } + if (!*realm && krb_get_lrealm(realm, 1)) + errx(1, "krb_get_lrealm failed"); + k_errno = krb_get_pw_in_tkt(aname, inst, realm, + pflag ? PWSERV_NAME : + KRB_TICKET_GRANTING_TICKET, + pflag ? KADM_SINST : realm, + lifetime, 0); + if (vflag) { + printf("Kerberos realm %s:\n", realm); + printf("%s\n", krb_get_err_text(k_errno)); + } else if (k_errno) + errx(1, "%s", krb_get_err_text(k_errno)); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c new file mode 100644 index 0000000..faf7d6b --- /dev/null +++ b/crypto/kerberosIV/kuser/klist.c @@ -0,0 +1,314 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Lists your current Kerberos tickets. + * Written by Bill Sommerfeld, MIT Project Athena. + */ + +#include "kuser_locl.h" + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif + +#ifdef HAVE_SYS_IOCCOM_H +#include +#endif + +#include + +RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $"); + +static int option_verbose = 0; + +static char * +short_date(int32_t dp) +{ + char *cp; + time_t t = (time_t)dp; + + if (t == (time_t)(-1L)) return "*** Never *** "; + cp = ctime(&t) + 4; + cp[15] = '\0'; + return (cp); +} + +static void +display_tktfile(char *file, int tgt_test, int long_form) +{ + krb_principal pr; + char buf1[20], buf2[20]; + int k_errno; + CREDENTIALS c; + int header = 1; + + if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) + file = TKT_FILE; + + if (long_form) + printf("Ticket file: %s\n", file); + + /* + * Since krb_get_tf_realm will return a ticket_file error, + * we will call tf_init and tf_close first to filter out + * things like no ticket file. Otherwise, the error that + * the user would see would be + * klist: can't find realm of ticket file: No ticket file (tf_util) + * instead of + * klist: No ticket file (tf_util) + */ + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Close ticket file */ + tf_close(); + + /* + * We must find the realm of the ticket file here before calling + * tf_init because since the realm of the ticket file is not + * really stored in the principal section of the file, the + * routine we use must itself call tf_init and tf_close. + */ + if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) { + if (!tgt_test) + warnx("can't find realm of ticket file: %s", + krb_get_err_text(k_errno)); + exit(1); + } + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Get principal name and instance */ + if ((k_errno = tf_get_pname(pr.name)) || + (k_errno = tf_get_pinst(pr.instance))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + + /* + * You may think that this is the obvious place to get the + * realm of the ticket file, but it can't be done here as the + * routine to do this must open the ticket file. This is why + * it was done before tf_init. + */ + + if (!tgt_test && long_form) + printf("Principal:\t%s\n\n", krb_unparse_name(&pr)); + while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { + if (!tgt_test && long_form && header) { + printf("%-15s %-15s %s%s\n", + " Issued", " Expires", " Principal", + option_verbose ? " (kvno)" : ""); + header = 0; + } + if (tgt_test) { + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) && + !strcmp(c.instance, pr.realm)) { + if (time(0) < c.issue_date) + exit(0); /* tgt hasn't expired */ + else + exit(1); /* has expired */ + } + continue; /* not a tgt */ + } + if (long_form) { + strcpy(buf1, short_date(c.issue_date)); + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (time(0) < (unsigned long) c.issue_date) + strcpy(buf2, short_date(c.issue_date)); + else + strcpy(buf2, ">>> Expired <<<"); + printf("%s %s ", buf1, buf2); + } + printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm)); + if(long_form && option_verbose) + printf(" (%d)", c.kvno); + printf("\n"); + } + if (tgt_test) + exit(1); /* no tgt found */ + if (header && long_form && k_errno == EOF) { + printf("No tickets in file.\n"); + } +} + +/* adapted from getst() in librkb */ +/* + * ok_getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. ok_getst() returns the number of characters read, including + * the null terminator. + * + * If there is a read error, it returns -1 (like the read(2) system call) + */ + +static int +ok_getst(int fd, char *s, int n) +{ + int count = n; + int err; + while ((err = read(fd, s, 1)) > 0 && --count) + if (*s++ == '\0') + return (n - count); + if (err < 0) + return(-1); + *s = '\0'; + return (n - count); +} + +static void +display_tokens() +{ + u_int32_t i; + unsigned char t[128]; + struct ViceIoctl parms; + struct ClearToken ct; + int size_secret_tok, size_public_tok; + + parms.in = (void *)&i; + parms.in_size = sizeof(i); + parms.out = (void *)t; + parms.out_size = sizeof(t); + + for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { + char *cell; + memcpy(&size_secret_tok, t, 4); + memcpy(&size_public_tok, t + 4 + size_secret_tok, 4); + memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok); + cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4; + + printf("%-15s ", short_date(ct.BeginTimestamp)); + printf("%-15s ", short_date(ct.EndTimestamp)); + if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) + printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); + else + printf("Tokens for %s", cell); + if (option_verbose) + printf(" (%d)", ct.AuthHandle); + putchar('\n'); + } +} + +static void +display_srvtab(char *file) +{ + int stab; + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char key[8]; + unsigned char vno; + int count; + + printf("Server key file: %s\n", file); + + if ((stab = open(file, O_RDONLY, 0400)) < 0) { + perror(file); + exit(1); + } + printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", + "Key Version"); + printf("------------------------------------------------------\n"); + + /* argh. getst doesn't return error codes, it silently fails */ + while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) + && ((count = ok_getst(stab, inst, INST_SZ)) > 0) + && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { + if (((count = read(stab, &vno,1)) != 1) || + ((count = read(stab, key,8)) != 8)) { + if (count < 0) + err(1, "reading from key file"); + else + errx(1, "key file truncated"); + } + printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); + } + if (count < 0) + warn(file); + close(stab); +} + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n", + __progname); + exit(1); +} + +/* ARGSUSED */ +int +main(int argc, char **argv) +{ + int long_form = 1; + int tgt_test = 0; + int do_srvtab = 0; + int do_tokens = 0; + char *tkt_file = NULL; + + set_progname(argv[0]); + + while (*(++argv)) { + if (!strcmp(*argv, "-v")) { + option_verbose = 1; + continue; + } + if (!strcmp(*argv, "-s")) { + long_form = 0; + continue; + } + if (!strcmp(*argv, "-t")) { + tgt_test = 1; + long_form = 0; + continue; + } + if (strcmp(*argv, "-tokens") == 0 + || strcmp(*argv, "-T") == 0) { + do_tokens = k_hasafs(); + continue; + } + if (!strcmp(*argv, "-l")) { /* now default */ + continue; + } + if (!strncmp(*argv, "-f", 2)) { + if (*(++argv)) { + tkt_file = *argv; + continue; + } else + usage(); + } + if (!strcmp(*argv, "-srvtab")) { + if (tkt_file == NULL) /* if no other file spec'ed, + set file to default srvtab */ + tkt_file = KEYFILE; + do_srvtab = 1; + continue; + } + usage(); + } + + if (do_srvtab) + display_srvtab(tkt_file); + else + display_tktfile(tkt_file, tgt_test, long_form); + if (long_form && do_tokens) + display_tokens(); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h new file mode 100644 index 0000000..514a0ac --- /dev/null +++ b/crypto/kerberosIV/kuser/kuser_locl.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#ifdef HAVE_SYS_FILE_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_PWD_H +#include +#endif + +#ifdef SOCKS +#include +#endif + +#include + +#include + +#include +#include +#include +#include diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in new file mode 100644 index 0000000..b2e662c --- /dev/null +++ b/crypto/kerberosIV/lib/Makefile.in @@ -0,0 +1,46 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $ +# + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +SUBDIRS = des krb kdb kadm acl kafs roken otp auth sl editline + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +check: all + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) check); done + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in new file mode 100644 index 0000000..59894e4 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)acl +#LIBEXT = @LIBEXT@ Always build archive library! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = acl_files.c + +OBJECTS = acl_files.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h new file mode 100644 index 0000000..305b66c --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */ + +#ifndef __ACL_H +#define __ACL_H + +#include + +void acl_canonicalize_principal __P((char *principal, char *canon)); +int acl_initialize __P((char *acl_file, int perm)); +int acl_exact_match __P((char *acl, char *principal)); +int acl_check __P((char *acl, char *principal)); +int acl_add __P((char *acl, char *principal)); +int acl_delete __P((char *acl, char *principal)); + +#endif /* __ACL_H */ diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c new file mode 100644 index 0000000..fc00b80 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.c @@ -0,0 +1,540 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "config.h" +#include "protos.h" + +RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $"); + +#include +#include +#include + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_FILE_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#include +#include + +#include + +#include +#include + +/*** Routines for manipulating access control list files ***/ + +/* "aname.inst@realm" */ +#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3) +#define INST_SEP '.' +#define REALM_SEP '@' + +#define LINESIZE 2048 /* Maximum line length in an acl file */ + +#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */ +#define WAIT_TIME 300 /* Maximum time allowed write acl file */ + +#define CACHED_ACLS 8 /* How many acls to cache */ + /* Each acl costs 1 open file descriptor */ +#define ACL_LEN 16 /* Twice a reasonable acl length */ + +#define COR(a,b) ((a!=NULL)?(a):(b)) + +/* Canonicalize a principal name */ +/* If instance is missing, it becomes "" */ +/* If realm is missing, it becomes the local realm */ +/* Canonicalized form is put in canon, which must be big enough to hold + MAX_PRINCIPAL_SIZE characters */ +void +acl_canonicalize_principal(char *principal, char *canon) +{ + char *dot, *atsign, *end; + int len; + + dot = strchr(principal, INST_SEP); + atsign = strchr(principal, REALM_SEP); + + /* Maybe we're done already */ + if(dot != NULL && atsign != NULL) { + if(dot < atsign) { + /* It's for real */ + /* Copy into canon */ + strncpy(canon, principal, MAX_PRINCIPAL_SIZE); + canon[MAX_PRINCIPAL_SIZE-1] = '\0'; + return; + } else { + /* Nope, it's part of the realm */ + dot = NULL; + } + } + + /* No such luck */ + end = principal + strlen(principal); + + /* Get the principal name */ + len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); + strncpy(canon, principal, len); + canon += len; + + /* Add INST_SEP */ + *canon++ = INST_SEP; + + /* Get the instance, if it exists */ + if(dot != NULL) { + ++dot; + len = min(INST_SZ, COR(atsign, end) - dot); + strncpy(canon, dot, len); + canon += len; + } + + /* Add REALM_SEP */ + *canon++ = REALM_SEP; + + /* Get the realm, if it exists */ + /* Otherwise, default to local realm */ + if(atsign != NULL) { + ++atsign; + len = min(REALM_SZ, end - atsign); + strncpy(canon, atsign, len); + canon += len; + *canon++ = '\0'; + } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { + strcpy(canon, KRB_REALM); + } +} + +/* Get a lock to modify acl_file */ +/* Return new FILE pointer */ +/* or NULL if file cannot be modified */ +/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */ +static +FILE *acl_lock_file(char *acl_file) +{ + struct stat s; + char new[LINESIZE]; + int nfd; + FILE *nf; + int mode; + + if(stat(acl_file, &s) < 0) return(NULL); + mode = s.st_mode; + snprintf(new, sizeof(new), NEW_FILE, acl_file); + for(;;) { + /* Open the new file */ + if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) { + if(errno == EEXIST) { + /* Maybe somebody got here already, maybe it's just old */ + if(stat(new, &s) < 0) return(NULL); + if(time(0) - s.st_ctime > WAIT_TIME) { + /* File is stale, kill it */ + unlink(new); + continue; + } else { + /* Wait and try again */ + sleep(1); + continue; + } + } else { + /* Some other error, we lose */ + return(NULL); + } + } + + /* If we got to here, the lock file is ours and ok */ + /* Reopen it under stdio */ + if((nf = fdopen(nfd, "w")) == NULL) { + /* Oops, clean up */ + unlink(new); + } + return(nf); + } +} + +/* Abort changes to acl_file written onto FILE *f */ +/* Returns 0 if successful, < 0 otherwise */ +/* Closes f */ +static int +acl_abort(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + /* make sure we aren't nuking someone else's file */ + if(fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + fclose(f); + return(-1); + } else { + snprintf(new, sizeof(new), NEW_FILE, acl_file); + ret = unlink(new); + fclose(f); + return(ret); + } +} + +/* Commit changes to acl_file written onto FILE *f */ +/* Returns zero if successful */ +/* Returns > 0 if lock was broken */ +/* Returns < 0 if some other error occurs */ +/* Closes f */ +static int +acl_commit(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + snprintf(new, sizeof(new), NEW_FILE, acl_file); + if(fflush(f) < 0 + || fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + acl_abort(acl_file, f); + return(-1); + } + + ret = rename(new, acl_file); + fclose(f); + return(ret); +} + +/* Initialize an acl_file */ +/* Creates the file with permissions perm if it does not exist */ +/* Erases it if it does */ +/* Returns return value of acl_commit */ +int +acl_initialize(char *acl_file, int perm) +{ + FILE *new; + int fd; + + /* Check if the file exists already */ + if((new = acl_lock_file(acl_file)) != NULL) { + return(acl_commit(acl_file, new)); + } else { + /* File must be readable and writable by owner */ + if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) { + return(-1); + } else { + close(fd); + return(0); + } + } +} + +/* Eliminate all whitespace character in buf */ +/* Modifies its argument */ +static void + nuke_whitespace(char *buf) +{ + char *pin, *pout; + + for(pin = pout = buf; *pin != '\0'; pin++) + if(!isspace(*pin)) *pout++ = *pin; + *pout = '\0'; /* Terminate the string */ +} + +/* Hash table stuff */ + +struct hashtbl { + int size; /* Max number of entries */ + int entries; /* Actual number of entries */ + char **tbl; /* Pointer to start of table */ +}; + +/* Make an empty hash table of size s */ +static struct hashtbl * +make_hash(int size) +{ + struct hashtbl *h; + + if(size < 1) size = 1; + h = (struct hashtbl *) malloc(sizeof(struct hashtbl)); + h->size = size; + h->entries = 0; + h->tbl = (char **) calloc(size, sizeof(char *)); + return(h); +} + +/* Destroy a hash table */ +static void +destroy_hash(struct hashtbl *h) +{ + int i; + + for(i = 0; i < h->size; i++) { + if(h->tbl[i] != NULL) free(h->tbl[i]); + } + free(h->tbl); + free(h); +} + +/* Compute hash value for a string */ +static unsigned int +hashval(char *s) +{ + unsigned hv; + + for(hv = 0; *s != '\0'; s++) { + hv ^= ((hv << 3) ^ *s); + } + return(hv); +} + +/* Add an element to a hash table */ +static void +add_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + char *s; + char **old; + int i; + + /* Make space if it isn't there already */ + if(h->entries + 1 > (h->size >> 1)) { + old = h->tbl; + h->tbl = (char **) calloc(h->size << 1, sizeof(char *)); + for(i = 0; i < h->size; i++) { + if(old[i] != NULL) { + hv = hashval(old[i]) % (h->size << 1); + while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1); + h->tbl[hv] = old[i]; + } + } + h->size = h->size << 1; + free(old); + } + + hv = hashval(el) % h->size; + while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size; + s = strdup(el); + h->tbl[hv] = s; + h->entries++; +} + +/* Returns nonzero if el is in h */ +static int +check_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + + for(hv = hashval(el) % h->size; + h->tbl[hv] != NULL; + hv = (hv + 1) % h->size) { + if(!strcmp(h->tbl[hv], el)) return(1); + } + return(0); +} + +struct acl { + char filename[LINESIZE]; /* Name of acl file */ + int fd; /* File descriptor for acl file */ + struct stat status; /* File status at last read */ + struct hashtbl *acl; /* Acl entries */ +}; + +static struct acl acl_cache[CACHED_ACLS]; + +static int acl_cache_count = 0; +static int acl_cache_next = 0; + +/* Returns < 0 if unsuccessful in loading acl */ +/* Returns index into acl_cache otherwise */ +/* Note that if acl is already loaded, this is just a lookup */ +static int +acl_load(char *name) +{ + int i; + FILE *f; + struct stat s; + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + + /* See if it's there already */ + for(i = 0; i < acl_cache_count; i++) { + if(!strcmp(acl_cache[i].filename, name) + && acl_cache[i].fd >= 0) goto got_it; + } + + /* It isn't, load it in */ + /* maybe there's still room */ + if(acl_cache_count < CACHED_ACLS) { + i = acl_cache_count++; + } else { + /* No room, clean one out */ + i = acl_cache_next; + acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS; + close(acl_cache[i].fd); + if(acl_cache[i].acl) { + destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = (struct hashtbl *) 0; + } + } + + /* Set up the acl */ + strcpy(acl_cache[i].filename, name); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + /* Force reload */ + acl_cache[i].acl = (struct hashtbl *) 0; + + got_it: + /* + * See if the stat matches + * + * Use stat(), not fstat(), as the file may have been re-created by + * acl_add or acl_delete. If this happens, the old inode will have + * no changes in the mod-time and the following test will fail. + */ + if(stat(acl_cache[i].filename, &s) < 0) return(-1); + if(acl_cache[i].acl == (struct hashtbl *) 0 + || s.st_nlink != acl_cache[i].status.st_nlink + || s.st_mtime != acl_cache[i].status.st_mtime + || s.st_ctime != acl_cache[i].status.st_ctime) { + /* Gotta reload */ + if(acl_cache[i].fd >= 0) close(acl_cache[i].fd); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1); + if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = make_hash(ACL_LEN); + while(fgets(buf, sizeof(buf), f) != NULL) { + nuke_whitespace(buf); + acl_canonicalize_principal(buf, canon); + add_hash(acl_cache[i].acl, canon); + } + fclose(f); + acl_cache[i].status = s; + } + return(i); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Principal is not canonicalized, and no wildcarding is done */ +int +acl_exact_match(char *acl, char *principal) +{ + int idx; + + return((idx = acl_load(acl)) >= 0 + && check_hash(acl_cache[idx].acl, principal)); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Recognizes wildcards in acl of the form + name.*@realm, *.*@realm, and *.*@* */ +int +acl_check(char *acl, char *principal) +{ + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + char *realm; + + acl_canonicalize_principal(principal, canon); + + /* Is it there? */ + if(acl_exact_match(acl, canon)) return(1); + + /* Try the wildcards */ + realm = strchr(canon, REALM_SEP); + *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */ + + snprintf(buf, sizeof(buf), "%s.*%s", canon, realm); + if(acl_exact_match(acl, buf)) return(1); + + snprintf(buf, sizeof(buf), "*.*%s", realm); + if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); + + return(0); +} + +/* Adds principal to acl */ +/* Wildcards are interpreted literally */ +int +acl_add(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL) { + if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF + || putc('\n', new) != '\n') { + acl_abort(acl, new); + return(-1); + } + } + } + fputs(canon, new); + putc('\n', new); + return(acl_commit(acl, new)); +} + +/* Removes principal from acl */ +/* Wildcards are interpreted literally */ +int +acl_delete(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((!acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL + && strcmp(acl_cache[idx].acl->tbl[i], canon)) { + fputs(acl_cache[idx].acl->tbl[i], new); + putc('\n', new); + } + } + return(acl_commit(acl, new)); +} diff --git a/crypto/kerberosIV/lib/acl/acl_files.doc b/crypto/kerberosIV/lib/acl/acl_files.doc new file mode 100644 index 0000000..78c448a --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.doc @@ -0,0 +1,107 @@ +PROTOTYPE ACL LIBRARY + +Introduction + +An access control list (ACL) is a list of principals, where each +principal is is represented by a text string which cannot contain +whitespace. The library allows application programs to refer to named +access control lists to test membership and to atomically add and +delete principals using a natural and intuitive interface. At +present, the names of access control lists are required to be Unix +filenames, and refer to human-readable Unix files; in the future, when +a networked ACL server is implemented, the names may refer to a +different namespace specific to the ACL service. + + +Usage + +cc -lacl -lkrb. + + + +Principal Names + +Principal names have the form + +[.][@] + +e.g. + +asp +asp.root +asp@ATHENA.MIT.EDU +asp.@ATHENA.MIT.EDU +asp.root@ATHENA.MIT.EDU + +It is possible for principals to be underspecified. If instance is +missing, it is assumed to be "". If realm is missing, it is assumed +to be local_realm. The canonical form contains all of name, instance, +and realm; the acl_add and acl_delete routines will always +leave the file in that form. Note that the canonical form of +asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. + + +Routines + +acl_canonicalize_principal(principal, buf) +char *principal; +char *buf; /*RETVAL*/ + +Store the canonical form of principal in buf. Buf must contain enough +space to store a principal, given the limits on the sizes of name, +instance, and realm specified in /usr/include/krb.h. + +acl_check(acl, principal) +char *acl; +char *principal; + +Returns nonzero if principal appears in acl. Returns 0 if principal +does not appear in acl, or if an error occurs. Canonicalizes +principal before checking, and allows the ACL to contain wildcards. + +acl_exact_match(acl, principal) +char *acl; +char *principal; + +Like acl_check, but does no canonicalization or wildcarding. + +acl_add(acl, principal) +char *acl; +char *principal; + +Atomically adds principal to acl. Returns 0 if successful, nonzero +otherwise. It is considered a failure if principal is already in acl. +This routine will canonicalize principal, but will treat wildcards +literally. + +acl_delete(acl, principal) +char *acl; +char *principal; + +Atomically deletes principal from acl. Returns 0 if successful, +nonzero otherwise. It is consider a failure if principal is not +already in acl. This routine will canonicalize principal, but will +treat wildcards literally. + +acl_initialize(acl, mode) +char *acl; +int mode; + +Initialize acl. If acl file does not exist, creates it with mode +mode. If acl exists, removes all members. Returns 0 if successful, +nonzero otherwise. WARNING: Mode argument is likely to change with +the eventual introduction of an ACL service. + + +Known problems + +In the presence of concurrency, there is a very small chance that +acl_add or acl_delete could report success even though it would have +had no effect. This is a necessary side effect of using lock files +for concurrency control rather than flock(2), which is not supported +by NFS. + +The current implementation caches ACLs in memory in a hash-table +format for increased efficiency in checking membership; one effect of +the caching scheme is that one file descriptor will be kept open for +each ACL cached, up to a maximum of 8. diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in new file mode 100644 index 0000000..1dafd4f --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/Makefile.in @@ -0,0 +1,92 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kadm +LIBEXT = @LIBEXT@ +LIBPREFIX = @LIBPREFIX@ +EXECSUFFIX = @EXECSUFFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c + +OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +kadm_err.c kadm_err.h: kadm_err.et + test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .) + $(COMPILE_ET) kadm_err.et + +$(OBJECTS): ../../include/config.h +$(OBJECTS): kadm_err.h kadm_locl.h diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h new file mode 100644 index 0000000..d18f592 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm.h @@ -0,0 +1,143 @@ +/* + * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +#include + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 +/* Minimum allowed password length */ +#define MIN_KPW_LEN 6 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_PORT 751 +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_int8_t fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + u_int16_t attributes; + u_int8_t max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL, +STABACL, /* not used */ +DELACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 +#define CHECK_PW 6 /* not used */ +#define CHG_STAB 7 /* not used */ +#define DEL_ENT 8 + +void prin_vals __P((Kadm_vals *)); +int stv_long __P((u_char *, u_int32_t *, int, int)); +int vts_long __P((u_int32_t, u_char **, int)); +int vts_string __P((char *, u_char **, int)); +int stv_string __P((u_char *, char *, int, int, int)); + +int stream_to_vals __P((u_char *, Kadm_vals *, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); + +int kadm_init_link __P((char *, char *, char *)); +int kadm_change_pw __P((unsigned char *)); +int kadm_change_pw_plain __P((unsigned char *, char *, char**)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char *)); +int kadm_add __P((Kadm_vals *)); +int kadm_del __P((Kadm_vals *)); +void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); +void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); + + + +#endif /* KADM_DEFS */ diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c new file mode 100644 index 0000000..1e5c4f3 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c @@ -0,0 +1,545 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server client-side routines + */ + +/* + * kadm_cli_wrap.c the client side wrapping of the calls to the admin server + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $"); + +#ifndef NULL +#define NULL 0 +#endif + +static Kadm_Client client_parm; + +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} + +/* Keys for use in the transactions */ +static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ +static des_key_schedule sess_sched; + +static void +clear_secrets(void) +{ + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); + return; +} + +static RETSIGTYPE (*opipe)(); + +static void +kadm_cli_disconn(void) +{ + close(client_parm.admin_fd); + signal(SIGPIPE, opipe); + return; +} + +/* + * kadm_init_link + * receives : name, inst, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ + +int +kadm_init_link(char *n, char *i, char *r) +{ + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MaxHostNameLen]; + + init_kadm_err_tbl(); + init_krb_err_tbl(); + strcpy(client_parm.sname, n); + strcpy(client_parm.sinst, i); + strcpy(client_parm.krbrlm, r); + client_parm.admin_fd = -1; + + /* set up the admin_addr - fetch name of admin host */ + if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + if ((hop = gethostbyname(adm_hostname)) == NULL) + return KADM_UNK_HOST; + memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_port = + k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT)); + client_parm.admin_addr.sin_family = hop->h_addrtype; + memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr, + sizeof(client_parm.admin_addr.sin_addr)); + + return KADM_SUCCESS; +} + +static int +kadm_cli_conn(void) +{ /* this connects and sets my_addr */ + int on = 1; + + if ((client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (connect(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.admin_addr))) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = signal(SIGPIPE, SIG_IGN); + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if (getsockname(client_parm.admin_fd, + (struct sockaddr *) & client_parm.my_addr, + &client_parm.my_addr_len) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, + sizeof(on)) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } +#endif + return KADM_SUCCESS; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +static int +kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s) + /* session key */ + /* session key schedule */ +{ + CREDENTIALS cred; /* to get key data */ + int stat; + + /* want .sname and .sinst here.... */ + if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, + client_parm.krbrlm, &cred))) + return stat + krb_err_base; + memcpy(s_k, cred.session, sizeof(des_cblock)); + memset(cred.session, 0, sizeof(des_cblock)); +#ifdef NOENCRYPTION + memset(s_s, 0, sizeof(des_key_schedule)); +#else + if ((stat = des_key_sched(s_k,s_s))) + return(stat+krb_err_base); +#endif + return KADM_SUCCESS; +} /* This code "works" */ + +static int +kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz) +{ + u_int16_t dlen; + int retval; + char tmp[4]; + + dlen = (u_int16_t) dat_len; + + if (dat_len != (int)dlen) + return (KADM_NO_ROOM); + + tmp[0] = (dlen >> 8) & 0xff; + tmp[1] = dlen & 0xff; + if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2) + return (errno); /* XXX */ + + if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + return (errno); /* XXX */ + + + if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){ + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + dlen = (tmp[0] << 8) | tmp[1]; + + *ret_dat = (u_char *)malloc((unsigned)dlen); + if (!*ret_dat) + return(KADM_NOMEM); + + if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat, + dlen) != dlen)) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + *ret_siz = (int) dlen; + return KADM_SUCCESS; +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +static int +kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz) + /* the actual data */ + /* length of said data */ + /* to give return info */ + /* length of returned info */ +{ + int act_len, retdat; /* current offset into packet, return + * data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + int priv_len; /* length of private packet */ + u_int32_t cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + + act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + /* 200 bytes for extra info case */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz, + sess_sched, &sess_key, &client_parm.my_addr, + &client_parm.admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose + * here */ + /* here is the length of priv data. receiver calcs + size of authenticator by subtracting vno size, priv size, and + sizeof(u_int32_t) (for the size indication) from total size */ + + act_len += vts_long((u_int32_t) priv_len, &act_st, act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0, + &sess_key); +#endif + if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, cksum))) { + /* authenticator? */ + RET_N_FREE(retdat + krb_err_base); + } + + act_st = (u_char *) realloc(act_st, + act_len + authent.length + priv_len); + if (!act_st) { + clear_secrets(); + free(priv_pak); + return(KADM_NOMEM); + } + memcpy((char *)act_st + act_len, authent.dat, authent.length); + memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); + if ((retdat = kadm_cli_out(act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free(act_st); +#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);} + + /* first see if it's a YOULOUSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { + unsigned char *p; + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + 4) + RET_N_FREE2(KADM_BAD_VER); + p = (*ret_dat)+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched, + &sess_key, &client_parm.admin_addr, + &client_parm.my_addr, &mdat))) + RET_N_FREE2(retdat+krb_err_base); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + { + unsigned char *p = mdat.app_data+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + } + { + int s=mdat.app_length - KADM_VERSIZE - 4; + if(s<=0) s=1; + if (!(return_dat = (u_char *)malloc(s))) + RET_N_FREE2(KADM_NOMEM); + } + memcpy(return_dat, + (char *) mdat.app_data + KADM_VERSIZE + 4, + mdat.app_length - KADM_VERSIZE - 4); + free(*ret_dat); + clear_secrets(); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; + return retdat; +} + + + +/* + * kadm_change_pw_plain + * + * see kadm_change_pw + * + */ +int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg) +{ + int stsize, retc; /* stream size and return code */ + u_char *send_st; /* send stream */ + u_char *ret_st; + int ret_sz; + int status; + static char msg[128]; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + /* possible problem with vts_long on a non-multiple of four boundary */ + + stsize = 0; /* start of our output packet */ + send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st[stsize++] = (u_char) CHANGE_PW; + + /* change key to stream */ + + send_st = realloc(send_st, stsize + 8); + memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */ + memcpy(send_st + stsize, newkey + 4, 4); + stsize += 8; + + if(password && *password) + stsize += vts_string(password, &send_st, stsize); + + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); + free(send_st); + + if(retc != KADM_SUCCESS){ + status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz); + if(status<0) + msg[0]=0; + *pw_msg=msg; + } + + if (ret_st) + free(ret_st); + + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ + +int kadm_change_pw(unsigned char *newkey) +{ + char *pw_msg; + return kadm_change_pw_plain(newkey, "", &pw_msg); +} + +/* + * kadm_add + * receives : vals + * returns : vals + * + * Adds and entry containing values to the database returns the values of the + * entry, so if you leave certain fields blank you will be able to determine + * the default values they are set to + */ +int +kadm_add(Kadm_vals *vals) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) ADD_ENT; /* here's the opcode */ + memcpy((char *) st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_mod + * receives : KTEXT, {values, values} + * returns : CKSUM, RETCODE, {values} + * acl : su, sms (as register or dealloc) + * + * Modifies all entries corresponding to the first values so they match the + * second values. returns the values for the changed entries in vals2 + */ +int +kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len, nlen; /* st2 the final stream with opcode */ + u_char *ret_st; + int ret_sz; + + /* nlen is the length of second vals */ + int retc; /* return code from call */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + + st_len = vals_to_stream(vals1, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) MOD_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len++); /* append st on */ + free(st); + nlen = vals_to_stream(vals2, &st); + st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + memcpy((char *) st2 + st_len, st, nlen); /* append st on */ + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals2, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + + +int +kadm_del(Kadm_vals *vals) +{ + unsigned char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (unsigned char *) malloc(st_len + 1); + *st2 = DEL_ENT; /* here's the opcode */ + memcpy(st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + kadm_cli_disconn(); + return(retc); +} + + +/* + * kadm_get + * receives : KTEXT, {values, flags} + * returns : CKSUM, RETCODE, {count, values, values, values} + * acl : su + * + * gets the fields requested by flags from all entries matching values returns + * this data for each matching recipient, after a count of how many such + * matches there were + */ +int +kadm_get(Kadm_vals *vals, u_char *fl) +{ + int loop; /* for copying the fields data */ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + *st2 = (u_char) GET_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len); /* append st on */ + for (loop = FLDSZ - 1; loop >= 0; loop--) + *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et new file mode 100644 index 0000000..0a7c7b6 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_err.et @@ -0,0 +1,59 @@ +# $Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $ +# $Author: bg $ +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# . +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database is locked or in use--try again later" + +ec KADM_INSECURE_PW, "Insecure password rejected" +ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" + +ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_IMMUTABLE, "Attempt do delete immutable principal" +end diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h new file mode 100644 index 0000000..e6e374b --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef SOCKS +#include +#endif + +#include + +#include +#include +#include +#include +#include +#include + +int vts_long __P((u_int32_t, u_char **, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); +int stream_to_vals __P((u_char *, Kadm_vals *, int)); + +int kadm_init_link __P((char n[], char i[], char r[])); +int kadm_change_pw __P((des_cblock)); +int kadm_add __P((Kadm_vals *)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char fl[4])); + + diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c new file mode 100644 index 0000000..33fe177 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Stream conversion functions for Kerberos administration server + */ + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $"); + +static int +build_field_header(u_char *cont, u_char **st) + /* container for fields data */ + /* stream */ +{ + *st = (u_char *) malloc (4); + memcpy(*st, cont, 4); + return 4; /* return pointer to current stream location */ +} + +static int +check_field_header(u_char *st, u_char *cont, int maxlen) + /* stream */ + /* container for fields data */ + +{ + if (4 > maxlen) + return(-1); + memcpy(cont, st, 4); + return 4; /* return pointer to current stream location */ +} + +int +vts_string(char *dat, u_char **st, int loc) + /* a string to put on the stream */ + /* base pointer to the stream */ + /* offset into the stream for current data */ +{ + *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1)); + memcpy(*st + loc, dat, strlen(dat)+1); + return strlen(dat)+1; +} + + +static int +vts_short(u_int16_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p; + p = realloc(*st, loc + 2); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 8) & 0xff; + p[loc+1] = dat & 0xff; + *st = p; + return 2; +} + +static int +vts_char(u_char dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 1); + if(p == NULL){ + abort(); + } + p[loc] = dat; + *st = p; + return 1; +} + +int +vts_long(u_int32_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 4); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 24) & 0xff; + p[loc+1] = (dat >> 16) & 0xff; + p[loc+2] = (dat >> 8) & 0xff; + p[loc+3] = dat & 0xff; + *st = p; + return 4; +} + +int +stv_string(u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + maxcount = min(maxlen - loc, stlen); + + if(maxcount <= 0) + return -1; + + strncpy(dat, (char *)st + loc, maxcount); + + if (dat[maxcount-1]) /* not null-term --> not enuf room */ + return(-1); + return strlen(dat)+1; +} + +static int +stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 2) + return -1; + + *dat = (st[loc] << 8) | st[loc + 1]; + return 2; +} + +int +stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + /* maximum length of st */ +{ + if (maxlen - loc < 4) + return -1; + + *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3]; + return 4; +} + +static int +stv_char(u_char *st, u_char *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 1) + return -1; + + *dat = st[loc]; + return 1; +} + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +int +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize+=vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize+=vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + break; + case KADM_ATTR: + stsize+=vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize+=vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize+=vts_long(dt_in->key_high, dt_out, stsize); + stsize+=vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } +} + return(stsize); +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +int +stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen) + + + /* max length to use */ +{ + int vsloop, stsize; /* loop counter, stream size */ + int status; + + memset(dt_out, 0, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return(-1); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + if ((status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_INST: + if ((status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_EXPDATE: + if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_ATTR: + if ((status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MAXLIFE: + if ((status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_DESKEY: + if ((status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + if ((status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + default: + break; + } + return stsize; +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c new file mode 100644 index 0000000..9845267 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c @@ -0,0 +1,111 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Support functions for Kerberos administration server & clients + */ + +/* + kadm_supp.c + this holds the support routines for the kerberos administration server + + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits + prin_vals: prints out data associated with a Principal in the vals + structure +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $"); + +/* +prin_vals: + recieves : a vals structure +*/ +void +prin_vals(Kadm_vals *vals) +{ + printf("Info in Database for %s.%s:\n", vals->name, vals->instance); + printf(" Max Life: %d (%s) Exp Date: %s\n", + vals->max_life, + krb_life_to_atime(vals->max_life), + asctime(k_localtime(&vals->exp_date))); + printf(" Attribs: %.2x key: %#lx %#lx\n", + vals->attributes, + (long)vals->key_low, (long)vals->key_high); +} + +/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, + it copies the fields in Principal specified by fields into Kadm_vals, + i.e from old to new */ + +void +kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old) +{ + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) { + strncpy(new->name, old->name, ANAME_SZ); + SET_FIELD(KADM_NAME, new->fields); + } + if (IS_FIELD(KADM_INST,fields)) { + strncpy(new->instance, old->instance, INST_SZ); + SET_FIELD(KADM_INST, new->fields); + } + if (IS_FIELD(KADM_EXPDATE,fields)) { + new->exp_date = old->exp_date; + SET_FIELD(KADM_EXPDATE, new->fields); + } + if (IS_FIELD(KADM_ATTR,fields)) { + new->attributes = old->attributes; + SET_FIELD(KADM_ATTR, new->fields); + } + if (IS_FIELD(KADM_MAXLIFE,fields)) { + new->max_life = old->max_life; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + SET_FIELD(KADM_DESKEY, new->fields); + } +} + +void +kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old) +{ + + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) + strncpy(new->name, old->name, ANAME_SZ); + if (IS_FIELD(KADM_INST,fields)) + strncpy(new->instance, old->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,fields)) + new->exp_date = old->exp_date; + if (IS_FIELD(KADM_ATTR,fields)) + new->attributes = old->attributes; + if (IS_FIELD(KADM_MAXLIFE,fields)) + new->max_life = old->max_life; + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + } +} diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in new file mode 100644 index 0000000..e9c9121 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/Makefile.in @@ -0,0 +1,90 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DLIBDIR='"$(libdir)"' +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kafs +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@ +LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS) + +SOURCES = afssys.c afskrb.c afslib.c + +OBJECTS = afssys.o afskrb.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@ + rm -f $@ + $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@ + -$(RANLIB) $@ + + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +# AIX: this almost works with gcc, but somehow it fails to use the +# correct ld, use ld instead +afslib.so: afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c new file mode 100644 index 0000000..d979ac5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afskrb.c @@ -0,0 +1,373 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $"); + +#define AUTH_SUPERUSER "afs" + +/* + * Here only ASCII characters are relevant. + */ + +#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') + +#define ToAsciiUpper(c) ((c) - 'a' + 'A') + +static void +foldup(char *a, const char *b) +{ + for (; *b; a++, b++) + if (IsAsciiLower(*b)) + *a = ToAsciiUpper(*b); + else + *a = *b; + *a = '\0'; +} + +static int +get_cred(const char *princ, const char *inst, const char *krealm, + CREDENTIALS *c, KTEXT_ST *tkt) +{ + int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + + if (k_errno != KSUCCESS) + { + k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0); + if (k_errno == KSUCCESS) + k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + } + return k_errno; +} + + +/* Convert a string to a 32 bit ip number in network byte order. + Return 0 on error + */ + +static u_int32_t +ip_aton(char *ip) +{ + u_int32_t addr; + unsigned int a, b, c, d; + + if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) + return 0; + if((a | b | c | d) > 255) + return 0; + addr = (a << 24) | (b << 16) | (c << 8) | d; + addr = htonl(addr); + return addr; +} + +/* Try to get a db-server for an AFS cell from a AFSDB record */ + +static int +dns_find_cell(const char *cell, char *dbserver) +{ + struct dns_reply *r; + int ok = -1; + r = dns_lookup(cell, "afsdb"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ + strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen); + dbserver[MaxHostNameLen - 1] = 0; + ok = 0; + break; + } + rr = rr->next; + } + dns_free_data(r); + } + return ok; +} + + +/* Find the realm associated with cell. Do this by opening + /usr/vice/etc/CellServDB and getting the realm-of-host for the + first VL-server for the cell. + + This does not work when the VL-server is living in one cell, but + the cell it is serving is living in another cell. + */ + +static char* +realm_of_cell(const char *cell) +{ + FILE *F; + char buf[1024]; + u_int32_t addr; + struct hostent *hp; + char *realm = NULL; + + if((F = fopen(_PATH_CELLSERVDB, "r"))){ + while(fgets(buf, sizeof(buf), F)){ + if(buf[0] != '>') + continue; + if(strncmp(buf + 1, cell, strlen(cell)) == 0){ + if(fgets(buf, sizeof(buf), F) == NULL) + break; + addr = ip_aton(buf); + if(addr == 0) + break; + hp = gethostbyaddr((char*)&addr, 4, AF_INET); + if(hp == NULL) + break; + strncpy (buf, hp->h_name, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + realm = krb_realmofhost(buf); + break; + } + } + fclose(F); + } + if(realm == NULL){ + if(dns_find_cell(cell, buf) == 0) + realm = krb_realmofhost(buf); + } + return realm; +} + +/* + * Get tokens for all cells[] + */ +static int +k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid) +{ + int err = KSUCCESS; + int i; + for(i = 0; i < max; i++) + err = k_afsklog_uid(cells[i], krealm, uid); + return err; +} + +/* + * Try to find the cells we should try to klog to in "file". + */ +static void +k_find_cells(char *file, char *cells[], int size, int *index) +{ + FILE *f; + char cell[64]; + int i; + f = fopen(file, "r"); + if (f == NULL) + return; + while (*index < size && fgets(cell, sizeof(cell), f)) { + char *nl = strchr(cell, '\n'); + if (nl) *nl = 0; + for(i = 0; i < *index; i++) + if(strcmp(cells[i], cell) == 0) + break; + if(i == *index) + cells[(*index)++] = strdup(cell); + } + fclose(f); +} + +static int +k_afsklog_all_local_cells(const char *krealm, uid_t uid) +{ + int err; + char *cells[32]; /* XXX */ + int num_cells = sizeof(cells) / sizeof(cells[0]); + int index = 0; + + char *p; + + if ((p = getenv("HOME"))) { + char home[MaxPathLen]; + + if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0) + k_find_cells(home, cells, num_cells, &index); + } + k_find_cells(_PATH_THESECELLS, cells, num_cells, &index); + k_find_cells(_PATH_THISCELL, cells, num_cells, &index); + + err = k_afslog_cells(cells, index, krealm, uid); + while(index > 0) + free(cells[--index]); + return err; +} + +int +k_afsklog_uid(const char *cell, const char *krealm, uid_t uid) +{ + int k_errno; + CREDENTIALS c; + KTEXT_ST ticket; + char realm[REALM_SZ]; + char *vl_realm; /* realm of vl-server */ + char *lrealm; /* local realm */ + char CELL[64]; + + if (cell == 0 || cell[0] == 0) + return k_afsklog_all_local_cells (krealm, uid); + foldup(CELL, cell); + + k_errno = krb_get_lrealm(realm , 0); + if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm))) + lrealm = realm; + else + lrealm = NULL; + + /* We're about to find the the realm that holds the key for afs in + * the specified cell. The problem is that null-instance + * afs-principals are common and that hitting the wrong realm might + * yield the wrong afs key. The following assumptions were made. + * + * Any realm passed to us is preferred. + * + * If there is a realm with the same name as the cell, it is most + * likely the correct realm to talk to. + * + * In most (maybe even all) cases the database servers of the cell + * will live in the realm we are looking for. + * + * Try the local realm, but if the previous cases fail, this is + * really a long shot. + * + */ + + /* comments on the ordering of these tests */ + + /* If the user passes a realm, she probably knows something we don't + * know and we should try afs@krealm (otherwise we're talking with a + * blondino and she might as well have it.) + */ + + k_errno = -1; + if(krealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket); + } + + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket); + + /* this might work in some conditions */ + if(k_errno && (vl_realm = realm_of_cell(cell))){ + k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket); + } + + if(k_errno && lrealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket); +#if 0 + /* this is most likely never right anyway, but won't fail */ + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket); +#endif + } + + if (k_errno == KSUCCESS) + { + struct ViceIoctl parms; + struct ClearToken ct; + int32_t sizeof_x; + char buf[2048], *t; + + /* + * Build a struct ClearToken + */ + ct.AuthHandle = c.kvno; + memcpy (ct.HandShakeKey, c.session, sizeof(c.session)); + ct.ViceId = uid; /* is this always valid? */ + ct.BeginTimestamp = 1 + c.issue_date; + ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime); + +#define ODD(x) ((x) & 1) + /* If we don't know the numerical ID lifetime should be even? */ + if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp)) + ct.BeginTimestamp--; + + t = buf; + /* + * length of secret token followed by secret token + */ + sizeof_x = c.ticket_st.length; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, c.ticket_st.dat, sizeof_x); + t += sizeof_x; + /* + * length of clear token followed by clear token + */ + sizeof_x = sizeof(ct); + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, &ct, sizeof_x); + t += sizeof_x; + + /* + * do *not* mark as primary cell + */ + sizeof_x = 0; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + /* + * follow with cell name + */ + sizeof_x = strlen(cell) + 1; + memcpy(t, cell, sizeof_x); + t += sizeof_x; + + /* + * Build argument block + */ + parms.in = buf; + parms.in_size = t - buf; + parms.out = 0; + parms.out_size = 0; + k_pioctl(0, VIOCSETTOK, &parms, 0); + } + return k_errno; +} + +int +k_afsklog(const char *cell, const char *krealm) +{ + return k_afsklog_uid (cell, krealm, getuid()); +} diff --git a/crypto/kerberosIV/lib/kafs/afsl.exp b/crypto/kerberosIV/lib/kafs/afsl.exp new file mode 100644 index 0000000..4d2b00e --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afsl.exp @@ -0,0 +1,6 @@ +#!/unix + +* This mumbo jumbo creates entry points to syscalls in _AIX + +lpioctl syscall +lsetpag syscall diff --git a/crypto/kerberosIV/lib/kafs/afslib.c b/crypto/kerberosIV/lib/kafs/afslib.c new file mode 100644 index 0000000..12779bc --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This file is only used with AIX + */ + +#include "kafs_locl.h" + +RCSID("$Id: afslib.c,v 1.5 1997/04/20 13:21:15 joda Exp $"); + +int +aix_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ + return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +} + +int +aix_setpag(void) +{ + return lsetpag(); +} diff --git a/crypto/kerberosIV/lib/kafs/afslib.exp b/crypto/kerberosIV/lib/kafs/afslib.exp new file mode 100644 index 0000000..f288717 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.exp @@ -0,0 +1,3 @@ +#! +aix_pioctl +aix_setpag diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c new file mode 100644 index 0000000..741225c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssys.c @@ -0,0 +1,293 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $"); + +/* Magic to get AIX syscalls to work */ +#ifdef _AIX + +static int (*Pioctl)(char*, int, void*, int); +static int (*Setpag)(void); + +#include "dlfcn.h" + +static int +isSuid() +{ + int uid = getuid(); + int gid = getgid(); + int euid = getegid(); + int egid = getegid(); + return (uid != euid) || (gid != egid); +} + +static int +aix_setup(void) +{ +#ifdef STATIC_AFS_SYSCALLS + Pioctl = aix_pioctl; + Setpag = aix_setpag; +#else + void *ptr; + char path[MaxPathLen], *p; + /* + * If we are root or running setuid don't trust AFSLIBPATH! + */ + if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL) + strcpy(path, p); + else + snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); + + ptr = dlopen(path, 0); + if(ptr){ + Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); + Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl"); + } +#endif +} +#endif /* _AIX */ + +#define NO_ENTRY_POINT 0 +#define SINGLE_ENTRY_POINT 1 +#define MULTIPLE_ENTRY_POINT 2 +#define SINGLE_ENTRY_POINT2 3 +#define SINGLE_ENTRY_POINT3 4 +#define AIX_ENTRY_POINTS 5 +#define UNKNOWN_ENTRY_POINT 6 +static int afs_entry_point = UNKNOWN_ENTRY_POINT; +static int afs_syscalls[2]; + + +int +k_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_PIOCTL, + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[0], + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +int +k_afs_cell_of_file(const char *path, char *cell, int len) +{ + struct ViceIoctl parms; + parms.in = NULL; + parms.in_size = 0; + parms.out = cell; + parms.out_size = len; + return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1); +} + +int +k_unlog(void) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + return k_pioctl(0, VIOCUNLOG, &parms, 0); +} + +int +k_setpag(void) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_SETPAG); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[1]); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Setpag(); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +static jmp_buf catch_SIGSYS; + +#ifdef SIGSYS + +static RETSIGTYPE +SIGSYS_handler(int sig) +{ + errno = 0; + signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */ + longjmp(catch_SIGSYS, 1); +} + +#endif + +int +k_hasafs(void) +{ + int saved_errno; + RETSIGTYPE (*saved_func)(); + struct ViceIoctl parms; + + /* + * Already checked presence of AFS syscalls? + */ + if (afs_entry_point != UNKNOWN_ENTRY_POINT) + return afs_entry_point != NO_ENTRY_POINT; + + /* + * Probe kernel for AFS specific syscalls, + * they (currently) come in two flavors. + * If the syscall is absent we recive a SIGSYS. + */ + afs_entry_point = NO_ENTRY_POINT; + memset(&parms, 0, sizeof(parms)); + + saved_errno = errno; +#ifndef NO_AFS +#ifdef SIGSYS + saved_func = signal(SIGSYS, SIGSYS_handler); +#endif + +#ifdef AFS_SYSCALL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT; + afs_syscalls[0] = AFS_SYSCALL; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_PIOCTL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = MULTIPLE_ENTRY_POINT; + afs_syscalls[0] = AFS_PIOCTL; + afs_syscalls[1] = AFS_SETPAG; + goto done; + } + } +#endif /* AFS_PIOCTL */ + +#ifdef AFS_SYSCALL2 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL2, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT2; + afs_syscalls[0] = AFS_SYSCALL2; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_SYSCALL3 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL3, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT3; + afs_syscalls[0] = AFS_SYSCALL3; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef _AIX + aix_setup(); + if(Pioctl != NULL && Setpag != NULL){ + afs_entry_point = AIX_ENTRY_POINTS; + goto done; + } +#endif + +done: +#ifdef SIGSYS + signal(SIGSYS, saved_func); +#endif +#endif /* NO_AFS */ + errno = saved_errno; + return afs_entry_point != NO_ENTRY_POINT; +} diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h new file mode 100644 index 0000000..028f9b3 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */ + +/* + * This section is for machines using single entry point AFS syscalls! + * and/or + * This section is for machines using multiple entry point AFS syscalls! + * + * SunOS 4 is an example of single entry point and sgi of multiple + * entry point syscalls. + */ + +#if SunOS == 4 +#define AFS_SYSCALL 31 +#endif + +#if SunOS == 5 +#define AFS_SYSCALL 105 +#endif + +#if defined(__hpux) +#define AFS_SYSCALL 50 +#define AFS_SYSCALL2 49 +#endif + +#if defined(_AIX) +/* _AIX is too weird */ +#endif + +#if defined(__sgi) +#define AFS_PIOCTL (64+1000) +#define AFS_SETPAG (65+1000) +#endif + +#if defined(__osf__) +#define AFS_SYSCALL 232 +#define AFS_SYSCALL2 258 +#endif + +#if defined(__ultrix) +#define AFS_SYSCALL 31 +#endif + +#if defined(__NetBSD__) +#define AFS_SYSCALL 210 +#endif + +#ifdef SYS_afs_syscall +#define AFS_SYSCALL3 SYS_afs_syscall +#endif diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c new file mode 100644 index 0000000..3f4de92 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.c @@ -0,0 +1,570 @@ +/* + * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +/* + * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton + * to support g++ and/or use with Octave. + */ + +/* + * This makes my life easier with Octave. --jwe + */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include "dlfcn.h" + +/* + * We simulate dlopen() et al. through a call to load. Because AIX has + * no call to find an exported symbol we read the loader section of the + * loaded module and build a list of exported symbols and their virtual + * address. + */ + +typedef struct { + char *name; /* the symbols's name */ + void *addr; /* its relocated virtual address */ +} Export, *ExportPtr; + +/* + * xlC uses the following structure to list its constructors and + * destructors. This is gleaned from the output of munch. + */ +typedef struct { + void (*init)(void); /* call static constructors */ + void (*term)(void); /* call static destructors */ +} Cdtor, *CdtorPtr; + +typedef void (*GccCDtorPtr)(void); + +/* + * The void * handle returned from dlopen is actually a ModulePtr. + */ +typedef struct Module { + struct Module *next; + char *name; /* module name for refcounting */ + int refCnt; /* the number of references */ + void *entry; /* entry point from load */ + struct dl_info *info; /* optional init/terminate functions */ + CdtorPtr cdtors; /* optional C++ constructors */ + GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */ + GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */ + int nExports; /* the number of exports found */ + ExportPtr exports; /* the array of exports */ +} Module, *ModulePtr; + +/* + * We keep a list of all loaded modules to be able to call the fini + * handlers and destructors at atexit() time. + */ +static ModulePtr modList; + +/* + * The last error from one of the dl* routines is kept in static + * variables here. Each error is returned only once to the caller. + */ +static char errbuf[BUFSIZ]; +static int errvalid; + +/* + * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for + * strdup(). --jwe + */ +#ifndef HAVE_STRDUP +extern char *strdup(const char *); +#endif +static void caterr(char *); +static int readExports(ModulePtr); +static void terminate(void); +static void *findMain(void); + +void *dlopen(const char *path, int mode) +{ + ModulePtr mp; + static void *mainModule; + + /* + * Upon the first call register a terminate handler that will + * close all libraries. Also get a reference to the main module + * for use with loadbind. + */ + if (!mainModule) { + if ((mainModule = findMain()) == NULL) + return NULL; + atexit(terminate); + } + /* + * Scan the list of modules if we have the module already loaded. + */ + for (mp = modList; mp; mp = mp->next) + if (strcmp(mp->name, path) == 0) { + mp->refCnt++; + return mp; + } + if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { + errvalid++; + strcpy(errbuf, "calloc: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + if ((mp->name = strdup(path)) == NULL) { + errvalid++; + strcpy(errbuf, "strdup: "); + strcat(errbuf, strerror(errno)); + free(mp); + return NULL; + } + /* + * load should be declared load(const char *...). Thus we + * cast the path to a normal char *. Ugly. + */ + if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) { + free(mp->name); + free(mp); + errvalid++; + strcpy(errbuf, "dlopen: "); + strcat(errbuf, path); + strcat(errbuf, ": "); + /* + * If AIX says the file is not executable, the error + * can be further described by querying the loader about + * the last error. + */ + if (errno == ENOEXEC) { + char *tmp[BUFSIZ/sizeof(char *)]; + if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) + strcpy(errbuf, strerror(errno)); + else { + char **p; + for (p = tmp; *p; p++) + caterr(*p); + } + } else + strcat(errbuf, strerror(errno)); + return NULL; + } + mp->refCnt = 1; + mp->next = modList; + modList = mp; + if (loadbind(0, mainModule, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + /* + * If the user wants global binding, loadbind against all other + * loaded modules. + */ + if (mode & RTLD_GLOBAL) { + ModulePtr mp1; + for (mp1 = mp->next; mp1; mp1 = mp1->next) + if (loadbind(0, mp1->entry, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (readExports(mp) == -1) { + dlclose(mp); + return NULL; + } + /* + * If there is a dl_info structure, call the init function. + */ + if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) { + if (mp->info->init) + (*mp->info->init)(); + } else + errvalid = 0; + /* + * If the shared object was compiled using xlC we will need + * to call static constructors (and later on dlclose destructors). + */ + if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->init && cp->init != (void (*)(void))0xffffffff) + (*cp->init)(); + cp++; + } + /* + * If the shared object was compiled using g++, we will need + * to call global constructors using the _GLOBAL__DI function, + * and later, global destructors using the _GLOBAL_DD + * funciton. --jwe + */ + } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) { + (*mp->gcc_ctor)(); + mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); + } else + errvalid = 0; + return mp; +} + +/* + * Attempt to decipher an AIX loader error message and append it + * to our static error message buffer. + */ +static void caterr(char *s) +{ + char *p = s; + + while (*p >= '0' && *p <= '9') + p++; + switch(atoi(s)) { + case L_ERROR_TOOMANY: + strcat(errbuf, "to many errors"); + break; + case L_ERROR_NOLIB: + strcat(errbuf, "can't load library"); + strcat(errbuf, p); + break; + case L_ERROR_UNDEF: + strcat(errbuf, "can't find symbol"); + strcat(errbuf, p); + break; + case L_ERROR_RLDBAD: + strcat(errbuf, "bad RLD"); + strcat(errbuf, p); + break; + case L_ERROR_FORMAT: + strcat(errbuf, "bad exec format in"); + strcat(errbuf, p); + break; + case L_ERROR_ERRNO: + strcat(errbuf, strerror(atoi(++p))); + break; + default: + strcat(errbuf, s); + break; + } +} + +void *dlsym(void *handle, const char *symbol) +{ + ModulePtr mp = (ModulePtr)handle; + ExportPtr ep; + int i; + + /* + * Could speed up the search, but I assume that one assigns + * the result to function pointers anyways. + */ + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (strcmp(ep->name, symbol) == 0) + return ep->addr; + errvalid++; + strcpy(errbuf, "dlsym: undefined symbol "); + strcat(errbuf, symbol); + return NULL; +} + +char *dlerror(void) +{ + if (errvalid) { + errvalid = 0; + return errbuf; + } + return NULL; +} + +int dlclose(void *handle) +{ + ModulePtr mp = (ModulePtr)handle; + int result; + ModulePtr mp1; + + if (--mp->refCnt > 0) + return 0; + if (mp->info && mp->info->fini) + (*mp->info->fini)(); + if (mp->cdtors) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->term && cp->init != (void (*)(void))0xffffffff) + (*cp->term)(); + cp++; + } + /* + * If the function to handle global destructors for g++ + * exists, call it. --jwe + */ + } else if (mp->gcc_dtor) { + (*mp->gcc_dtor)(); + } + result = unload(mp->entry); + if (result == -1) { + errvalid++; + strcpy(errbuf, strerror(errno)); + } + if (mp->exports) { + ExportPtr ep; + int i; + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (ep->name) + free(ep->name); + free(mp->exports); + } + if (mp == modList) + modList = mp->next; + else { + for (mp1 = modList; mp1; mp1 = mp1->next) + if (mp1->next == mp) { + mp1->next = mp->next; + break; + } + } + free(mp->name); + free(mp); + return result; +} + +static void terminate(void) +{ + while (modList) + dlclose(modList); +} + +/* + * Build the export table from the XCOFF .loader section. + */ +static int readExports(ModulePtr mp) +{ + LDFILE *ldp = NULL; + SCNHDR sh, shdata; + LDHDR *lhp; + char *ldbuf; + LDSYM *ls; + int i; + ExportPtr ep; + + if ((ldp = ldopen(mp->name, ldp)) == NULL) { + struct ld_info *lp; + char *buf; + int size = 4*1024; + if (errno != ENOENT) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + /* + * The module might be loaded due to the LIBPATH + * environment variable. Search for the loaded + * module using L_GETINFO. + */ + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(buf); + return -1; + } + /* + * Traverse the list of loaded modules. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + while (lp) { + if (lp->ldinfo_dataorg == mp->entry) { + ldp = ldopen(lp->ldinfo_filename, ldp); + break; + } + if (lp->ldinfo_next == 0) + lp = NULL; + else + lp = (struct ld_info *)((char *)lp + lp->ldinfo_next); + } + free(buf); + if (!ldp) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (TYPE(ldp) != U802TOCMAGIC) { + errvalid++; + strcpy(errbuf, "readExports: bad magic"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Get the padding for the data section. This is needed for + * AIX 4.1 compilers. This is used when building the final + * function pointer to the exported symbol. + */ + if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read data section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * We read the complete loader section in one chunk, this makes + * finding long symbol names residing in the string table easier. + */ + if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { + errvalid++; + strcpy(errbuf, "readExports: cannot seek to loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + lhp = (LDHDR *)ldbuf; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + /* + * Count the number of exports to include in our export table. + */ + for (i = lhp->l_nsyms; i; i--, ls++) { + if (!LDR_EXPORT(*ls)) + continue; + mp->nExports++; + } + if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Fill in the export table. All entries are relative to + * the entry point we got from load. + */ + ep = mp->exports; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + for (i = lhp->l_nsyms; i; i--, ls++) { + char *symname; + char tmpsym[SYMNMLEN+1]; + if (!LDR_EXPORT(*ls)) + continue; + if (ls->l_zeroes == 0) + symname = ls->l_offset+lhp->l_stoff+ldbuf; + else { + /* + * The l_name member is not zero terminated, we + * must copy the first SYMNMLEN chars and make + * sure we have a zero byte at the end. + */ + strncpy(tmpsym, ls->l_name, SYMNMLEN); + tmpsym[SYMNMLEN] = '\0'; + symname = tmpsym; + } + ep->name = strdup(symname); + ep->addr = (void *)((unsigned long)mp->entry + + ls->l_value - shdata.s_vaddr); + ep++; + } + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return 0; +} + +/* + * Find the main modules entry point. This is used as export pointer + * for loadbind() to be able to resolve references to the main part. + */ +static void * findMain(void) +{ + struct ld_info *lp; + char *buf; + int size = 4*1024; + int i; + void *ret; + + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + free(buf); + return NULL; + } + /* + * The first entry is the main module. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + ret = lp->ldinfo_dataorg; + free(buf); + return ret; +} diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.h b/crypto/kerberosIV/lib/kafs/dlfcn.h new file mode 100644 index 0000000..5671e9c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.h @@ -0,0 +1,46 @@ +/* + * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +#ifndef __dlfcn_h__ +#define __dlfcn_h__ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Mode flags for the dlopen routine. + */ +#define RTLD_LAZY 1 /* lazy function call binding */ +#define RTLD_NOW 2 /* immediate function call binding */ +#define RTLD_GLOBAL 0x100 /* allow symbols to be global */ + +/* + * To be able to intialize, a library may provide a dl_info structure + * that contains functions to be called to initialize and terminate. + */ +struct dl_info { + void (*init)(void); + void (*fini)(void); +}; + +#if __STDC__ || defined(_IBMR2) +void *dlopen(const char *path, int mode); +void *dlsym(void *handle, const char *symbol); +char *dlerror(void); +int dlclose(void *handle); +#else +void *dlopen(); +void *dlsym(); +char *dlerror(); +int dlclose(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __dlfcn_h__ */ diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h new file mode 100644 index 0000000..b3c53b5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */ + +#ifndef __KAFS_H +#define __KAFS_H + +#include +#include +/* sys/ioctl.h must be included manually before kafs.h */ + +/* + */ +#define AFSCALL_PIOCTL 20 +#define AFSCALL_SETPAG 21 + +#ifndef _VICEIOCTL +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#endif /* _VICEIOCTL */ + +#define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETTOK _VICEIOCTL(8) +#define VIOCUNLOG _VICEIOCTL(9) +#define VIOC_FILE_CELL_NAME _VICEIOCTL(30) + +struct ViceIoctl { + caddr_t in, out; + short in_size; + short out_size; +}; + +struct ClearToken { + int32_t AuthHandle; + char HandShakeKey[8]; + int32_t ViceId; + int32_t BeginTimestamp; + int32_t EndTimestamp; +}; + +#ifndef __P +#define __P(x) x +#endif + +/* Use k_hasafs() to probe if the machine supports AFS syscalls. + The other functions will generate a SIGSYS if AFS is not supported */ + +int k_hasafs __P((void)); + +int k_afsklog __P((const char *cell, const char *realm)); +int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid)); +int k_pioctl __P((char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks)); +int k_unlog __P((void)); +int k_setpag __P((void)); +int k_afs_cell_of_file __P((const char *path, char *cell, int len)); + +#define _PATH_VICE "/usr/vice/etc/" +#define _PATH_THISCELL _PATH_VICE "ThisCell" +#define _PATH_CELLSERVDB _PATH_VICE "CellServDB" +#define _PATH_THESECELLS _PATH_VICE "TheseCells" + +#endif /* __KAFS_H */ diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h new file mode 100644 index 0000000..6ada6ab --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */ + +#ifndef __KAFS_LOCL_H__ +#define __KAFS_LOCL_H__ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_SYS_FILIO_H +#include +#endif + +#ifdef HAVE_SYS_SYSCALL_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif +#include + +#include +#include + +#include + +#include "afssysdefs.h" + + +#endif /* __KAFS_LOCL_H__ */ diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in new file mode 100644 index 0000000..f6fb962 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/Makefile.in @@ -0,0 +1,83 @@ +# +# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kdb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c + +OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kdb/base64.c b/crypto/kerberosIV/lib/kdb/base64.c new file mode 100644 index 0000000..d7e89c4 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: base64.c,v 1.7 1997/04/01 08:18:16 joda Exp $"); +#endif + +#include +#include +#include +#include "base64.h" + +static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int POS(char c) +{ + if(c == '=') return 64; + if(isupper(c)) + return c - 'A'; + if(islower(c)) + return c - 'a' + 26; + if(isdigit(c)) + return c - '0' + 52; + if(c == '+') + return 62; + if(c == '/') + return 63; + return -1; +} + +char *base64_encode(const void *buf, int size) +{ + char *str = (char*)malloc((size+3)*4/3+1); + char *p=str; + unsigned char *q = (unsigned char*)buf; + int i; + int c; + i=0; + while(i> 18]; + p[1]=base64[(c&0x0003f000) >> 12]; + p[2]=base64[(c&0x00000fc0) >> 6]; + p[3]=base64[(c&0x0000003f) >> 0]; + if(i>size) + p[3]='='; + if(i>size+1) + p[2]='='; + p+=4; + } + *p=0; + return str; +} + +/* convert string in s to binary data. s should be a multiple of 4 + * bytes long. data should be at least len(s) * 3 / 4 bytes long. + * returns + */ +int base64_decode(char *s, void *data) +{ + char *p; + unsigned char *q; + int n[4]; + + if(strlen(s) % 4) + return -1; + q=(unsigned char*)data; + for(p=s; *p; p+=4){ + n[0] = POS(p[0]); + n[1] = POS(p[1]); + n[2] = POS(p[2]); + n[3] = POS(p[3]); + if((n[0] | n[1] | n[2] | n[3]) < 0) + return -1; + + if(n[0] == 64 || n[1] == 64) + return -1; + if(n[2] == 64 && n[3] < 64) + return -1; + q[0] = (n[0] << 2) + (n[1] >> 4); + if(n[2] < 64){ + q[1] = ((n[1] & 15) << 4) + (n[2] >> 2); + } + if(n[3] < 64){ + q[2] = ((n[2] & 3) << 6) + n[3]; + } + q+=3; + } + q -= (n[2] == 64) + (n[3] == 64); + return q - (unsigned char*)data; +} + +#ifdef TEST +int main(int argc, char **argv) +{ + char str[128]; + char buf[128]; + char *p; + printf("base64_encode(\"%s\") = \"%s\"\n", argv[1], + p=base64_encode(argv[1], strlen(argv[1]))); + printf("base64_decode(\"%s\") = %d", p, base64_decode(p, buf)); + printf(" (\"%s\")\n", buf); + printf("base64_decode(\"%s\") = %d", argv[1], base64_decode(argv[1], buf)); + printf(" (\"%s\")\n", buf); +} +#endif diff --git a/crypto/kerberosIV/lib/kdb/base64.h b/crypto/kerberosIV/lib/kdb/base64.h new file mode 100644 index 0000000..edfb344 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.5 1997/04/01 08:18:16 joda Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +char *base64_encode(const void *buf, int size); +int base64_decode(char *s, void *data); + +#endif diff --git a/crypto/kerberosIV/lib/kdb/copykey.c b/crypto/kerberosIV/lib/kdb/copykey.c new file mode 100644 index 0000000..a78baf7 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/copykey.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdb_locl.h" + +RCSID("$Id: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $"); + +void +copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi) +{ + memcpy(lo, ((char *) in) + 0, 4); + memcpy(hi, ((char *) in) + 4, 4); +} + +void +copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out) +{ + memcpy(((char *)out) + 0, lo, 4); + memcpy(((char *)out) + 4, hi, 4); +} diff --git a/crypto/kerberosIV/lib/kdb/kdb_locl.h b/crypto/kerberosIV/lib/kdb/kdb_locl.h new file mode 100644 index 0000000..fe4d079 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdb_locl.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ + +#ifndef __kdb_locl_h +#define __kdb_locl_h + +#include "config.h" +#include "protos.h" + +#include "base64.h" + +#include +#include +#include + +#include +#include + +#include + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#include +#include +#include +#include +#include + +#include +#include + +/* --- */ + +/* Globals! */ + +/* Utils */ + +int kerb_db_set_lockmode __P((int)); +void kerb_db_fini __P((void)); +int kerb_db_init __P((void)); +int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *)); + +void delta_stat __P((DB_stat *, DB_stat *, DB_stat *)); + +int kerb_cache_init __P((void)); +int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int)); +int kerb_cache_put_principal __P((Principal *, unsigned int)); +int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int)); +int kerb_cache_put_dba __P((Dba *, unsigned int)); + +void krb_print_principal __P((Principal *)); + +#endif /* __kdb_locl_h */ diff --git a/crypto/kerberosIV/lib/kdb/kdc.h b/crypto/kerberosIV/lib/kdb/kdc.h new file mode 100644 index 0000000..f404d11 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdc.h @@ -0,0 +1,34 @@ +/* + * $Id: kdc.h,v 1.8 1997/04/01 03:59:05 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Include file for the Kerberos Key Distribution Center. + */ + +#ifndef KDC_DEFS +#define KDC_DEFS + +/* Don't depend on this! */ +#ifndef MKEYFILE +#if 0 +#define MKEYFILE "/var/kerberos/master-key" +#else +#define MKEYFILE "/.k" +#endif +#endif +#ifndef K_LOGFIL +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +#define ONE_MINUTE 60 +#define FIVE_MINUTES (5 * ONE_MINUTE) +#define ONE_HOUR (60 * ONE_MINUTE) +#define ONE_DAY (24 * ONE_HOUR) +#define THREE_DAYS (3 * ONE_DAY) + +#endif /* KDC_DEFS */ + diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c new file mode 100644 index 0000000..ed4a5b1 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_cache.c @@ -0,0 +1,189 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * This is where a cache would be implemented, if it were necessary. + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $"); + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +#endif +static int init = 0; + +/* + * initialization routine for cache + */ + +int +kerb_cache_init(void) +{ + init = 1; + return (0); +} + +/* + * look up a principal in the cache returns number of principals found + */ + +int +kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_principal for %s %s max = %d\n", + serv, inst, max); +#endif /* DEBUG */ + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, principal->name, principal->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, + inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a principal in the cache returns number of principals + * inserted + */ + +int +kerb_cache_put_principal(Principal *principal, unsigned int max) + + /* max number of principal structs to + * insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_principal max = %d", + max); + } +#endif + + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + principal->name, principal->instance); +#endif + /* DO IT */ + count++; + principal++; + } + return count; +} + +/* + * look up a dba in the cache returns number of dbas found + */ + +int +kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_dba for %s %s max = %d\n", + serv, inst, max); +#endif + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, dba->name, dba->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a dba in the cache returns number of dbas inserted + */ + +int +kerb_cache_put_dba(Dba *dba, unsigned int max) + + /* max number of dba structs to insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_dba max = %d", max); + } +#endif + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + dba->name, dba->instance); +#endif + /* DO IT */ + count++; + dba++; + } + return count; +} + diff --git a/crypto/kerberosIV/lib/kdb/krb_db.h b/crypto/kerberosIV/lib/kdb/krb_db.h new file mode 100644 index 0000000..1a08b83 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_db.h @@ -0,0 +1,137 @@ +/* + * $Id: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * spm Project Athena 8/85 + * + * This file defines data structures for the kerberos + * authentication/authorization database. + * + * They MUST correspond to those defined in *.rel + */ + +#ifndef KRB_DB_DEFS +#define KRB_DB_DEFS + +#include + +#define KERB_M_NAME "K" /* Kerberos */ +#define KERB_M_INST "M" /* Master */ +#define KERB_DEFAULT_NAME "default" +#define KERB_DEFAULT_INST "" +#ifndef DB_DIR +#define DB_DIR "/var/kerberos" +#endif +#ifndef DBM_FILE +#define DBM_FILE DB_DIR "/principal" +#endif + +/* this also defines the number of queue headers */ +#define KERB_DB_HASH_MODULO 64 + + +/* Arguments to kerb_dbl_lock() */ + +#define KERB_DBL_EXCLUSIVE 1 +#define KERB_DBL_SHARED 0 + +/* arguments to kerb_db_set_lockmode() */ + +#define KERB_DBL_BLOCKING 0 +#define KERB_DBL_NONBLOCKING 1 + +/* arguments to kdb_get_master_key */ + +#define KDB_GET_PROMPT 1 +#define KDB_GET_TWICE 2 + +/* Principal defines the structure of a principal's name */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + u_int32_t mod_date; + char mod_date_txt[DATE_SZ]; + u_int16_t attributes; + u_int8_t max_life; + u_int8_t kdc_key_ver; + u_int8_t key_version; + + char mod_name[ANAME_SZ]; + char mod_instance[INST_SZ]; + char *old; /* cast to (Principal *); not in db, + * ptr to old vals */ +} Principal; + +typedef struct { + int32_t cpu; + int32_t elapsed; + int32_t dio; + int32_t pfault; + int32_t t_stamp; + int32_t n_retrieve; + int32_t n_replace; + int32_t n_append; + int32_t n_get_stat; + int32_t n_put_stat; +} DB_stat; + +/* Dba defines the structure of a database administrator */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int16_t attributes; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + char *old; /* + * cast to (Dba *); not in db, ptr to + * old vals + */ +} Dba; + +typedef int (*k_iter_proc_t)(void*, Principal*); + +void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi)); +void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out)); + +void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *, + des_key_schedule, int)); +int kdb_get_master_key __P((int prompt, des_cblock *master_key, + des_key_schedule master_key_sched)); +int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int)); +int kdb_kstash __P((des_cblock *, char *)); +int kdb_new_get_master_key __P((des_cblock *, des_key_schedule)); +int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify)); +long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *)); +long *kerb_db_begin_update __P((void)); +int kerb_db_create __P((char *db_name)); +int kerb_db_delete_principal (char *name, char *inst); +void kerb_db_end_update __P((long *db)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *)); +void kerb_db_get_stat __P((DB_stat *)); +int kerb_db_iterate __P((k_iter_proc_t, void*)); +int kerb_db_put_principal __P((Principal *, unsigned int)); +void kerb_db_put_stat __P((DB_stat *)); +int kerb_db_rename __P((char *, char *)); +int kerb_db_set_lockmode __P((int)); +int kerb_db_set_name __P((char *)); +int kerb_db_update __P((long *db, Principal *principal, unsigned int max)); +int kerb_delete_principal __P((char *name, char *inst)); +void kerb_fini __P((void)); +int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *)); +time_t kerb_get_db_age __P((void)); +int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *)); +int kerb_init __P((void)); +int kerb_put_principal __P((Principal *, unsigned int)); + +#endif /* KRB_DB_DEFS */ diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c new file mode 100644 index 0000000..963656a --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c @@ -0,0 +1,823 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $"); + +#include + +#define KERB_DB_MAX_RETRY 5 + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +extern char *progname; +#endif + +static int init = 0; +static char default_db_name[] = DBM_FILE; +static char *current_db_name = default_db_name; + +static struct timeval timestamp;/* current time of request */ +static int non_blocking = 0; + +/* + * This module contains all of the code which directly interfaces to + * the underlying representation of the Kerberos database; this + * implementation uses a DBM or NDBM indexed "file" (actually + * implemented as two separate files) to store the relations, plus a + * third file as a semaphore to allow the database to be replaced out + * from underneath the KDC server. + */ + +/* + * Locking: + * + * There are two distinct locking protocols used. One is designed to + * lock against processes (the admin_server, for one) which make + * incremental changes to the database; the other is designed to lock + * against utilities (kdb_util, kpropd) which replace the entire + * database in one fell swoop. + * + * The first locking protocol is implemented using flock() in the + * krb_dbl_lock() and krb_dbl_unlock routines. + * + * The second locking protocol is necessary because DBM "files" are + * actually implemented as two separate files, and it is impossible to + * atomically rename two files simultaneously. It assumes that the + * database is replaced only very infrequently in comparison to the time + * needed to do a database read operation. + * + * A third file is used as a "version" semaphore; the modification + * time of this file is the "version number" of the database. + * At the start of a read operation, the reader checks the version + * number; at the end of the read operation, it checks again. If the + * version number changed, or if the semaphore was nonexistant at + * either time, the reader sleeps for a second to let things + * stabilize, and then tries again; if it does not succeed after + * KERB_DB_MAX_RETRY attempts, it gives up. + * + * On update, the semaphore file is deleted (if it exists) before any + * update takes place; at the end of the update, it is replaced, with + * a version number strictly greater than the version number which + * existed at the start of the update. + * + * If the system crashes in the middle of an update, the semaphore + * file is not automatically created on reboot; this is a feature, not + * a bug, since the database may be inconsistant. Note that the + * absence of a semaphore file does not prevent another _update_ from + * taking place later. Database replacements take place automatically + * only on slave servers; a crash in the middle of an update will be + * fixed by the next slave propagation. A crash in the middle of an + * update on the master would be somewhat more serious, but this would + * likely be noticed by an administrator, who could fix the problem and + * retry the operation. + */ + + +/* + * Utility routine: generate name of database file. + */ + +static char *gen_dbsuffix (char *db_name, char *sfx); + +static char * +gen_dbsuffix(char *db_name, char *sfx) +{ + char *dbsuffix; + + if (sfx == NULL) + sfx = ".ok"; + + asprintf (&dbsuffix, "%s%s", db_name, sfx); + return dbsuffix; +} + +static void +decode_princ_key (datum *key, char *name, char *instance); + +static void +decode_princ_key(datum *key, char *name, char *instance) +{ + strncpy(name, key->dptr, ANAME_SZ); + strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ); + name[ANAME_SZ - 1] = '\0'; + instance[INST_SZ - 1] = '\0'; +} + +static void +encode_princ_contents (datum *contents, Principal *principal); + +static void +encode_princ_contents(datum *contents, Principal *principal) +{ + contents->dsize = sizeof(*principal); + contents->dptr = (char *) principal; +} + +static void +decode_princ_contents (datum *contents, Principal *principal) +{ + memcpy(principal, contents->dptr, sizeof(*principal)); +} + +static void +encode_princ_key (datum *key, char *name, char *instance) +{ + static char keystring[ANAME_SZ + INST_SZ]; + + memset(keystring, 0, ANAME_SZ + INST_SZ); + strncpy(keystring, name, ANAME_SZ); + strncpy(&keystring[ANAME_SZ], instance, INST_SZ); + key->dptr = keystring; + key->dsize = ANAME_SZ + INST_SZ; +} + +static int dblfd = -1; /* db LOCK fd */ +static int mylock = 0; +static int inited = 0; + +static int +kerb_dbl_init (void); + +static int +kerb_dbl_init() +{ + if (!inited) { + char *filename = gen_dbsuffix (current_db_name, ".ok"); + if ((dblfd = open(filename, O_RDWR)) < 0) { + fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename); + fflush(stderr); + perror("open"); + exit(1); + } + free(filename); + inited++; + } + return (0); +} + +static void +kerb_dbl_fini (void); + +static void +kerb_dbl_fini() +{ + close(dblfd); + dblfd = -1; + inited = 0; + mylock = 0; +} + +static int +kerb_dbl_lock (int mode); + +static int +kerb_dbl_lock(int mode) +{ + int flock_mode; + + if (!inited) + kerb_dbl_init(); + if (mylock) { /* Detect lock call when lock already + * locked */ + fprintf(stderr, "Kerberos locking error (mylock)\n"); + fflush(stderr); + exit(1); + } + switch (mode) { + case KERB_DBL_EXCLUSIVE: + flock_mode = K_LOCK_EX; + break; + case KERB_DBL_SHARED: + flock_mode = K_LOCK_SH; + break; + default: + fprintf(stderr, "invalid lock mode %d\n", mode); + abort(); + } + if (non_blocking) + flock_mode |= K_LOCK_NB; + + if (k_flock(dblfd, flock_mode) < 0) + return errno; + mylock++; + return 0; +} + +static void kerb_dbl_unlock (void); + +static void +kerb_dbl_unlock() +{ + if (!mylock) { /* lock already unlocked */ + fprintf(stderr, "Kerberos database lock not locked when unlocking.\n"); + fflush(stderr); + exit(1); + } + if (k_flock(dblfd, K_LOCK_UN) < 0) { + fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); + fflush(stderr); + perror("k_flock"); + exit(1); + } + mylock = 0; +} + +int +kerb_db_set_lockmode (int mode); + +int +kerb_db_set_lockmode(int mode) +{ + int old = non_blocking; + non_blocking = mode; + return old; +} + +/* + * initialization for data base routines. + */ + +int +kerb_db_init (void); + +int +kerb_db_init() +{ + init = 1; + return (0); +} + +/* + * gracefully shut down database--must be called by ANY program that does + * a kerb_db_init + */ + +void +kerb_db_fini (void); + +void +kerb_db_fini() +{ +} + +/* + * Set the "name" of the current database to some alternate value. + * + * Passing a null pointer as "name" will set back to the default. + * If the alternate database doesn't exist, nothing is changed. + */ + +int +kerb_db_set_name (char *name); + +int +kerb_db_set_name(char *name) +{ + DBM *db; + + if (name == NULL) + name = default_db_name; + db = dbm_open(name, 0, 0); + if (db == NULL) + return errno; + dbm_close(db); + kerb_dbl_fini(); + current_db_name = name; + return 0; +} + +/* + * Return the last modification time of the database. + */ + +time_t +kerb_get_db_age (void); + +time_t +kerb_get_db_age() +{ + struct stat st; + char *okname; + time_t age; + + okname = gen_dbsuffix(current_db_name, ".ok"); + + if (stat (okname, &st) < 0) + age = 0; + else + age = st.st_mtime; + + free (okname); + return age; +} + +/* + * Remove the semaphore file; indicates that database is currently + * under renovation. + * + * This is only for use when moving the database out from underneath + * the server (for example, during slave updates). + */ + +static time_t +kerb_start_update (char *db_name); + +static time_t +kerb_start_update(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + time_t age = kerb_get_db_age(); + + if (unlink(okname) < 0 + && errno != ENOENT) { + age = -1; + } + free (okname); + return age; +} + +static int +kerb_end_update (char *db_name, time_t age); + +static int +kerb_end_update(char *db_name, time_t age) +{ + int fd; + int retval = 0; + char *new_okname = gen_dbsuffix(db_name, ".ok#"); + char *okname = gen_dbsuffix(db_name, ".ok"); + + fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + retval = errno; + else { + struct stat st; + struct utimbuf tv; + /* make sure that semaphore is "after" previous value. */ + if (fstat (fd, &st) == 0 + && st.st_mtime <= age) { + tv.actime = st.st_atime; + tv.modtime = age; + /* set times.. */ + utime (new_okname, &tv); + fsync(fd); + } + close(fd); + if (rename (new_okname, okname) < 0) + retval = errno; + } + + free (new_okname); + free (okname); + + return retval; +} + +static time_t +kerb_start_read (void); + +static time_t +kerb_start_read() +{ + return kerb_get_db_age(); +} + +static int kerb_end_read (time_t age); + +static int +kerb_end_read(time_t age) +{ + if (kerb_get_db_age() != age || age == -1) { + return -1; + } + return 0; +} + +/* + * Create the database, assuming it's not there. + */ +int +kerb_db_create(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + int fd; + int ret = 0; +#ifdef NDBM + DBM *db; + + db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); + if (db == NULL) + ret = errno; + else + dbm_close(db); +#else + char *dirname = gen_dbsuffix(db_name, ".dir"); + char *pagname = gen_dbsuffix(db_name, ".pag"); + + fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else { + close(fd); + fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else + close(fd); + } + if (dbminit(db_name) < 0) + ret = errno; +#endif + if (ret == 0) { + fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + ret = errno; + close(fd); + } + return ret; +} + +/* + * "Atomically" rename the database in a way that locks out read + * access in the middle of the rename. + * + * Not perfect; if we crash in the middle of an update, we don't + * necessarily know to complete the transaction the rename, but... + */ + +int +kerb_db_rename(char *from, char *to) +{ +#ifdef HAVE_NEW_DB + char *fromdb = gen_dbsuffix (from, ".db"); + char *todb = gen_dbsuffix (to, ".db"); +#else + char *fromdir = gen_dbsuffix (from, ".dir"); + char *todir = gen_dbsuffix (to, ".dir"); + char *frompag = gen_dbsuffix (from , ".pag"); + char *topag = gen_dbsuffix (to, ".pag"); +#endif + char *fromok = gen_dbsuffix(from, ".ok"); + long trans = kerb_start_update(to); + int ok = 0; + +#ifdef HAVE_NEW_DB + if (rename (fromdb, todb) == 0) { + unlink (fromok); + ok = 1; + } + free (fromdb); + free (todb); +#else + if ((rename (fromdir, todir) == 0) + && (rename (frompag, topag) == 0)) { + unlink (fromok); + ok = 1; + } + free (fromdir); + free (todir); + free (frompag); + free (topag); +#endif + free (fromok); + if (ok) + return kerb_end_update(to, trans); + else + return -1; +} + +int +kerb_db_delete_principal (char *name, char *inst) +{ + DBM *db; + int try; + int done = 0; + int code; + datum key; + + if(!init) + kerb_db_init(); + + for(try = 0; try < KERB_DB_MAX_RETRY; try++){ + if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDWR, 0600); + if(db == NULL) + return -1; + encode_princ_key(&key, name, inst); + if(dbm_delete(db, key) == 0) + done = 1; + + dbm_close(db); + kerb_dbl_unlock(); + if(done) + break; + if(!non_blocking) + sleep(1); + } + if(!done) + return -1; + return 0; +} + + +/* + * look up a principal in the data base returns number of principals + * found , and whether there were more than requested. + */ + +int +kerb_db_get_principal (char *name, char *inst, Principal *principal, + unsigned int max, int *more) +{ + int found = 0, code; + int wildp, wildi; + datum key, contents; + char testname[ANAME_SZ], testinst[INST_SZ]; + u_long trans; + int try; + DBM *db; + + if (!init) + kerb_db_init(); /* initialize database routines */ + + for (try = 0; try < KERB_DB_MAX_RETRY; try++) { + trans = kerb_start_read(); + + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + *more = 0; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, + "%s: db_get_principal for %s %s max = %d", + progname, name, inst, max); +#endif + + wildp = !strcmp(name, "*"); + wildi = !strcmp(inst, "*"); + + if (!wildi && !wildp) { /* nothing's wild */ + encode_princ_key(&key, name, inst); + contents = dbm_fetch(db, key); + if (contents.dptr == NULL) { + found = 0; + goto done; + } + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + found = 1; + goto done; + } + /* process wild cards by looping through entire database */ + + for (key = dbm_firstkey(db); key.dptr != NULL; + key = dbm_next(db, key)) { + decode_princ_key(&key, testname, testinst); + if ((wildp || !strcmp(testname, name)) && + (wildi || !strcmp(testinst, inst))) { /* have a match */ + if (found >= max) { + *more = 1; + goto done; + } else { + found++; + contents = dbm_fetch(db, key); + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, + "\tfound %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + principal++; /* point to next */ + } + } + } + + done: + kerb_dbl_unlock(); /* unlock read lock */ + dbm_close(db); + if (kerb_end_read(trans) == 0) + break; + found = -1; + if (!non_blocking) + sleep(1); + } + return (found); +} + +/* Use long * rather than DBM * so that the database structure is private */ + +long * +kerb_db_begin_update(void) +{ + int code; + + gettimeofday(×tamp, NULL); + + if (!init) + kerb_db_init(); + + if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) + return 0; + + return (long *) dbm_open(current_db_name, O_RDWR, 0600); +} + +void +kerb_db_end_update(long *db) +{ + dbm_close((DBM *)db); + kerb_dbl_unlock(); /* unlock database */ +} + +int +kerb_db_update(long *db, Principal *principal, unsigned int max) +{ + int found = 0; + u_long i; + datum key, contents; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "%s: kerb_db_put_principal max = %d", + progname, max); +#endif + + /* for each one, stuff temps, and do replace/append */ + for (i = 0; i < max; i++) { + encode_princ_contents(&contents, principal); + encode_princ_key(&key, principal->name, principal->instance); + dbm_store((DBM *)db, key, contents, DBM_REPLACE); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\n put %s %s\n", + principal->name, principal->instance); + } +#endif + found++; + principal++; /* bump to next struct */ + } + return found; +} + +/* + * Update a name in the data base. Returns number of names + * successfully updated. + */ + +int +kerb_db_put_principal (Principal *principal, unsigned int max); + +int +kerb_db_put_principal(Principal *principal, + unsigned max) + +{ + int found; + long *db; + + db = kerb_db_begin_update(); + if (db == 0) + return -1; + + found = kerb_db_update(db, principal, max); + + kerb_db_end_update(db); + return (found); +} + +void +kerb_db_get_stat (DB_stat *s); + +void +kerb_db_get_stat(DB_stat *s) +{ + gettimeofday(×tamp, NULL); + + s->cpu = 0; + s->elapsed = 0; + s->dio = 0; + s->pfault = 0; + s->t_stamp = timestamp.tv_sec; + s->n_retrieve = 0; + s->n_replace = 0; + s->n_append = 0; + s->n_get_stat = 0; + s->n_put_stat = 0; + /* update local copy too */ +} + +void +kerb_db_put_stat (DB_stat *s); + +void +kerb_db_put_stat(DB_stat *s) +{ +} + +void +delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); + +void +delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) +{ + /* c = a - b then b = a for the next time */ + + c->cpu = a->cpu - b->cpu; + c->elapsed = a->elapsed - b->elapsed; + c->dio = a->dio - b->dio; + c->pfault = a->pfault - b->pfault; + c->t_stamp = a->t_stamp - b->t_stamp; + c->n_retrieve = a->n_retrieve - b->n_retrieve; + c->n_replace = a->n_replace - b->n_replace; + c->n_append = a->n_append - b->n_append; + c->n_get_stat = a->n_get_stat - b->n_get_stat; + c->n_put_stat = a->n_put_stat - b->n_put_stat; + + memcpy(b, a, sizeof(DB_stat)); + return; +} + +/* + * look up a dba in the data base returns number of dbas found , and + * whether there were more than requested. + */ + +int +kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more); + +int +kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba, + unsigned max, + int *more) + /* could have wild card */ + /* could have wild card */ + /* max number of name structs to return */ + /* where there more than 'max' tuples? */ +{ + *more = 0; + return (0); +} + +int +kerb_db_iterate (k_iter_proc_t func, void *arg) +{ + datum key, contents; + Principal *principal; + int code; + DBM *db; + + kerb_db_init(); /* initialize and open the database */ + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return code; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { + contents = dbm_fetch (db, key); + /* XXX may not be properly aligned */ + principal = (Principal *) contents.dptr; + if ((code = (*func)(arg, principal)) != 0) + return code; + } + dbm_close(db); + kerb_dbl_unlock(); + return 0; +} diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c new file mode 100644 index 0000000..f321e9f --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c @@ -0,0 +1,261 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Utility routines for Kerberos programs which directly access + * the database. This code was duplicated in too many places + * before I gathered it here. + * + * Jon Rochlis, MIT Telecom, March 1988 + */ + +#include "kdb_locl.h" + +#include + +RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $"); + +/* always try /.k for backwards compatibility */ +static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; + +#ifdef HAVE_STRERROR +#define k_strerror(e) strerror(e) +#else +static +char * +k_strerror(int eno) +{ + extern int sys_nerr; + extern char *sys_errlist[]; + + static char emsg[128]; + + if (eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + return sys_errlist[eno]; + + return emsg; +} +#endif + +int +kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) +{ + int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } + + + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ + + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); + + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + + /* failed test, so must be base64 encoded */ + + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } + + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } + + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); +} + +int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, + int verify) +{ +#ifndef RANDOM_MKEY + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); +#else + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); + + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); +#endif + des_key_sched(key, schedule); + return 0; +} + +int kdb_get_master_key(int prompt, des_cblock *master_key, + des_key_schedule master_key_sched) +{ + int ask = (prompt == KDB_GET_TWICE); +#ifndef RANDOM_MKEY + ask |= (prompt == KDB_GET_PROMPT); +#endif + + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; +} + +int kdb_kstash(des_cblock *master_key, char *file) +{ + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; + } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + close(kfile); + return -1; + } + close(kfile); + return 0; +} + +/* The old algorithm used the key schedule as the initial vector which + was byte order depedent ... */ + +void +kdb_encrypt_key (des_cblock (*in), des_cblock (*out), + des_cblock (*master_key), + des_key_schedule master_key_sched, int e_d_flag) +{ + +#ifdef NOENCRYPTION + memcpy(out, in, sizeof(des_cblock)); +#else + des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, + e_d_flag); +#endif +} + +/* The caller is reasponsible for cleaning up the master key and sched, + even if we can't verify the master key */ + +/* Returns master key version if successful, otherwise -1 */ + +long +kdb_verify_master_key (des_cblock *master_key, + des_key_schedule master_key_sched, + FILE *out) /* NULL -> no output */ +{ + des_cblock key_from_db; + Principal principal_data[1]; + int n, more = 0; + long master_key_version; + + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) { + if (out != (FILE *) NULL) + fprintf(out, + "verify_master_key: %s, %d found.\n", + "Kerberos error on master key version lookup", + n); + return (-1); + } + + master_key_version = (long) principal_data[0].key_version; + + /* set up the master key */ + if (out != (FILE *) NULL) /* should we punt this? */ + fprintf(out, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); + kdb_encrypt_key (&key_from_db, &key_from_db, + master_key, master_key_sched, DES_DECRYPT); + + /* the decrypted database key had better equal the master key */ + n = memcmp(master_key, key_from_db, sizeof(master_key)); + /* this used to zero the master key here! */ + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); + + if (n && (out != (FILE *) NULL)) { + fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); + fprintf(out, "does not match database.\n"); + } + if(n) + return (-1); + + if (out != (FILE *) NULL) { + fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); + fflush(out); + } + + return (master_key_version); +} diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c new file mode 100644 index 0000000..19bf316 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_lib.c @@ -0,0 +1,259 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $"); + +#ifdef DEBUG +extern int debug; +extern char *progname; +long kerb_debug; +#endif + +static int init = 0; + +/* + * initialization routine for data base + */ + +int +kerb_init(void) +{ +#ifdef DEBUG + if (!init) { + char *dbg = getenv("KERB_DBG"); + if (dbg) + sscanf(dbg, "%d", &kerb_debug); + init = 1; + } +#endif + kerb_db_init(); + +#ifdef CACHE + kerb_cache_init(); +#endif + + /* successful init, return 0, else errcode */ + return (0); +} + +/* + * finalization routine for database -- NOTE: MUST be called by any + * program using kerb_init. ALSO will have to be modified to finalize + * caches, if they're ever really implemented. + */ + +void +kerb_fini(void) +{ + kerb_db_fini(); +} + + +int +kerb_delete_principal(char *name, char *inst) +{ + int ret; + + if (!init) + kerb_init(); + + ret = kerb_db_delete_principal(name, inst); +#ifdef CACHE + if(ret == 0){ + kerb_cache_delete_principal(name, inst); + } +#endif + return ret; +} + + +/* + * look up a principal in the cache or data base returns number of + * principals found + */ + +int +kerb_get_principal(char *name, char *inst, Principal *principal, + unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", + progname, name, inst, max); +#endif + + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the principal area */ + memset(principal, 0, max * sizeof(Principal)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_principal(name, inst, principal, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_principal(name, inst, principal, max, more); + /* try to insert principal(s) into cache if it was found */ +#ifdef CACHE + if (found) { + kerb_cache_put_principal(principal, found); + } +#endif + return (found); +} + +/* principals */ +int +kerb_put_principal(Principal *principal, unsigned int n) + + /* number of principal structs to write */ +{ + struct tm *tp; + + /* set mod date */ + principal->mod_date = time((time_t *)0); + /* and mod date string */ + + tp = k_localtime(&principal->mod_date); + snprintf(principal->mod_date_txt, + sizeof(principal->mod_date_txt), + "%4d-%2d-%2d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ +#ifdef DEBUG + if (kerb_debug & 1) { + int i; + fprintf(stderr, "\nkerb_put_principal..."); + for (i = 0; i < n; i++) { + krb_print_principal(&principal[i]); + } + } +#endif + /* write database */ + if (kerb_db_put_principal(principal, n) < 0) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_db_put_principal err", progname); + /* watch out for cache */ +#endif + return -1; + } +#ifdef CACHE + /* write cache */ + if (!kerb_cache_put_principal(principal, n)) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname); +#endif + return -1; + } +#endif + return 0; +} + +int +kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", + progname, name, inst, max); +#endif + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the dba area */ + memset(dba, 0, max * sizeof(Dba)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_dba(name, inst, dba, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_dba(name, inst, dba, max, more); +#ifdef CACHE + /* try to insert dba(s) into cache if it was found */ + if (found) { + kerb_cache_put_dba(dba, found); + } +#endif + return (found); +} diff --git a/crypto/kerberosIV/lib/kdb/print_princ.c b/crypto/kerberosIV/lib/kdb/print_princ.c new file mode 100644 index 0000000..786c5a9 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/print_princ.c @@ -0,0 +1,48 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $"); + +void +krb_print_principal(Principal *a_n) +{ + struct tm *time_p; + + /* run-time database does not contain string versions */ + time_p = k_localtime(&(a_n->exp_date)); + + fprintf(stderr, + "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x", + a_n->name, a_n->instance, + time_p->tm_year + 1900, + time_p->tm_mon + 1, time_p->tm_mday, + time_p->tm_hour, time_p->tm_min, + a_n->max_life, 5 * a_n->max_life, a_n->attributes); + + fprintf(stderr, + "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %ld\n", + a_n->key_version, (long)a_n->key_low, (long)a_n->key_high, + a_n->kdc_key_ver, (long)a_n->old); + + fflush(stderr); +} diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in new file mode 100644 index 0000000..8b34d65 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -0,0 +1,269 @@ +# +# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $ +# + +# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. +LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true` + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +EXECSUFFIX=@EXECSUFFIX@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +PROGS = sizetest$(EXEC_SUFFIX) +LIBNAME = $(LIBPREFIX)krb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = cr_err_reply.c \ + create_auth_reply.c \ + create_ciph.c \ + create_death_packet.c \ + create_ticket.c \ + dest_tkt.c \ + get_in_tkt.c \ + get_svc_in_tkt.c \ + getrealm.c \ + k_localtime.c \ + krb_err_txt.c \ + krb_get_in_tkt.c \ + kuserok.c \ + parse_name.c \ + kntoln.c \ + mk_auth.c \ + krb_check_auth.c \ + mk_err.c \ + mk_safe.c \ + rd_err.c \ + rd_safe.c \ + recvauth.c \ + mk_priv.c \ + rd_req.c \ + decomp_ticket.c \ + lifetime.c \ + month_sname.c \ + stime.c \ + read_service_key.c \ + getst.c \ + sendauth.c \ + netread.c \ + netwrite.c \ + rd_priv.c \ + krb_equiv.c \ + str2key.c \ + get_ad_tkt.c \ + mk_req.c \ + get_cred.c \ + get_tf_realm.c \ + get_tf_fullname.c \ + one.c \ + save_credentials.c \ + send_to_kdc.c \ + get_host.c \ + get_krbrlm.c \ + k_gethostname.c \ + tf_util.c \ + debug_decl.c \ + k_flock.c \ + tkt_string.c \ + getaddrs.c \ + k_getsockinst.c \ + k_getport.c \ + lsb_addr_comp.c \ + name2name.c \ + get_default_principal.c \ + realm_parse.c \ + verify_user.c \ + rw.c \ + kdc_reply.c \ + encrypt_ktext.c \ + swab.c \ + gettimeofday.c \ + check_time.c \ + krb_err.c \ + et_list.c \ + resolve.c \ + unparse_name.c \ + logging.c \ + k_concat.c + +# these files reside in ../roken +# snprintf.c \ +# strdup.c \ +# strtok_r.c \ +# strcasecmp.c + +OBJECTS = cr_err_reply.o \ + create_auth_reply.o \ + create_ciph.o \ + create_death_packet.o \ + create_ticket.o \ + dest_tkt.o \ + get_in_tkt.o \ + get_svc_in_tkt.o \ + getrealm.o \ + k_localtime.o \ + krb_err_txt.o \ + krb_get_in_tkt.o \ + kuserok.o \ + parse_name.o \ + kntoln.o \ + mk_auth.o \ + krb_check_auth.o \ + mk_err.o \ + mk_safe.o \ + rd_err.o \ + rd_safe.o \ + recvauth.o \ + mk_priv.o \ + rd_req.o \ + decomp_ticket.o \ + lifetime.o \ + month_sname.o \ + stime.o \ + read_service_key.o \ + getst.o \ + sendauth.o \ + netread.o \ + netwrite.o \ + rd_priv.o \ + krb_equiv.o \ + str2key.o \ + get_ad_tkt.o \ + mk_req.o \ + get_cred.o \ + get_tf_realm.o \ + get_tf_fullname.o \ + one.o \ + save_credentials.o \ + send_to_kdc.o \ + get_host.o \ + get_krbrlm.o \ + k_gethostname.o \ + tf_util.o \ + debug_decl.o \ + k_flock.o \ + tkt_string.o \ + getaddrs.o \ + k_getsockinst.o \ + k_getport.o \ + lsb_addr_comp.o \ + name2name.o \ + get_default_principal.o \ + realm_parse.o \ + verify_user.o \ + rw.o \ + kdc_reply.o \ + encrypt_ktext.o \ + swab.o \ + gettimeofday.o \ + check_time.o \ + krb_err.o \ + resolve.o \ + unparse_name.o \ + logging.o \ + k_concat.o \ + snprintf.o \ + strdup.o \ + strtok_r.o \ + strcasecmp.o + +# This is only needed by some shared library implementations +LDOBJ = et_list.o + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +sizetest.o: sizetest.c + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +sizetest$(EXECSUFFIX): sizetest.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o + +check: sizetest$(EXECSUFFIX) + ./sizetest$(EXECSUFFIX) + +clean: + rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES) + +krb_err.c krb_err.h: krb_err.et + test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .) + $(COMPILE_ET) krb_err.et + +snprintf.c: + $(LN_S) $(srcdir)/../roken/snprintf.c . + +strdup.c: + $(LN_S) $(srcdir)/../roken/strdup.c . + +strtok_r.c: + $(LN_S) $(srcdir)/../roken/strtok_r.c . + +strcasecmp.c: + $(LN_S) $(srcdir)/../roken/strcasecmp.c . + +$(OBJECTS): ../../include/config.h +$(OBJECTS): krb_locl.h krb.h krb_err.h +one.o: ../../include/version.h diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c new file mode 100644 index 0000000..3c3e6c0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/check_time.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); + +int +krb_check_tm (struct tm tm) +{ + return tm.tm_mon < 0 + || tm.tm_mon > 11 + || tm.tm_hour < 0 + || tm.tm_hour > 23 + || tm.tm_min < 0 + || tm.tm_min > 59 + || tm.tm_sec < 0 + || tm.tm_sec > 59 + || tm.tm_year < 1901 + || tm.tm_year > 2038; +} diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c new file mode 100644 index 0000000..2c1956a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $"); + +/* + * This routine is used by the Kerberos authentication server to + * create an error reply packet to send back to its client. + * + * It takes a pointer to the packet to be built, the name, instance, + * and realm of the principal, the client's timestamp, an error code + * and an error string as arguments. Its return value is undefined. + * + * The packet is built in the following format: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char req_ack_vno protocol version number + * + * unsigned char AUTH_MSG_ERR_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned long e error code + * + * string e_string error text + */ + +void +cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, + u_int32_t time_ws, u_int32_t e, char *e_string) +{ + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1); + + if (pname == NULL) pname = ""; + if (pinst == NULL) pinst = ""; + if (prealm == NULL) prealm = ""; + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(e, p, 4); + + p += krb_put_string(e_string, p); + + pkt->length = p - pkt->dat; +} diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c new file mode 100644 index 0000000..4976c46 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is called by the Kerberos authentication server + * to create a reply to an authentication request. The routine + * takes the user's name, instance, and realm, the client's + * timestamp, the number of tickets, the user's key version + * number and the ciphertext containing the tickets themselves. + * It constructs a packet and returns a pointer to it. + * + * Notes: The packet returned by this routine is static. Thus, if you + * intend to keep the result beyond the next call to this routine, you + * must copy it elsewhere. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_KDC_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned char n number of tickets + * + * unsigned long x_date expiration date + * + * unsigned char kvno master key version + * + * short w_1 cipher length + * + * --- cipher->dat cipher data + */ + +KTEXT +create_auth_reply(char *pname, /* Principal's name */ + char *pinst, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t time_ws, /* Workstation time */ + int n, /* Number of tickets */ + u_int32_t x_date, /* Principal's expiration date */ + int kvno, /* Principal's key version number */ + KTEXT cipher) /* Cipher text with tickets and session keys */ +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1); + + if(n != 0){ + /* barf on old code */ + krb_warning("create_auth_reply: don't give me no krb3 crap!" + " (n == %d)\n", n); + return NULL; + } + + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(n, p, 1); + + p += krb_put_int(x_date, p, 4); + + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(cipher->length, p, 2); + + memcpy(p, cipher->dat, cipher->length); + p += cipher->length; + + pkt->length = p - pkt->dat; + + return pkt; +} diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c new file mode 100644 index 0000000..27d27ff --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ciph.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is used by the authentication server to create + * a packet for its client, containing a ticket for the requested + * service (given in "tkt"), and some information about the ticket, + * + * Returns KSUCCESS no matter what. + * + * The length of the cipher is stored in c->length; the format of + * c->dat is as follows: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * + * 8 bytes session session key for client, service + * + * string service service name + * + * string instance service instance + * + * string realm KDC realm + * + * unsigned char life ticket lifetime + * + * unsigned char kvno service key version number + * + * unsigned char tkt->length length of following ticket + * + * data tkt->dat ticket for service + * + * 4 bytes kdc_time KDC's timestamp + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +create_ciph(KTEXT c, /* Text block to hold ciphertext */ + unsigned char *session, /* Session key to send to user */ + char *service, /* Service name on ticket */ + char *instance, /* Instance name on ticket */ + char *realm, /* Realm of this KDC */ + u_int32_t life, /* Lifetime of the ticket */ + int kvno, /* Key version number for service */ + KTEXT tkt, /* The ticket for the service */ + u_int32_t kdc_time, /* KDC time */ + des_cblock *key) /* Key to encrypt ciphertext with */ + +{ + unsigned char *p = c->dat; + + memset(c, 0, sizeof(KTEXT_ST)); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_nir(service, instance, realm, p); + + p += krb_put_int(life, p, 1); + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(tkt->length, p, 1); + + memcpy(p, tkt->dat, tkt->length); + p += tkt->length; + + p += krb_put_int(kdc_time, p, 4); + + /* multiple of eight bytes */ + c->length = (p - c->dat + 7) & ~7; + + encrypt_ktext(c, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c new file mode 100644 index 0000000..f74ba30 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_death_packet.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $"); + +/* + * This routine creates a packet to type AUTH_MSG_DIE which is sent to + * the Kerberos server to make it shut down. It is used only in the + * development environment. + * + * It takes a string "a_name" which is sent in the packet. A pointer + * to the packet is returned. + * + * The format of the killer packet is: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_DIE message type + * + * [least significant HOST_BYTE_ORDER byte order of sender + * bit of above field] + * + * string a_name presumably, name of + * principal sending killer + * packet + */ + +#ifdef DEBUG +KTEXT +krb_create_death_packet(char *a_name) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_DIE, p, 1); + + p += krb_put_string(a_name, p); + pkt->length = p - pkt->dat; + return pkt; +} +#endif /* DEBUG */ diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c new file mode 100644 index 0000000..b469232 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ticket.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $"); + +/* + * Create ticket takes as arguments information that should be in a + * ticket, and the KTEXT object in which the ticket should be + * constructed. It then constructs a ticket and returns, leaving the + * newly created ticket in tkt. + * The length of the ticket is a multiple of + * eight bytes and is in tkt->length. + * + * If the ticket is too long, the ticket will contain nulls. + * + * The corresponding routine to extract information from a ticket it + * decomp_ticket. When changes are made to this routine, the + * corresponding changes should also be made to that file. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * tkt->length length of ticket (multiple of 8 bytes) + * + * tkt->dat: + * + * unsigned char flags namely, HOST_BYTE_ORDER + * + * string pname client's name + * + * string pinstance client's instance + * + * string prealm client's realm + * + * 4 bytes paddress client's address + * + * 8 bytes session session key + * + * 1 byte life ticket lifetime + * + * 4 bytes time_sec KDC timestamp + * + * string sname service's name + * + * string sinstance service's instance + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */ + unsigned char flags, /* Various Kerberos flags */ + char *pname, /* Principal's name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t paddress, /* Net address of requesting entity */ + void *session, /* Session key inserted in ticket */ + int16_t life, /* Lifetime of the ticket */ + int32_t time_sec, /* Issue time and date */ + char *sname, /* Service Name */ + char *sinstance, /* Instance Name */ + des_cblock *key) /* Service's secret key */ +{ + unsigned char *p = tkt->dat; + + memset(tkt, 0, sizeof(KTEXT_ST)); + + p += krb_put_int(flags, p, 1); + p += krb_put_nir(pname, pinstance, prealm, p); + + p += krb_put_address(paddress, p); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_int(life, p, 1); + p += krb_put_int(time_sec, p, 4); + + p += krb_put_nir(sname, sinstance, NULL, p); + + /* multiple of eight bytes */ + tkt->length = (p - tkt->dat + 7) & ~7; + + /* Check length of ticket */ + if (tkt->length > (sizeof(KTEXT_ST) - 7)) { + memset(tkt->dat, 0, tkt->length); + tkt->length = 0; + return KFAILURE /* XXX */; + } + + encrypt_ktext(tkt, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c new file mode 100644 index 0000000..5358bcb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/debug_decl.c @@ -0,0 +1,29 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $"); + +/* Declare global debugging variables. */ + +int krb_ap_req_debug = 0; +int krb_debug = 0; diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c new file mode 100644 index 0000000..8e556a3 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $"); + +/* + * This routine takes a ticket and pointers to the variables that + * should be filled in based on the information in the ticket. It + * fills in values for its arguments. + * + * The routine returns KFAILURE if any of the "pname", "pinstance", + * or "prealm" fields is too big, otherwise it returns KSUCCESS. + * + * The corresponding routine to generate tickets is create_ticket. + * When changes are made to this routine, the corresponding changes + * should also be made to that file. + * + * See create_ticket.c for the format of the ticket packet. + */ + +int +decomp_ticket(KTEXT tkt, /* The ticket to be decoded */ + unsigned char *flags, /* Kerberos ticket flags */ + char *pname, /* Authentication name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + u_int32_t *paddress,/* Net address of entity requesting ticket */ + unsigned char *session, /* Session key inserted in ticket */ + int *life, /* Lifetime of the ticket */ + u_int32_t *time_sec, /* Issue time and date */ + char *sname, /* Service name */ + char *sinstance, /* Service instance */ + des_cblock *key, /* Service's secret key (to decrypt the ticket) */ + des_key_schedule schedule) /* The precomputed key schedule */ + +{ + unsigned char *p = tkt->dat; + + int little_endian; + + des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat, + tkt->length, schedule, key, DES_DECRYPT); + + tkt->mbz = 0; + + *flags = *p++; + + little_endian = (*flags >> K_FLAG_ORDER) & 1; + + if(strlen((char*)p) > ANAME_SZ) + return KFAILURE; + p += krb_get_string(p, pname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, pinstance); + + if(strlen((char*)p) > REALM_SZ) + return KFAILURE; + p += krb_get_string(p, prealm); + + if(tkt->length - (p - tkt->dat) < 8 + 1 + 4) + return KFAILURE; + p += krb_get_address(p, paddress); + + memcpy(session, p, 8); + p += 8; + + *life = *p++; + + p += krb_get_int(p, time_sec, 4, little_endian); + + if(strlen((char*)p) > SNAME_SZ) + return KFAILURE; + p += krb_get_string(p, sname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, sinstance); + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c new file mode 100644 index 0000000..0487e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dest_tkt.c @@ -0,0 +1,82 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + char *file = TKT_FILE; + int i,fd; + struct stat statb; + char buf[BUFSIZ]; + + errno = 0; + if ( +#ifdef HAVE_LSTAT + lstat +#else + stat +#endif + (file, &statb) < 0) + goto out; + + if (!(statb.st_mode & S_IFREG) +#ifdef notdef + || statb.st_mode & 077 +#endif + ) + goto out; + + if ((fd = open(file, O_RDWR, 0)) < 0) + goto out; + + memset(buf, 0, BUFSIZ); + + for (i = 0; i < statb.st_size; i += sizeof(buf)) + if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + fsync(fd); + close(fd); + goto out; + } + + + fsync(fd); + close(fd); + + unlink(file); + +out: + if (errno == ENOENT) return RET_TKFIL; + else if (errno != 0) return KFAILURE; + return(KSUCCESS); +} diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c new file mode 100644 index 0000000..e98b7dc --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dllmain.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* dllmain.c - main function to krb4.dll + * Author: J Karlsson + * Date: June 1996 + */ + +#include "krb_locl.h" +#include "ticket_memory.h" +#include + +RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $"); + +void +msg(char *text, int error) +{ + char *buf; + + asprintf (&buf, "%s\nAn error of type: %d", text, error); + + MessageBox(GetActiveWindow(), + buf ? buf : "can't tell you", + "kerberos message", + MB_OK|MB_APPLMODAL); + free (buf); +} + +BOOL WINAPI +DllMain (HANDLE hInst, + ULONG reason, + LPVOID lpReserved) +{ + WORD wVersionRequested; + WSADATA wsaData; + PROCESS_INFORMATION p; + int err; + + switch(reason){ + case DLL_PROCESS_ATTACH: + wVersionRequested = MAKEWORD(1, 1); + err = WSAStartup(wVersionRequested, &wsaData); + if (err != 0) + { + /* Tell the user that we couldn't find a useable */ + /* winsock.dll. */ + msg("Cannot find winsock.dll", err); + return FALSE; + } + if(newTktMem(0) != KSUCCESS) + { + /* Tell the user that we couldn't alloc shared memory. */ + msg("Cannot allocate shared ticket memory", GetLastError()); + return FALSE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + STARTUPINFO s = + { + sizeof(s), + 0, + 0, + 0, + 0,0, + 0,0, + 0,0, + 0, + 0, + 0, + 0,0, + 0,0,0}; + + s.dwFlags = STARTF_USESHOWWINDOW; + s.wShowWindow = SW_HIDE; + if(!CreateProcess(0,"krbmanager", + 0,0,FALSE,0,0, + 0,&s, &p)) + { + msg("Unable to create kerberos manager process.\n" + "Make sure krbmanager.exe is in your PATH.", + GetLastError()); + return FALSE; + } + } + break; + case DLL_PROCESS_DETACH: + freeTktMem(0); + WSACleanup(); + break; + } + + return TRUE; +} diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c new file mode 100644 index 0000000..d97fcc7 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); + +void +encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) +{ + des_key_schedule schedule; + des_set_key(key, schedule); + des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, + cip->length, schedule, key, encrypt); + memset(schedule, 0, sizeof(des_key_schedule)); +} diff --git a/crypto/kerberosIV/lib/krb/et_list.c b/crypto/kerberosIV/lib/krb/et_list.c new file mode 100644 index 0000000..69d1c89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/et_list.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is a hack to resolve the reference to _et_list when making a + * shared library under Psoriasis and possibly other systems. Presumably + * they define __ELF__, some people say Linux does so. + */ + +#include "config.h" + +RCSID("$Id: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $"); + +struct et_list { + struct et_list *next; + const struct error_table *table; +}; + +#if defined(__GNUC__) + +#ifdef __FreeBSD__ +asm(".globl __et_list"); /* FreeBSD bug workaround */ +#endif +struct et_list * _et_list __attribute__ ((weak)) = 0; + +#else /* !__GNUC__ */ + +#ifdef HAVE_PRAGMA_WEAK + +#pragma weak _et_list = __et_list +struct et_list * __et_list = 0; + +#else /* !HAVE_PRAGMA_WEAK */ + +struct et_list * _et_list = 0; + +#endif /* !HAVE_PRAGMA_WEAK */ + +#endif /* !__GNUC__ */ diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c new file mode 100644 index 0000000..9590760 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $"); + +/* + * get_ad_tkt obtains a new service ticket from Kerberos, using + * the ticket-granting ticket which must be in the ticket file. + * It is typically called by krb_mk_req() when the client side + * of an application is creating authentication information to be + * sent to the server side. + * + * get_ad_tkt takes four arguments: three pointers to strings which + * contain the name, instance, and realm of the service for which the + * ticket is to be obtained; and an integer indicating the desired + * lifetime of the ticket. + * + * It returns an error status if the ticket couldn't be obtained, + * or AD_OK if all went well. The ticket is stored in the ticket + * cache. + * + * The request sent to the Kerberos ticket-granting service looks + * like this: + * + * pkt->dat + * + * TEXT original contents of authenticator+ticket + * pkt->dat built in krb_mk_req call + * + * 4 bytes time_ws always 0 (?) + * char lifetime lifetime argument passed + * string service service name argument + * string sinstance service instance arg. + * + * See "prot.h" for the reply packet layout and definitions of the + * extraction macros like pkt_version(), pkt_msg_type(), etc. + */ + +int +get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = & pkt_st; /* Packet to KDC */ + static KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + CREDENTIALS cr; + char lrealm[REALM_SZ]; + u_int32_t time_ws = 0; + int kerror; + unsigned char *p; + + /* + * First check if we have a "real" TGT for the corresponding + * realm, if we don't, use ordinary inter-realm authentication. + */ + + kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); + if (kerror == KSUCCESS) + strncpy(lrealm, realm, REALM_SZ); + else + kerror = krb_get_tf_realm(TKT_FILE, lrealm); + + if (kerror != KSUCCESS) + return(kerror); + + /* + * Look for the session key (and other stuff we don't need) + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't + * have this, we will try to get it. + */ + + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) { + /* + * If realm == lrealm, we have no hope, so let's not even try. + */ + if ((strncmp(realm, lrealm, REALM_SZ)) == 0) + return(AD_NOTGT); + else{ + if ((kerror = + get_ad_tkt(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, lifetime)) != KSUCCESS) + if (kerror == KDC_PR_UNKNOWN) + return(AD_INTR_RLM_NOTGT); + else + return(kerror); + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) + return(kerror); + } + } + + /* + * Make up a request packet to the "krbtgt.realm@lrealm". + * Start by calling krb_mk_req() which puts ticket+authenticator + * into "pkt". Then tack other stuff on the end. + */ + + kerror = krb_mk_req(pkt, + KRB_TICKET_GRANTING_TICKET, + realm,lrealm,0L); + + if (kerror) + return(AD_NOTGT); + + p = pkt->dat + pkt->length; + + p += krb_put_int(time_ws, p, 4); + p += krb_put_int(lifetime, p, 1); + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + rpkt->length = 0; + + /* Send the request to the local ticket-granting server */ + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + /* check packet version of the returned packet */ + + { + KTEXT_ST cip; + CREDENTIALS cred; + struct timeval tv; + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + encrypt_ktext(&cip, &cr.session, DES_DECRYPT); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + gettimeofday(&tv, NULL); + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + + kerror = save_credentials(cred.service, cred.instance, cred.realm, + cred.session, cred.lifetime, cred.kvno, + &cred.ticket_st, tv.tv_sec); + return kerror; + } +} diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c new file mode 100644 index 0000000..1a0016c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_cred.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $"); + +/* + * krb_get_cred takes a service name, instance, and realm, and a + * structure of type CREDENTIALS to be filled in with ticket + * information. It then searches the ticket file for the appropriate + * ticket and fills in the structure with the corresponding + * information from the file. If successful, it returns KSUCCESS. + * On failure it returns a Kerberos error code. + */ + +int +krb_get_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + CREDENTIALS *c) /* Credentials struct */ +{ + int tf_status; /* return value of tf function calls */ + CREDENTIALS cr; + + if (c == 0) + c = &cr; + + /* Open ticket file and lock it for shared reading */ + if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Copy principal's name and instance into the CREDENTIALS struc c */ + + if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || + (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) + return (tf_status); + + /* Search for requested service credentials and copy into c */ + + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { + if ((strcmp(c->service,service) == 0) && + (strcmp(c->instance,instance) == 0) && + (strcmp(c->realm,realm) == 0)) + break; + } + tf_close(); + + if (tf_status == EOF) + return (GC_NOTKT); + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c new file mode 100644 index 0000000..3a111ea --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $"); + +int +krb_get_default_principal(char *name, char *instance, char *realm) +{ + char *file; + int ret; + + char *p; + + if ((file = getenv("KRBTKFILE")) == NULL) + file = TKT_FILE; + + ret = krb_get_tf_fullname(file, name, instance, realm); + if(ret == KSUCCESS) + return 0; + + p = getenv("KRB4PRINCIPAL"); + if(p && kname_parse(name, instance, realm, p) == KSUCCESS) + return 1; + + +#ifdef HAVE_PWD_H + { + struct passwd *pw; + pw = getpwuid(getuid()); + if(pw == NULL){ + return -1; + } + + strcpy(name, pw->pw_name); + strcpy(instance, ""); + krb_get_lrealm(realm, 1); + + if(strcmp(name, "root") == 0){ + p = NULL; +#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) + p = getlogin(); +#endif + if(p == NULL) + p = getenv("USER"); + if(p == NULL) + p = getenv("LOGNAME"); + if(p){ + strncpy (name, p, ANAME_SZ); + name[ANAME_SZ - 1] = '\0'; + strcpy(instance, "root"); + } + } + return 1; + } +#endif + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c new file mode 100644 index 0000000..de80ac4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_host.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $"); + +static struct host_list { + struct krb_host *this; + struct host_list *next; +} *hosts; + +static int krb_port = 0; + +static void +free_hosts(struct host_list *h) +{ + struct host_list *t; + while(h){ + if(h->this->realm) + free(h->this->realm); + if(h->this->host) + free(h->this->host); + t = h; + h = h->next; + free(t); + } +} + +static int +parse_address(char *address, int *proto, char **host, int *port) +{ + char *p, *q; + p = strchr(address, '/'); + *proto = IPPROTO_UDP; + if(p){ + char prot[32]; + struct protoent *pp; + strncpy(prot, address, p - address); + prot[p - address] = 0; + if((pp = getprotobyname(prot))) + *proto = pp->p_proto; + else + krb_warning("Bad protocol name `%s', Using default `udp'.\n", + prot); + p++; + }else + p = address; + q = strchr(p, ':'); + if(q){ + *host = (char*)malloc(q - p + 1); + strncpy(*host, p, q - p); + (*host)[q - p] = 0; + q++; + { + struct servent *sp = getservbyname(q, NULL); + if(sp) + *port = ntohs(sp->s_port); + else + if(sscanf(q, "%d", port) != 1){ + krb_warning("Bad port specification `%s', using port %d.", + q, krb_port); + *port = krb_port; + } + } + }else{ + *host = strdup(p); + *port = krb_port; + } + return 0; +} + +static int +add_host(char *realm, char *address, int admin, int validate) +{ + struct krb_host *host; + struct host_list *p, **last = &hosts; + host = (struct krb_host*)malloc(sizeof(struct krb_host)); + parse_address(address, &host->proto, &host->host, &host->port); + if(validate && gethostbyname(host->host) == NULL){ + free(host->host); + free(host); + return 1; + } + host->admin = admin; + for(p = hosts; p; p = p->next){ + if(strcmp(realm, p->this->realm) == 0 && + strcmp(host->host, p->this->host) == 0 && + host->proto == p->this->proto && + host->port == p->this->port){ + free(host->host); + free(host); + return 1; + } + last = &p->next; + } + host->realm = strdup(realm); + p = (struct host_list*)malloc(sizeof(struct host_list)); + p->this = host; + p->next = NULL; + *last = p; + return 0; +} + + + +static int +read_file(const char *filename, const char *r) +{ + char line[1024]; + char realm[1024]; + char address[1024]; + char scratch[1024]; + int n; + int nhosts = 0; + + FILE *f = fopen(filename, "r"); + if(f == NULL) + return -1; + while(fgets(line, sizeof(line), f)){ + n = sscanf(line, "%s %s admin %s", realm, address, scratch); + if(n == 2 || n == 3){ + if(strcmp(realm, r)) + continue; + if(add_host(realm, address, n == 3, 0) == 0) + nhosts++; + } + } + fclose(f); + return nhosts; +} + +static int +init_hosts(char *realm) +{ + static const char *files[] = KRB_CNF_FILES; + int i; + char *dir = getenv("KRBCONFDIR"); + + krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); + if(dir){ + char file[MaxPathLen]; + if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) + read_file(file, realm); + } + for(i = 0; files[i]; i++) + read_file(files[i], realm); + return 0; +} + +static void +srv_find_realm(char *realm, char *proto, char *service) +{ + char *domain; + struct dns_reply *r; + struct resource_record *rr; + + k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); + + if(domain == NULL) + return; + + r = dns_lookup(domain, "srv"); + if(r == NULL) + r = dns_lookup(domain, "txt"); + if(r == NULL){ + free(domain); + return; + } + for(rr = r->head; rr; rr = rr->next){ + if(rr->type == T_SRV){ + char buf[1024]; + + if (snprintf (buf, + sizeof(buf), + "%s/%s:%u", + proto, + rr->u.srv->target, + rr->u.srv->port) < sizeof(buf)) + add_host(realm, buf, 0, 0); + }else if(rr->type == T_TXT) + add_host(realm, rr->u.txt, 0, 0); + } + dns_free_data(r); + free(domain); +} + +struct krb_host* +krb_get_host(int nth, char *realm, int admin) +{ + struct host_list *p; + static char orealm[REALM_SZ]; + if(orealm[0] == 0 || strcmp(realm, orealm)){ + /* quick optimization */ + if(realm && realm[0]){ + strncpy(orealm, realm, sizeof(orealm) - 1); + orealm[sizeof(orealm) - 1] = 0; + }else{ + int ret = krb_get_lrealm(orealm, 1); + if(ret != KSUCCESS) + return NULL; + } + + if(hosts){ + free_hosts(hosts); + hosts = NULL; + } + + init_hosts(orealm); + + srv_find_realm(orealm, "udp", KRB_SERVICE); + srv_find_realm(orealm, "tcp", KRB_SERVICE); + + { + /* XXX this assumes no one has more than 99999 kerberos + servers */ + char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; + int i = 0; + sprintf(host, "kerberos.%s.", orealm); + add_host(orealm, host, 1, 1); + do{ + i++; + sprintf(host, "kerberos-%d.%s.", i, orealm); + }while(i < 100000 && add_host(orealm, host, 0, 1) == 0); + } + } + + for(p = hosts; p; p = p->next){ + if(strcmp(orealm, p->this->realm) == 0 && + (!admin || p->this->admin)) + if(nth == 1) + return p->this; + else + nth--; + } + return NULL; +} + +int +krb_get_krbhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 0); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} + +int +krb_get_admhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 1); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c new file mode 100644 index 0000000..435632a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c @@ -0,0 +1,99 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $"); + +/* + * This file contains three routines: passwd_to_key() and + * passwd_to_afskey() converts a password into a DES key, using the + * normal strinttokey and the AFS one, respectively, and + * krb_get_pw_in_tkt() gets an initial ticket for a user. + */ + +/* + * passwd_to_key() and passwd_to_afskey: given a password, return a DES key. + */ + +int +passwd_to_key(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + des_string_to_key((char *)passwd, key); +#endif + return 0; +} + + +int +passwd_to_afskey(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + afs_string_to_key((char *)passwd, realm, key); +#endif + return (0); +} + +/* + * krb_get_pw_in_tkt() takes the name of the server for which the initial + * ticket is to be obtained, the name of the principal the ticket is + * for, the desired lifetime of the ticket, and the user's password. + * It passes its arguments on to krb_get_in_tkt(), which contacts + * Kerberos to get the ticket, decrypts it using the password provided, + * and stores it away for future use. + * + * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): + * the name of a routine (passwd_to_key()) to be used to get the + * password in case the "password" argument is null and NULL for the + * decryption procedure indicating that krb_get_in_tkt should use the + * default method of decrypting the response from the KDC. + * + * The result of the call to krb_get_in_tkt() is returned. + */ + +int +krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *password) +{ + char pword[100]; /* storage for the password */ + int code; + + /* Only request password once! */ + if (!password) { + if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ + memset(pword, 0, sizeof(pword)); + return INTK_BADPW; + } + password = pword; + } + + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_key, NULL, password); + if (code == INTK_BADPW) + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_afskey, NULL, password); + if (password == pword) + memset(pword, 0, sizeof(pword)); + return(code); +} diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c new file mode 100644 index 0000000..8c5b0c9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $"); + +/* + * krb_get_lrealm takes a pointer to a string, and a number, n. It fills + * in the string, r, with the name of the nth realm specified on the + * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the + * config file does not exist, and if n=1, a successful return will occur + * with r = KRB_REALM (also defined in "krb.h"). + * + * NOTE: for archaic & compatibility reasons, this routine will only return + * valid results when n = 1. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). + */ + +static int +krb_get_lrealm_f(char *r, int n, const char *fname) +{ + FILE *f; + int ret = KFAILURE; + f = fopen(fname, "r"); + if(f){ + char buf[REALM_SZ]; + if(fgets(buf, sizeof(buf), f)){ + char *p = buf + strspn(buf, " \t"); + p[strcspn(p, " \t\r\n")] = 0; + p[REALM_SZ - 1] = 0; + strcpy(r, p); + ret = KSUCCESS; + } + fclose(f); + } + return ret; +} + +int +krb_get_lrealm(char *r, int n) +{ + static const char *const files[] = KRB_CNF_FILES; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + if (n > 1) + return(KFAILURE); /* Temporary restriction */ + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + return KSUCCESS; + } + + for (i = 0; files[i] != 0; i++) + if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS) + return KSUCCESS; + + /* If nothing else works try LOCALDOMAIN, if it exists */ + if (n == 1) + { + char *t, hostname[MaxHostNameLen]; + k_gethostname(hostname, sizeof(hostname)); + t = krb_realmofhost(hostname); + if (t) { + strcpy (r, t); + return KSUCCESS; + } + t = strchr(hostname, '.'); + if (t == 0) + return KFAILURE; /* No domain part, you loose */ + + t++; /* Skip leading dot and upcase the rest */ + for (; *t; t++, r++) + *r = toupper(*t); + *r = 0; + return(KSUCCESS); + } + else + return(KFAILURE); +} + +/* For SunOS5 compat. */ +char * +krb_get_default_realm(void) +{ + static char local_realm[REALM_SZ]; /* local kerberos realm */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, "NO.DEFAULT.REALM"); + return local_realm; +} diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c new file mode 100644 index 0000000..c290524 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c @@ -0,0 +1,76 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $"); + +/* + * This file contains two routines: srvtab_to_key(), which gets + * a server's key from a srvtab file, and krb_get_svc_in_tkt() which + * gets an initial ticket for a server. + */ + +/* + * srvtab_to_key(): given a "srvtab" file (where the keys for the + * service on a host are stored), return the private key of the + * given service (user.instance@realm). + * + * srvtab_to_key() passes its arguments on to read_service_key(), + * plus one additional argument, the key version number. + * (Currently, the key version number is always 0; this value + * is treated as a wildcard by read_service_key().) + * + * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") + * is passed in its place. + * + * It returns the return value of the read_service_key() call. + * The service key is placed in "key". + */ + +int +srvtab_to_key(char *user, char *instance, char *realm, void *srvtab, + des_cblock *key) +{ + if (!srvtab) + srvtab = KEYFILE; + + return(read_service_key(user, instance, realm, 0, (char *)srvtab, + (char *)key)); +} + +/* + * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), + * plus two additional arguments: a pointer to the srvtab_to_key() + * function to be used to get the key from the key file and a NULL + * for the decryption procedure indicating that krb_get_in_tkt should + * use the default method of decrypting the response from the KDC. + * + * It returns the return value of the krb_get_in_tkt() call. + */ + +int +krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *srvtab) +{ + return(krb_get_in_tkt(user, instance, realm, service, sinstance, + life, srvtab_to_key, NULL, srvtab)); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c new file mode 100644 index 0000000..33733d0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the fullname of a user + * from the ticket file. + */ + +/* + * krb_get_tf_fullname() takes four arguments: the name of the + * ticket file, and variables for name, instance, and realm to be + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in + * the file as this is the one that was obtained with a password by + * krb_get_in_tkt(). + */ + +int +krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) +{ + int tf_status; + CREDENTIALS c; + + if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || + ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) + return (tf_status); + + if (name) + strcpy(name, c.pname); + if (instance) + strcpy(instance, c.pinst); + if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { + if (realm) + strcpy(realm, c.realm); + } + else { + if (tf_status == EOF) + return(KFAILURE); + else + return(tf_status); + } + tf_close(); + + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c new file mode 100644 index 0000000..1a3c7d1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c @@ -0,0 +1,41 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the realm of a kerberos + * ticket file. + */ + +/* + * krb_get_tf_realm() takes two arguments: the name of a ticket + * and a variable to store the name of the realm in. + * + */ + +int +krb_get_tf_realm(char *ticket_file, char *realm) +{ + return(krb_get_tf_fullname(ticket_file, 0, 0, realm)); +} diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c new file mode 100644 index 0000000..d25ec1b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $"); + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_NET_IF_H +#include +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include +#endif /* HAVE_SYS_SOCKIO_H */ + +/* + * Return number and list of all local adresses. + */ + +int +k_get_all_addrs (struct in_addr **l) +{ +#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR) + char name[MaxHostNameLen]; + struct hostent *he; + + if (k_gethostname(name, sizeof(name)) < 0) + return -1; + he = gethostbyname (name); + if (he == NULL) + return -1; + *l = malloc(sizeof(**l)); + if (*l == NULL) + return -1; + memcpy (*l, he->h_addr_list[0], sizeof(*l)); + return 1; +#else + int fd; + char buf[BUFSIZ]; + struct ifreq ifreq; + struct ifconf ifconf; + int num, j; + char *p; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + ifconf.ifc_len = sizeof(buf); + ifconf.ifc_buf = buf; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + return -1; + num = ifconf.ifc_len / sizeof(struct ifreq); + *l = malloc(num * sizeof(struct in_addr)); + if(*l == NULL) { + close (fd); + return -1; + } + + j = 0; + ifreq.ifr_name[0] = '\0'; + for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) { + struct ifreq *ifr = (struct ifreq *)p; +#ifdef SOCKADDR_HAS_SA_LEN + size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len; +#else + size_t sz = sizeof(*ifr); +#endif + if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) { + if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + if (ifr->ifr_flags & IFF_UP) { + if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; + } + ifreq = *ifr; + } + p = p + sz; + } + if (j != num) + *l = realloc (*l, j * sizeof(struct in_addr)); + close (fd); + return j; +#endif /* SIOCGIFCONF */ +} diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c new file mode 100644 index 0000000..05dfdab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getrealm.c @@ -0,0 +1,184 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $"); + +#define MATCH_SUBDOMAINS 0 + +/* + * krb_realmofhost. + * Given a fully-qualified domain-style primary host name, + * return the name of the Kerberos realm for the host. + * If the hostname contains no discernable domain, or an error occurs, + * return the local realm name, as supplied by get_krbrlm(). + * If the hostname contains a domain, but no translation is found, + * the hostname's domain is converted to upper-case and returned. + * + * The format of each line of the translation file is: + * domain_name kerberos_realm + * -or- + * host_name kerberos_realm + * + * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) + * host names should be in the usual form (e.g. FOO.BAR.BAZ) + */ + +/* To automagically find the correct realm of a host (without + * krb.realms) add a text record for your domain with the name of your + * realm, like this: + * + * krb4-realm IN TXT FOO.SE + * + * The search is recursive, so you can also add entries for specific + * hosts. To find the realm of host a.b.c, it first tries + * krb4-realm.a.b.c, then krb4-realm.b.c and so on. + */ + +static int +dns_find_realm(char *hostname, char *realm) +{ + char domain[MaxHostNameLen + sizeof("krb4-realm..")]; + char *p; + int level = 0; + struct dns_reply *r; + + p = hostname; + + while(1){ + snprintf(domain, sizeof(domain), "krb4-realm.%s.", p); + r = dns_lookup(domain, "TXT"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_TXT){ + strncpy(realm, rr->u.txt, REALM_SZ); + realm[REALM_SZ - 1] = 0; + dns_free_data(r); + return level; + } + rr = rr->next; + } + dns_free_data(r); + } + level++; + p = strchr(p, '.'); + if(p == NULL) + break; + p++; + } + return -1; +} + + +static FILE * +open_krb_realms(void) +{ + static const char *const files[] = KRB_RLM_FILES; + FILE *res; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) + if ((res = fopen(fname, "r")) != NULL) + return res; + } + + for (i = 0; files[i] != 0; i++) + if ((res = fopen(files[i], "r")) != NULL) + return res; + + return NULL; +} + +char * +krb_realmofhost(const char *host) +{ + static char ret_realm[REALM_SZ]; + char *domain; + FILE *trans_file; + char trans_host[MaxHostNameLen]; + char trans_realm[REALM_SZ]; + char buf[1024]; + + char phost[MaxHostNameLen]; + + krb_name_to_name(host, phost, sizeof(phost)); + + domain = strchr(phost, '.'); + + /* prepare default */ + if(dns_find_realm(phost, ret_realm) < 0){ + if (domain) { + char *cp; + + strncpy(ret_realm, &domain[1], REALM_SZ); + ret_realm[REALM_SZ - 1] = 0; + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + krb_get_lrealm(ret_realm, 1); + } + } + + if ((trans_file = open_krb_realms()) == NULL) + return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + + while (fgets(buf, sizeof(buf), trans_file)) { + char *save = NULL; + char *tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) + continue; + strncpy(trans_host, tok, MaxHostNameLen); + trans_host[MaxHostNameLen - 1] = 0; + tok = strtok_r(NULL, " \t\r\n", &save); + if(tok == NULL) + continue; + strcpy(trans_realm, tok); + trans_realm[REALM_SZ - 1] = 0; + if (!strcasecmp(trans_host, phost)) { + /* exact match of hostname, so return the realm */ + strcpy(ret_realm, trans_realm); + fclose(trans_file); + return(ret_realm); + } + if ((trans_host[0] == '.') && domain) { + char *cp = domain; + do { + if(strcasecmp(trans_host, domain) == 0){ + /* domain match, save for later */ + strcpy(ret_realm, trans_realm); + break; + } + cp = strchr(cp + 1, '.'); + } while(MATCH_SUBDOMAINS && cp); + } + } + fclose(trans_file); + return ret_realm; +} diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c new file mode 100644 index 0000000..de99962 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getst.c @@ -0,0 +1,45 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $"); + +/* + * getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. getst() returns the number of characters read, including + * the null terminator. + */ + +int +getst(int fd, char *s, int n) +{ + int count = n; + while (read(fd, s, 1) > 0 && --count) + if (*s++ == '\0') + return (n - count); + *s = '\0'; + return (n - count); +} diff --git a/crypto/kerberosIV/lib/krb/gettimeofday.c b/crypto/kerberosIV/lib/krb/gettimeofday.c new file mode 100644 index 0000000..734ca59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/gettimeofday.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +RCSID("$Id: gettimeofday.c,v 1.5 1997/04/01 08:18:29 joda Exp $"); + +#ifndef HAVE_GETTIMEOFDAY +/* + * Simple gettimeofday that only returns seconds. + */ +int +gettimeofday (struct timeval *tp, void *ignore) +{ + time_t t; + + t = time(NULL); + tp->tv_sec = t; + tp->tv_usec = 0; + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/k_concat.c b/crypto/kerberosIV/lib/krb/k_concat.c new file mode 100644 index 0000000..e7daa5f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_concat.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $"); + +int +k_concat (char *s, size_t len, ...) +{ + int ret; + va_list args; + + va_start(args, len); + ret = k_vconcat (s, len, args); + va_end(args); + return ret; +} + +int +k_vconcat (char *s, size_t len, va_list args) +{ + const char *a; + + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if (n >= len) + return -1; + strncpy (s, a, n); + s += n; + len -= n; + } + *s = '\0'; + return 0; +} + +size_t +k_vmconcat (char **s, size_t max_len, va_list args) +{ + const char *a; + char *p, *q; + size_t len = 0; + *s = NULL; + p = malloc(1); + if(p == NULL) + return 0; + *p = 0; + len = 1; + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if(max_len && len + n > max_len){ + free(p); + return 0; + } + q = realloc(p, len + n); + if(q == NULL){ + free(p); + return 0; + } + p = q; + len += n; + strcat(p, a); + } + *s = p; + return len; +} + +size_t +k_mconcat (char **s, size_t max_len, ...) +{ + int ret; + va_list args; + + va_start(args, max_len); + ret = k_vmconcat (s, max_len, args); + va_end(args); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/k_flock.c b/crypto/kerberosIV/lib/krb/k_flock.c new file mode 100644 index 0000000..844c34c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_flock.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $"); + +#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN) + +int +k_flock(int fd, int operation) +{ +#ifdef HAVE_FLOCK + int op = 0; + if (operation & K_LOCK_SH) + op |= LOCK_SH; + if (operation & K_LOCK_EX) + op |= LOCK_EX; + if (operation & K_LOCK_UN) + op |= LOCK_UN; + if (operation & K_LOCK_NB) + op |= LOCK_NB; + + return flock(fd, op); +#elif defined(HAVE_FCNTL) && defined(F_SETLK) + struct flock arg; + int code, cmd; + + arg.l_whence = SEEK_SET; + arg.l_start = 0; + arg.l_len = 0; /* means to EOF */ + + if (operation & K_LOCK_NB) + cmd = F_SETLK; + else + cmd = F_SETLKW; /* Blocking */ + + switch (operation & K_OP_MASK) { + case K_LOCK_UN: + arg.l_type = F_UNLCK; + code = fcntl(fd, F_SETLK, &arg); + break; + case K_LOCK_SH: + arg.l_type = F_RDLCK; + code = fcntl(fd, cmd, &arg); + break; + case K_LOCK_EX: + arg.l_type = F_WRLCK; + code = fcntl(fd, cmd, &arg); + break; + default: + errno = EINVAL; + code = -1; + break; + } + return code; +#else + return -1; +#endif /* !HAVE_FLOCK */ +} diff --git a/crypto/kerberosIV/lib/krb/k_gethostname.c b/crypto/kerberosIV/lib/krb/k_gethostname.c new file mode 100644 index 0000000..0f4d57f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_gethostname.c @@ -0,0 +1,58 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" +RCSID("$Id: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $"); + +#ifdef HAVE_SYS_UTSNAME_H +#include +#endif + +/* + * Return the local host's name in "name", up to "namelen" characters. + * "name" will be null-terminated if "namelen" is big enough. + * The return code is 0 on success, -1 on failure. (The calling + * interface is identical to gethostname(2).) + */ + +int +k_gethostname(char *name, int namelen) +{ +#if defined(HAVE_GETHOSTNAME) + return gethostname(name, namelen); +#elif defined(HAVE_UNAME) + { + struct utsname utsname; + int ret; + + ret = uname (&utsname); + if (ret < 0) + return ret; + strncpy (name, utsname.nodename, namelen); + name[namelen-1] = '\0'; + return 0; + } +#else + strncpy (name, "some.random.host", namelen); + name[namelen-1] = '\0'; + return 0; +#endif +} diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c new file mode 100644 index 0000000..c5f9f15 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getport.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); + +int +k_getportbyname (const char *service, const char *proto, int default_port) +{ +#ifdef HAVE_GETSERVBYNAME + struct servent *sp; + + sp = getservbyname(service, proto); + if(sp != NULL) + return sp->s_port; + + krb_warning ("%s/%s unknown service, using default port %d\n", + service, proto ? proto : "*", ntohs(default_port)); +#endif + return default_port; +} diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c new file mode 100644 index 0000000..04676b1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $"); + +/* + * Return in inst the name of the local interface bound to socket + * fd. On Failure return the 'wildcard' instance "*". + */ + +int +k_getsockinst(int fd, char *inst, size_t inst_size) +{ + struct sockaddr_in addr; + int len = sizeof(addr); + struct hostent *hnam; + + if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) + goto fail; + + hnam = gethostbyaddr((char *)&addr.sin_addr, + sizeof(addr.sin_addr), + addr.sin_family); + if (hnam == 0) + goto fail; + + strncpy (inst, hnam->h_name, inst_size); + inst[inst_size - 1] = '\0'; + k_ricercar(inst); /* Canonicalize name */ + return 0; /* Success */ + + fail: + inst[0] = '*'; + inst[1] = 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c new file mode 100644 index 0000000..a6ffb9b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_localtime.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); + +struct tm *k_localtime(u_int32_t *tp) +{ + time_t t; + t = *tp; + return localtime(&t); +} diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c new file mode 100644 index 0000000..aa012e0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $"); + +static int little_endian; /* XXX ugly */ + +int +kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) +{ + unsigned char *p = cip->dat; + + memcpy(cred->session, p, 8); + p += 8; + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->service); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->instance); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->realm); + + if(p + 3 > cip->dat + cip->length) + return INTK_BADPW; + cred->lifetime = *p++; + cred->kvno = *p++; + cred->ticket_st.length = *p++; + + if(p + cred->ticket_st.length + 4 > cip->dat + cip->length) + return INTK_BADPW; + memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); + p += cred->ticket_st.length; + + p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian); + + return KSUCCESS; +} + +int +kdc_reply_cipher(KTEXT reply, KTEXT cip) +{ + unsigned char *p; + unsigned char pvno; + unsigned char type; + + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + + u_int32_t kdc_time; + u_int32_t exp_date; + u_int32_t clen; + + p = reply->dat; + + pvno = *p++; + + if (pvno != KRB_PROT_VERSION ) + return INTK_PROT; + + type = *p++; + little_endian = type & 1; + + type &= ~1; + + if(type == AUTH_MSG_ERR_REPLY){ + u_int32_t code; + p += strlen((char*)p) + 1; /* name */ + p += strlen((char*)p) + 1; /* instance */ + p += strlen((char*)p) + 1; /* realm */ + p += 4; /* time */ + p += krb_get_int(p, &code, 4, little_endian); + return code; + } + if(type != AUTH_MSG_KDC_REPLY) + return INTK_PROT; + + p += krb_get_nir(p, aname, inst, realm); + p += krb_get_int(p, &kdc_time, 4, little_endian); + p++; /* number of tickets */ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h new file mode 100644 index 0000000..cee92d9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/klog.h @@ -0,0 +1,47 @@ +/* + * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * This file defines the types of log messages logged by klog. Each + * type of message may be selectively turned on or off. + */ + +#ifndef KLOG_DEFS +#define KLOG_DEFS + +#ifndef KRBLOG +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#endif +#ifndef KRBSLAVELOG +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#endif +#define NLOGTYPE 100 /* Maximum number of log msg types */ + +#define L_NET_ERR 1 /* Error in network code */ +#define L_NET_INFO 2 /* Info on network activity */ +#define L_KRB_PERR 3 /* Kerberos protocol errors */ +#define L_KRB_PINFO 4 /* Kerberos protocol info */ +#define L_INI_REQ 5 /* Request for initial ticket */ +#define L_NTGT_INTK 6 /* Initial request not for TGT */ +#define L_DEATH_REQ 7 /* Request for server death */ +#define L_TKT_REQ 8 /* All ticket requests using a tgt */ +#define L_ERR_SEXP 9 /* Service expired */ +#define L_ERR_MKV 10 /* Master key version incorrect */ +#define L_ERR_NKY 11 /* User's key is null */ +#define L_ERR_NUN 12 /* Principal not unique */ +#define L_ERR_UNK 13 /* Principal Unknown */ +#define L_ALL_REQ 14 /* All requests */ +#define L_APPL_REQ 15 /* Application requests (using tgt) */ +#define L_KRB_PWARN 16 /* Protocol warning messages */ + +char * klog __P((int type, const char *format, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +#endif /* KLOG_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c new file mode 100644 index 0000000..88b8b25 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kntoln.c @@ -0,0 +1,180 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * krb_kntoln converts an auth name into a local name by looking up + * the auth name in the /etc/aname file. The format of the aname + * file is: + * + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | anl | inl | rll | lnl | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | 1by | 1by | 1by | 1by | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * + * If the /etc/aname file can not be opened it will set the + * local name to the auth name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to krb_kntoln through + * the AUTH_DAT structure (ad). + * + * Now here's what it *really* does: + * + * Given a Kerberos name in an AUTH_DAT structure, check that the + * instance is null, and that the realm is the same as the local + * realm, and return the principal's name in "lname". Return + * KSUCCESS if all goes well, otherwise KFAILURE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); + +int +krb_kntoln(AUTH_DAT *ad, char *lname) +{ + static char lrealm[REALM_SZ] = ""; + + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if (strcmp(ad->pinst, "")) + return(KFAILURE); + if (strcmp(ad->prealm, lrealm)) + return(KFAILURE); + strcpy(lname, ad->pname); + return(KSUCCESS); +} + +#if 0 +/* Posted to usenet by "Derrick J. Brashear" */ + +#include +#include +#include +#include +#include +#include +#include + +extern int errno; +/* + * antoln converts an authentication name into a local name by looking up + * the authentication name in the /etc/aname dbm database. + * + * If the /etc/aname file can not be opened it will set the + * local name to the principal name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to antoln through + * the AUTH_DAT structure (ad). + */ + +static char lrealm[REALM_SZ] = ""; + +an_to_ln(ad,lname) +AUTH_DAT *ad; +char *lname; +{ + static DBM *aname = NULL; + char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || +strcmp(ad->prealm,lrealm)) { + datum val; + datum key; + /* + * Non-local name (or) non-null and non-root instance. + * Look up in dbm file. + */ + if (!aname) { + if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) + == NULL) return (KFAILURE); + } + /* Construct dbm lookup key. */ + an_to_a(ad, keyname); + key.dptr = keyname; + key.dsize = strlen(keyname)+1; + flock(dbm_dirfno(aname), LOCK_SH); + val = dbm_fetch(aname, key); + flock(dbm_dirfno(aname), LOCK_UN); + if (!val.dptr) { + dbm_close(aname); + return(KFAILURE); + } + /* Got it! */ + strcpy(lname,val.dptr); + return(KSUCCESS); + } else strcpy(lname,ad->pname); + return(KSUCCESS); +} + +an_to_a(ad, str) + AUTH_DAT *ad; + char *str; +{ + strcpy(str, ad->pname); + if(*ad->pinst) { + strcat(str, "."); + strcat(str, ad->pinst); + } + strcat(str, "@"); + strcat(str, ad->prealm); +} + +/* + * Parse a string of the form "user[.instance][@realm]" + * into a struct AUTH_DAT. + */ + +a_to_an(str, ad) + AUTH_DAT *ad; + char *str; +{ + char *buf = (char *)malloc(strlen(str)+1); + char *rlm, *inst, *princ; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { + free(buf); + return(KFAILURE); + } + /* destructive string hacking is more fun.. */ + strcpy(buf, str); + + if (rlm = index(buf, '@')) { + *rlm++ = '\0'; + } + if (inst = index(buf, '.')) { + *inst++ = '\0'; + } + strcpy(ad->pname, buf); + if(inst) strcpy(ad->pinst, inst); + else *ad->pinst = '\0'; + if (rlm) strcpy(ad->prealm, rlm); + else strcpy(ad->prealm, lrealm); + free(buf); + return(KSUCCESS); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def new file mode 100644 index 0000000..da2e906 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.def @@ -0,0 +1,92 @@ +LIBRARY "krb" BASE=0x07000000 + +DESCRIPTION "Dynamic link library for kerberos version 4" +VERSION 1.0 + +EXPORTS + krb_get_err_text + + newTktMem + getTktMem + firstCred + nextCredIndex + currCredIndex + nextFreeIndex + + k_flock + k_localtime + k_getsockinst + k_getportbyname + k_get_all_addrs + + krb_equiv + + afs_string_to_key + + krb_life_to_time + krb_time_to_life + krb_life_to_atime + krb_atime_to_life + + tf_get_cred + tf_get_pinst + tf_get_pname + tf_put_pinst + tf_put_pname + tf_init + tf_create + tf_save_cred + tf_close + + krb_mk_priv + krb_rd_priv + + create_auth_reply + krb_get_phost + krb_realmofhost + tkt_string + create_ciph + decomp_ticket + dest_tkt + get_ad_tkt + in_tkt + k_gethostname + k_isinst + k_isname + k_isrealm + kname_parse + krb_create_ticket + krb_get_admhst + krb_get_cred + krb_get_in_tkt + krb_get_krbhst + krb_get_lrealm + krb_get_default_realm + krb_get_pw_in_tkt + krb_get_svc_in_tkt + krb_get_tf_fullname + krb_get_tf_realm + krb_kntoln + krb_mk_req + krb_net_read + krb_net_write + krb_rd_err + krb_rd_req + krb_recvauth + krb_sendauth + krb_set_key + krb_set_lifetime + read_service_key + save_credentials + send_to_kdc + krb_mk_err + krb_mk_safe + krb_rd_safe + ad_print + cr_err_reply + krb_set_tkt_string + krb_get_default_principal + krb_realm_parse + krb_verify_user + kset_logfile + getst diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h new file mode 100644 index 0000000..1ce349e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.h @@ -0,0 +1,565 @@ +/* + * $Id: krb.h,v 1.76 1997/05/26 17:47:31 bg Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Include file for the Kerberos library. + */ + +/* Only one time, please */ +#ifndef KRB_DEFS +#define KRB_DEFS + +#include +#include +#include +#include + +__BEGIN_DECLS + +#ifndef __P +#define __P(x) x +#endif + +/* Need some defs from des.h */ +#if !defined(NOPROTO) && !defined(__STDC__) +#define NOPROTO +#endif +#include + +/* Don't use these guys, they are only for compatibility with CNS. */ +#ifndef KRB_INT32 +#define KRB_INT32 int32_t +#endif +#ifndef KRB_UINT32 +#define KRB_UINT32 u_int32_t +#endif + +/* Global library variables. */ +extern int krb_ignore_ip_address; /* To turn off IP address comparison */ +extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) + +/* Text describing error codes */ +#define MAX_KRB_ERRORS 256 +extern const char *krb_err_txt[MAX_KRB_ERRORS]; + +/* Use this function rather than indexing in krb_err_txt */ +const char *krb_get_err_text __P((int code)); + + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. KRB_CONF is + * the configuration file where different host machines running master + * and slave servers can be found. KRB_MASTER is the name of the + * machine with the master database. The admin_server runs on this + * machine, and all changes to the db (as opposed to read-only + * requests, which can go to slaves) must go to it. KRB_HOST is the + * default machine * when looking for a kerberos slave server. Other + * possibilities are * in the KRB_CONF file. KRB_REALM is the name of + * the realm. + */ + +/* /etc/kerberosIV is only for backwards compatibility, don't use it! */ +#ifndef KRB_CONF +#define KRB_CONF "/etc/krb.conf" +#endif +#ifndef KRB_RLM_TRANS +#define KRB_RLM_TRANS "/etc/krb.realms" +#endif +#ifndef KRB_CNF_FILES +#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} +#endif +#ifndef KRB_RLM_FILES +#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} +#endif +#ifndef KRB_EQUIV +#define KRB_EQUIV "/etc/krb.equiv" +#endif +#define KRB_MASTER "kerberos" +#ifndef KRB_REALM +#define KRB_REALM (krb_get_default_realm()) +#endif + +/* The maximum sizes for aname, realm, sname, and instance +1 */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 +/* Leave space for quoting */ +#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) +#define KKEY_SZ 100 +#define VERSION_SZ 1 +#define MSG_TYPE_SZ 1 +#define DATE_SZ 26 /* RTI date output */ + +#define MAX_HSTNM 100 /* for compatibility */ + +typedef struct krb_principal{ + char name[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; +}krb_principal; + +#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ +/* default lifetime for krb_mk_req & co., 10 hrs */ +#define DEFAULT_TKT_LIFE 120 +#endif + +#define KRB_TICKET_GRANTING_TICKET "krbtgt" + +/* Definition of text structure used to pass text around */ +#define MAX_KTXT_LEN 1250 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +typedef struct ktext *KTEXT; +typedef struct ktext KTEXT_ST; + + +/* Definitions for send_to_kdc */ +#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_RETRY 5 /* retry this many times */ +#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ + +/* Definitions for ticket file utilities */ +#define R_TKT_FIL 0 +#define W_TKT_FIL 1 + +/* Parameters for rd_ap_req */ +/* Maximum alloable clock skew in seconds */ +#define CLOCK_SKEW 5*60 +/* Filename for readservkey */ +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +/* Structure definition for rd_ap_req */ + +struct auth_dat { + unsigned char k_flags; /* Flags from ticket */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* His Instance */ + char prealm[REALM_SZ]; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + des_cblock session; /* Session Key */ + int life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ + KTEXT_ST reply; /* Auth reply (opt) */ +}; + +typedef struct auth_dat AUTH_DAT; + +/* Structure definition for credentials returned by get_cred */ + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + KTEXT_ST ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +typedef struct credentials CREDENTIALS; + +/* Structure definition for rd_private_msg and rd_safe_msg */ + +struct msg_dat { + unsigned char *app_data; /* pointer to appl data */ + u_int32_t app_length; /* length of appl data */ + u_int32_t hash; /* hash to lookup replay */ + int swap; /* swap bytes? */ + int32_t time_sec; /* msg timestamp seconds */ + unsigned char time_5ms; /* msg timestamp 5ms units */ +}; + +typedef struct msg_dat MSG_DAT; + +struct krb_host { + char *realm; + char *host; + int proto; + int port; + int admin; +}; + +struct krb_host *krb_get_host __P((int, char*, int)); + + +/* Location of ticket file for save_cred and get_cred */ +#define TKT_FILE tkt_string() +#define TKT_ROOT "/tmp/tkt" + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + + +/* Values returned by get_credentials */ +#define GC_OK 0 /* Retrieve OK */ +#define RET_OK 0 /* Retrieve OK */ +#define GC_TKFIL 21 /* Can't read ticket file */ +#define RET_TKFIL 21 /* Can't read ticket file */ +#define GC_NOTKT 22 /* Can't find ticket or TGT */ +#define RET_NOTKT 22 /* Can't find ticket or TGT */ + + +/* Values returned by mk_ap_req */ +#define MK_AP_OK 0 /* Success */ +#define MK_AP_TGTEXP 26 /* TGT Expired */ + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* Values returned by get_pw_tkt */ +#define GT_PW_OK 0 /* Got password changing tkt */ +#define GT_PW_NULL 51 /* Current PW is null */ +#define GT_PW_BADPW 52 /* Incorrect current password */ +#define GT_PW_PROT 53 /* Protocol Error */ +#define GT_PW_KDCERR 54 /* Error returned by KDC */ +#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ + + +/* Values returned by send_to_kdc */ +#define SKDC_OK 0 /* Response received */ +#define SKDC_RETRY 56 /* Retry count exceeded */ +#define SKDC_CANT 57 /* Can't send request */ + +/* + * Values returned by get_intkt + * (can also return SKDC_* and KDC errors) + */ + +#define INTK_OK 0 /* Ticket obtained */ +#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ +#define INTK_BADPW 62 /* Incorrect password */ +#define INTK_PROT 63 /* Protocol Error */ +#define INTK_ERR 70 /* Other error */ + +/* Values returned by get_adtkt */ +#define AD_OK 0 /* Ticket Obtained */ +#define AD_NOTGT 71 /* Don't have tgt */ +#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ + +/* Error codes returned by ticket file utilities */ +#define NO_TKT_FIL 76 /* No ticket file found */ +#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ +#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ +#define TKT_FIL_FMT 79 /* Bad ticket file format */ +#define TKT_FIL_INI 80 /* tf_init not called first */ + +/* Error code returned by kparse_name */ +#define KNAME_FMT 81 /* Bad Kerberos name format */ + +/* Error code returned by krb_mk_safe */ +#define SAFE_PRIV_ERROR -1 /* syscall error */ + +/* + * macros for byte swapping; also scratch space + * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 + * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 + * u_int16_t 0-->1, 1-->0 + */ + +#define swap_u_16(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 16);\ + } + +#define swap_u_12(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 12);\ + } + +#define swap_C_Block(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } +#define swap_u_quad(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } + +#define swap_u_long(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ + x = _krb_swap_tmp[0]; \ + } + +#define swap_u_short(x) {\ + u_int16_t _krb_swap_sh_tmp; \ + swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ + x = (u_int16_t) _krb_swap_sh_tmp; \ + } +/* Kerberos ticket flag field bit definitions */ +#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ +#define K_FLAG_1 /* reserved */ +#define K_FLAG_2 /* reserved */ +#define K_FLAG_3 /* reserved */ +#define K_FLAG_4 /* reserved */ +#define K_FLAG_5 /* reserved */ +#define K_FLAG_6 /* reserved */ +#define K_FLAG_7 /* reserved, bit 7 --> msb */ + +/* Defines for krb_sendauth and krb_recvauth */ + +#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ +#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ + +#define KOPT_DONT_CANON 0x00000004 /* + * don't canonicalize inst as + * a hostname + */ + +#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ + + +/* File locking */ +#define K_LOCK_SH 1 /* Shared lock */ +#define K_LOCK_EX 2 /* Exclusive lock */ +#define K_LOCK_NB 4 /* Don't block when locking */ +#define K_LOCK_UN 8 /* Unlock */ +int k_flock __P((int fd, int operation)); +struct tm *k_localtime __P((u_int32_t *)); +int k_getsockinst __P((int fd, char *inst, size_t)); +int k_getportbyname __P((const char *service, const char *proto, int default_port)); + +extern char *krb4_version; + +struct in_addr; + +int k_get_all_addrs __P((struct in_addr **l)); + +/* Host address comparison */ +int krb_equiv __P((u_int32_t, u_int32_t)); + +/* Password conversion */ +void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); +void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); + +/* Lifetime conversion */ +u_int32_t krb_life_to_time __P((u_int32_t start, int life)); +int krb_time_to_life __P((u_int32_t start, u_int32_t end)); +char *krb_life_to_atime __P((int life)); +int krb_atime_to_life __P((char *atime)); + +/* Ticket manipulation */ +int tf_get_cred __P((CREDENTIALS *)); +int tf_get_pinst __P((char *)); +int tf_get_pname __P((char *)); +int tf_put_pinst __P((char *)); +int tf_put_pname __P((char *)); +int tf_init __P((char *, int)); +int tf_create __P((char *)); +int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); +void tf_close __P((void)); +int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst)); + +/* Private communication */ + +struct sockaddr_in; + +int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +/* Misc */ +KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); + +char *krb_get_phost __P((const char *)); +char *krb_realmofhost __P((const char *)); +char *tkt_string __P((void)); + +int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); +int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); +int dest_tkt __P((void)); +int get_ad_tkt __P((char *, char *, char *, int)); +int get_pw_tkt __P((char *, char *, char *, char *)); +int get_request __P((KTEXT, int, char **, char **)); +int in_tkt __P((char *, char *)); +int k_gethostname __P((char *, int )); +int k_isinst __P((char *)); +int k_isname __P((char *)); +int k_isrealm __P((char *)); +int kname_parse __P((char *, char *, char *, char *)); +int krb_parse_name __P((const char*, krb_principal*)); +char *krb_unparse_name __P((krb_principal*)); +char *krb_unparse_name_r __P((krb_principal*, char*)); +char *krb_unparse_name_long __P((char*, char*, char*)); +char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname)); +int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); + +typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); + +typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, + key_proc_t, KTEXT*)); + +int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t, + decrypt_proc_t, void*)); + +int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *)); + +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_lrealm __P((char *, int)); +char *krb_get_default_realm __P((void)); +int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_tf_fullname __P((char *, char *, char *, char *)); +int krb_get_tf_realm __P((char *, char *)); +int krb_kntoln __P((AUTH_DAT *, char *)); +int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); +int krb_net_read __P((int , void *, size_t)); +int krb_net_write __P((int , const void *, size_t)); +int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); +int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); +int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); +int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); +int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT)); +int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *)); +int krb_set_key __P((void *, int)); +int krb_set_lifetime __P((int)); +int krb_kuserok __P((char *name, char *inst, char *realm, char *luser)); +int kuserok __P((AUTH_DAT *, char *)); +int read_service_key __P((char *, char *, char *, int , char *, char *)); +int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); +int send_to_kdc __P((KTEXT , KTEXT , char *)); + +int32_t krb_mk_err __P((u_char *, int32_t, char *)); +int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +void ad_print __P((AUTH_DAT *)); +void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); +void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); +void krb_set_tkt_string __P((char *)); + +int krb_get_default_principal __P((char *, char *, char *)); +int krb_realm_parse __P((char *, int)); +int krb_verify_user __P((char*, char*, char*, char*, int, char *)); + +/* logging.c */ + +typedef int (*krb_log_func_t)(FILE *, const char *, va_list); + +typedef krb_log_func_t krb_warnfn_t; + +struct krb_log_facility; + +int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 0))) +#endif +; +int krb_logger __P((struct krb_log_facility*, const char *, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t)); + +void krb_set_warnfn __P((krb_warnfn_t)); +krb_warnfn_t krb_get_warnfn __P((void)); +void krb_warning __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void kset_logfile __P((char*)); +void krb_log __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +char *klog __P((int, const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +int getst __P((int, char *, int)); +const char *month_sname __P((int)); +const char *krb_stime __P((time_t *)); +int krb_check_tm __P((struct tm)); + +int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb)); +int krb_put_int __P((u_int32_t from, void *to, int size)); +int krb_get_address __P((void *from, u_int32_t *to)); +int krb_put_address __P((u_int32_t addr, void *to)); +int krb_put_string __P((char *from, void *to)); +int krb_get_string __P((void *from, char *to)); +int krb_get_nir __P((void *from, char *name, char *instance, char *realm)); +int krb_put_nir __P((char *name, char *instance, char *realm, void *to)); + +__END_DECLS + +#endif /* KRB_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak new file mode 100644 index 0000000..1236261 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.mak @@ -0,0 +1,3065 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=krb - Win32 Debug +!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "krb - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "krb - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\krb.dll" + +CLEAN : + -@erase ".\Release\cr_err_reply.obj" + -@erase ".\Release\create_auth_reply.obj" + -@erase ".\Release\create_ciph.obj" + -@erase ".\Release\create_ticket.obj" + -@erase ".\Release\debug_decl.obj" + -@erase ".\Release\decomp_ticket.obj" + -@erase ".\Release\dllmain.obj" + -@erase ".\Release\encrypt_ktext.obj" + -@erase ".\Release\et_list.obj" + -@erase ".\Release\get_ad_tkt.obj" + -@erase ".\Release\get_cred.obj" + -@erase ".\Release\get_default_principal.obj" + -@erase ".\Release\get_host.obj" + -@erase ".\Release\get_in_tkt.obj" + -@erase ".\Release\get_krbrlm.obj" + -@erase ".\Release\get_phost.obj" + -@erase ".\Release\get_svc_in_tkt.obj" + -@erase ".\Release\get_tf_fullname.obj" + -@erase ".\Release\get_tf_realm.obj" + -@erase ".\Release\getaddrs.obj" + -@erase ".\Release\getrealm.obj" + -@erase ".\Release\getst.obj" + -@erase ".\Release\k_flock.obj" + -@erase ".\Release\k_gethostname.obj" + -@erase ".\Release\k_getport.obj" + -@erase ".\Release\k_getsockinst.obj" + -@erase ".\Release\k_localtime.obj" + -@erase ".\Release\kdc_reply.obj" + -@erase ".\Release\kntoln.obj" + -@erase ".\Release\krb.dll" + -@erase ".\Release\krb.exp" + -@erase ".\Release\krb.lib" + -@erase ".\Release\krb_check_auth.obj" + -@erase ".\Release\krb_equiv.obj" + -@erase ".\Release\krb_err_txt.obj" + -@erase ".\Release\krb_get_in_tkt.obj" + -@erase ".\Release\lifetime.obj" + -@erase ".\Release\logging.obj" + -@erase ".\Release\lsb_addr_comp.obj" + -@erase ".\Release\mk_auth.obj" + -@erase ".\Release\mk_err.obj" + -@erase ".\Release\mk_priv.obj" + -@erase ".\Release\mk_req.obj" + -@erase ".\Release\mk_safe.obj" + -@erase ".\Release\month_sname.obj" + -@erase ".\Release\name2name.obj" + -@erase ".\Release\netread.obj" + -@erase ".\Release\netwrite.obj" + -@erase ".\Release\one.obj" + -@erase ".\Release\parse_name.obj" + -@erase ".\Release\rd_err.obj" + -@erase ".\Release\rd_priv.obj" + -@erase ".\Release\rd_req.obj" + -@erase ".\Release\rd_safe.obj" + -@erase ".\Release\read_service_key.obj" + -@erase ".\Release\realm_parse.obj" + -@erase ".\Release\recvauth.obj" + -@erase ".\Release\resolve.obj" + -@erase ".\Release\rw.obj" + -@erase ".\Release\save_credentials.obj" + -@erase ".\Release\send_to_kdc.obj" + -@erase ".\Release\sendauth.obj" + -@erase ".\Release\stime.obj" + -@erase ".\Release\str2key.obj" + -@erase ".\Release\swab.obj" + -@erase ".\Release\ticket_memory.obj" + -@erase ".\Release\tkt_string.obj" + -@erase ".\Release\unparse_name.obj" + -@erase ".\Release\util.obj" + -@erase ".\Release\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\ + /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Release\cr_err_reply.obj" \ + ".\Release\create_auth_reply.obj" \ + ".\Release\create_ciph.obj" \ + ".\Release\create_ticket.obj" \ + ".\Release\debug_decl.obj" \ + ".\Release\decomp_ticket.obj" \ + ".\Release\dllmain.obj" \ + ".\Release\encrypt_ktext.obj" \ + ".\Release\et_list.obj" \ + ".\Release\get_ad_tkt.obj" \ + ".\Release\get_cred.obj" \ + ".\Release\get_default_principal.obj" \ + ".\Release\get_host.obj" \ + ".\Release\get_in_tkt.obj" \ + ".\Release\get_krbrlm.obj" \ + ".\Release\get_phost.obj" \ + ".\Release\get_svc_in_tkt.obj" \ + ".\Release\get_tf_fullname.obj" \ + ".\Release\get_tf_realm.obj" \ + ".\Release\getaddrs.obj" \ + ".\Release\getrealm.obj" \ + ".\Release\getst.obj" \ + ".\Release\k_flock.obj" \ + ".\Release\k_gethostname.obj" \ + ".\Release\k_getport.obj" \ + ".\Release\k_getsockinst.obj" \ + ".\Release\k_localtime.obj" \ + ".\Release\kdc_reply.obj" \ + ".\Release\kntoln.obj" \ + ".\Release\krb_check_auth.obj" \ + ".\Release\krb_equiv.obj" \ + ".\Release\krb_err_txt.obj" \ + ".\Release\krb_get_in_tkt.obj" \ + ".\Release\lifetime.obj" \ + ".\Release\logging.obj" \ + ".\Release\lsb_addr_comp.obj" \ + ".\Release\mk_auth.obj" \ + ".\Release\mk_err.obj" \ + ".\Release\mk_priv.obj" \ + ".\Release\mk_req.obj" \ + ".\Release\mk_safe.obj" \ + ".\Release\month_sname.obj" \ + ".\Release\name2name.obj" \ + ".\Release\netread.obj" \ + ".\Release\netwrite.obj" \ + ".\Release\one.obj" \ + ".\Release\parse_name.obj" \ + ".\Release\rd_err.obj" \ + ".\Release\rd_priv.obj" \ + ".\Release\rd_req.obj" \ + ".\Release\rd_safe.obj" \ + ".\Release\read_service_key.obj" \ + ".\Release\realm_parse.obj" \ + ".\Release\recvauth.obj" \ + ".\Release\resolve.obj" \ + ".\Release\rw.obj" \ + ".\Release\save_credentials.obj" \ + ".\Release\send_to_kdc.obj" \ + ".\Release\sendauth.obj" \ + ".\Release\stime.obj" \ + ".\Release\str2key.obj" \ + ".\Release\swab.obj" \ + ".\Release\ticket_memory.obj" \ + ".\Release\tkt_string.obj" \ + ".\Release\unparse_name.obj" \ + ".\Release\util.obj" \ + ".\Release\verify_user.obj" + +".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\krb.dll" + +CLEAN : + -@erase ".\Debug\cr_err_reply.obj" + -@erase ".\Debug\create_auth_reply.obj" + -@erase ".\Debug\create_ciph.obj" + -@erase ".\Debug\create_ticket.obj" + -@erase ".\Debug\debug_decl.obj" + -@erase ".\Debug\decomp_ticket.obj" + -@erase ".\Debug\dllmain.obj" + -@erase ".\Debug\encrypt_ktext.obj" + -@erase ".\Debug\et_list.obj" + -@erase ".\Debug\get_ad_tkt.obj" + -@erase ".\Debug\get_cred.obj" + -@erase ".\Debug\get_default_principal.obj" + -@erase ".\Debug\get_host.obj" + -@erase ".\Debug\get_in_tkt.obj" + -@erase ".\Debug\get_krbrlm.obj" + -@erase ".\Debug\get_phost.obj" + -@erase ".\Debug\get_svc_in_tkt.obj" + -@erase ".\Debug\get_tf_fullname.obj" + -@erase ".\Debug\get_tf_realm.obj" + -@erase ".\Debug\getaddrs.obj" + -@erase ".\Debug\getrealm.obj" + -@erase ".\Debug\getst.obj" + -@erase ".\Debug\k_flock.obj" + -@erase ".\Debug\k_gethostname.obj" + -@erase ".\Debug\k_getport.obj" + -@erase ".\Debug\k_getsockinst.obj" + -@erase ".\Debug\k_localtime.obj" + -@erase ".\Debug\kdc_reply.obj" + -@erase ".\Debug\kntoln.obj" + -@erase ".\Debug\krb.dll" + -@erase ".\Debug\krb.exp" + -@erase ".\Debug\krb.ilk" + -@erase ".\Debug\krb.lib" + -@erase ".\Debug\krb.pdb" + -@erase ".\Debug\krb_check_auth.obj" + -@erase ".\Debug\krb_equiv.obj" + -@erase ".\Debug\krb_err_txt.obj" + -@erase ".\Debug\krb_get_in_tkt.obj" + -@erase ".\Debug\lifetime.obj" + -@erase ".\Debug\logging.obj" + -@erase ".\Debug\lsb_addr_comp.obj" + -@erase ".\Debug\mk_auth.obj" + -@erase ".\Debug\mk_err.obj" + -@erase ".\Debug\mk_priv.obj" + -@erase ".\Debug\mk_req.obj" + -@erase ".\Debug\mk_safe.obj" + -@erase ".\Debug\month_sname.obj" + -@erase ".\Debug\name2name.obj" + -@erase ".\Debug\netread.obj" + -@erase ".\Debug\netwrite.obj" + -@erase ".\Debug\one.obj" + -@erase ".\Debug\parse_name.obj" + -@erase ".\Debug\rd_err.obj" + -@erase ".\Debug\rd_priv.obj" + -@erase ".\Debug\rd_req.obj" + -@erase ".\Debug\rd_safe.obj" + -@erase ".\Debug\read_service_key.obj" + -@erase ".\Debug\realm_parse.obj" + -@erase ".\Debug\recvauth.obj" + -@erase ".\Debug\resolve.obj" + -@erase ".\Debug\rw.obj" + -@erase ".\Debug\save_credentials.obj" + -@erase ".\Debug\send_to_kdc.obj" + -@erase ".\Debug\sendauth.obj" + -@erase ".\Debug\stime.obj" + -@erase ".\Debug\str2key.obj" + -@erase ".\Debug\swab.obj" + -@erase ".\Debug\ticket_memory.obj" + -@erase ".\Debug\tkt_string.obj" + -@erase ".\Debug\unparse_name.obj" + -@erase ".\Debug\util.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + -@erase ".\Debug\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\ + /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\ + /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Debug\cr_err_reply.obj" \ + ".\Debug\create_auth_reply.obj" \ + ".\Debug\create_ciph.obj" \ + ".\Debug\create_ticket.obj" \ + ".\Debug\debug_decl.obj" \ + ".\Debug\decomp_ticket.obj" \ + ".\Debug\dllmain.obj" \ + ".\Debug\encrypt_ktext.obj" \ + ".\Debug\et_list.obj" \ + ".\Debug\get_ad_tkt.obj" \ + ".\Debug\get_cred.obj" \ + ".\Debug\get_default_principal.obj" \ + ".\Debug\get_host.obj" \ + ".\Debug\get_in_tkt.obj" \ + ".\Debug\get_krbrlm.obj" \ + ".\Debug\get_phost.obj" \ + ".\Debug\get_svc_in_tkt.obj" \ + ".\Debug\get_tf_fullname.obj" \ + ".\Debug\get_tf_realm.obj" \ + ".\Debug\getaddrs.obj" \ + ".\Debug\getrealm.obj" \ + ".\Debug\getst.obj" \ + ".\Debug\k_flock.obj" \ + ".\Debug\k_gethostname.obj" \ + ".\Debug\k_getport.obj" \ + ".\Debug\k_getsockinst.obj" \ + ".\Debug\k_localtime.obj" \ + ".\Debug\kdc_reply.obj" \ + ".\Debug\kntoln.obj" \ + ".\Debug\krb_check_auth.obj" \ + ".\Debug\krb_equiv.obj" \ + ".\Debug\krb_err_txt.obj" \ + ".\Debug\krb_get_in_tkt.obj" \ + ".\Debug\lifetime.obj" \ + ".\Debug\logging.obj" \ + ".\Debug\lsb_addr_comp.obj" \ + ".\Debug\mk_auth.obj" \ + ".\Debug\mk_err.obj" \ + ".\Debug\mk_priv.obj" \ + ".\Debug\mk_req.obj" \ + ".\Debug\mk_safe.obj" \ + ".\Debug\month_sname.obj" \ + ".\Debug\name2name.obj" \ + ".\Debug\netread.obj" \ + ".\Debug\netwrite.obj" \ + ".\Debug\one.obj" \ + ".\Debug\parse_name.obj" \ + ".\Debug\rd_err.obj" \ + ".\Debug\rd_priv.obj" \ + ".\Debug\rd_req.obj" \ + ".\Debug\rd_safe.obj" \ + ".\Debug\read_service_key.obj" \ + ".\Debug\realm_parse.obj" \ + ".\Debug\recvauth.obj" \ + ".\Debug\resolve.obj" \ + ".\Debug\rw.obj" \ + ".\Debug\save_credentials.obj" \ + ".\Debug\send_to_kdc.obj" \ + ".\Debug\sendauth.obj" \ + ".\Debug\stime.obj" \ + ".\Debug\str2key.obj" \ + ".\Debug\swab.obj" \ + ".\Debug\ticket_memory.obj" \ + ".\Debug\tkt_string.obj" \ + ".\Debug\unparse_name.obj" \ + ".\Debug\util.obj" \ + ".\Debug\verify_user.obj" + +".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "krb - Win32 Release" +# Name "krb - Win32 Debug" + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=.\krb.def + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_fullname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\cr_err_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_auth_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ciph.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\decomp_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\dllmain.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + ".\ticket_memory.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\encrypt_ktext.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\et_list.c +DEP_CPP_ET_LI=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_ad_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_cred.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_default_principal.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_host.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_krbrlm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phos + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_svc_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phost.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_equiv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getaddrs.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getrealm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_flock.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_gethostname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getport.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getsockinst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_localtime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kdc_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kntoln.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_check_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_realm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lifetime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lsb_addr_comp.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\month_sname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\name2name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netread.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netwrite.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\one.c + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\parse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_err_txt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\send_to_kdc.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\realm_parse.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\recvauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\resolve.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\resolve.h"\ + + +".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rw.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + "..\des\version.h"\ + ".\krb_locl.h"\ + + +".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\des\version.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\save_credentials.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\read_service_key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\verify_user.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\stime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\swab.c +DEP_CPP_SWAB_=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\ticket_memory.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TICKE=\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TICKE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\tkt_string.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\unparse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\util.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\sendauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\logging.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\klog.h"\ + ".\krb_locl.h"\ + + +".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\klog.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\str2key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\debug_decl.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c new file mode 100644 index 0000000..8bddbf5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); + +/* + * + * Receive an mutual-authenticator for a server in `packet', with + * `checksum', `session', and `schedule' having the appropriate values + * and return the data in `msg_data'. + * + * Return KSUCCESS if the received checksum is correct. + * + */ + +int +krb_check_auth(KTEXT packet, + u_int32_t checksum, + MSG_DAT *msg_data, + des_cblock *session, + struct des_ks_struct *schedule, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr) +{ + int ret; + u_int32_t checksum2; + + ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr, + laddr, msg_data); + if (ret != RD_AP_OK) + return ret; + if (msg_data->app_length != 4) + return KFAILURE; + krb_get_int (msg_data->app_data, &checksum2, 4, 0); + if (checksum2 == checksum + 1) + return KSUCCESS; + else + return KFAILURE; +} diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c new file mode 100644 index 0000000..06f42f5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_equiv.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); + * + * Given two IP adresses return true if they match + * or are considered to belong to the same host. + * + * For example if /etc/krb.equiv looks like + * + * 130.237.223.3 192.16.126.3 # alv alv1 + * 130.237.223.4 192.16.126.4 # byse byse1 + * 130.237.228.152 192.16.126.9 # topsy topsy1 + * + * krb_equiv(alv, alv1) would return true but + * krb_equiv(alv, byse1) would not. + * + * A comment starts with an '#' and ends with '\n'. + * + */ +#include "krb_locl.h" + +RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $"); + +int krb_ignore_ip_address = 0; + +int +krb_equiv(u_int32_t a, u_int32_t b) +{ + FILE *fil; + char line[256]; + int hit_a, hit_b; + int iscomment; + + if (a == b) /* trivial match, also the common case */ + return 1; + + if (krb_ignore_ip_address) + return 1; /* if we have decided not to compare */ + + a = ntohl(a); + b = ntohl(b); + + fil = fopen(KRB_EQUIV, "r"); + if (fil == NULL) /* open failed */ + return 0; + + hit_a = hit_b = 0; + iscomment = 0; + while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ + { + char *t = line; + int len = strlen(t); + + /* for each item on this line */ + while (*t != 0) /* more addresses on this line? */ + if (*t == '\n') { + iscomment = hit_a = hit_b = 0; + break; + } else if (iscomment) + t = line + len - 1; + else if (*t == '#') { /* rest is comment */ + iscomment = 1; + ++t; + } else if (*t == '\\' ) /* continuation */ + break; + else if (isspace(*t)) /* skip space */ + t++; + else if (isdigit(*t)) /* an address? */ + { + u_int32_t tmp; + u_int32_t tmpa, tmpb, tmpc, tmpd; + + sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd); + tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd; + + while (*t == '.' || isdigit(*t)) /* done with this address */ + t++; + + if (tmp != -1) { /* an address (and not broadcast) */ + u_int32_t mask = (u_int32_t)~0; + + if (*t == '/') { + ++t; + mask <<= 32 - atoi(t); + + while(isdigit(*t)) + ++t; + } + + if ((tmp & mask) == (a & mask)) + hit_a = 1; + if ((tmp & mask) == (b & mask)) + hit_b = 1; + if (hit_a && hit_b) { + fclose(fil); + return 1; + } + } + } + else + ++t; /* garbage on this line, skip it */ + + } + + fclose(fil); + return 0; +} diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et new file mode 100644 index 0000000..4e32aed --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err.et @@ -0,0 +1,257 @@ +# Copyright 1987,1988 Massachusetts Institute of Technology +# +# For copying and distribution information, see the file +# "mit-copyright.h". +# +# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $ +# + error_table krb + + ec KRBET_KSUCCESS, + "Kerberos successful" + + ec KRBET_KDC_NAME_EXP, + "Kerberos principal expired" + + ec KRBET_KDC_SERVICE_EXP, + "Kerberos service expired" + + ec KRBET_KDC_AUTH_EXP, + "Kerberos auth expired" + + ec KRBET_KDC_PKT_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_P_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_S_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_BYTE_ORDER, + "Kerberos error: byte order unknown" + + ec KRBET_KDC_PR_UNKNOWN, + "Kerberos principal unknown" + + ec KRBET_KDC_PR_N_UNIQUE, + "Kerberos principal not unique" + + ec KRBET_KDC_NULL_KEY, + "Kerberos principal has null key" + + ec KRBET_KRB_RES11, + "Reserved 11" + + ec KRBET_KRB_RES12, + "Reserved 12" + + ec KRBET_KRB_RES13, + "Reserved 13" + + ec KRBET_KRB_RES14, + "Reserved 14" + + ec KRBET_KRB_RES15, + "Reserved 15" + + ec KRBET_KRB_RES16, + "Reserved 16" + + ec KRBET_KRB_RES17, + "Reserved 17" + + ec KRBET_KRB_RES18, + "Reserved 18" + + ec KRBET_KRB_RES19, + "Reserved 19" + + ec KRBET_KDC_GEN_ERR, + "Generic error from Kerberos KDC" + + ec KRBET_GC_TKFIL, + "Can't read Kerberos ticket file" + + ec KRBET_GC_NOTKT, + "Can't find Kerberos ticket or TGT" + + ec KRBET_KRB_RES23, + "Reserved 23" + + ec KRBET_KRB_RES24, + "Reserved 24" + + ec KRBET_KRB_RES25, + "Reserved 25" + + ec KRBET_MK_AP_TGTEXP, + "Kerberos TGT Expired" + + ec KRBET_KRB_RES27, + "Reserved 27" + + ec KRBET_KRB_RES28, + "Reserved 28" + + ec KRBET_KRB_RES29, + "Reserved 29" + + ec KRBET_KRB_RES30, + "Reserved 30" + + ec KRBET_RD_AP_UNDEC, + "Kerberos error: Can't decode authenticator" + + ec KRBET_RD_AP_EXP, + "Kerberos ticket expired" + + ec KRBET_RD_AP_NYV, + "Kerberos ticket not yet valid" + + ec KRBET_RD_AP_REPEAT, + "Kerberos error: Repeated request" + + ec KRBET_RD_AP_NOT_US, + "The kerberos ticket isn't for us" + + ec KRBET_RD_AP_INCON, + "Kerberos request inconsistent" + + ec KRBET_RD_AP_TIME, + "Kerberos error: delta_t too big" + + ec KRBET_RD_AP_BADD, + "Kerberos error: incorrect net address" + + ec KRBET_RD_AP_VERSION, + "Kerberos protocol version mismatch" + + ec KRBET_RD_AP_MSG_TYPE, + "Kerberos error: invalid msg type" + + ec KRBET_RD_AP_MODIFIED, + "Kerberos error: message stream modified" + + ec KRBET_RD_AP_ORDER, + "Kerberos error: message out of order" + + ec KRBET_RD_AP_UNAUTHOR, + "Kerberos error: unauthorized request" + + ec KRBET_KRB_RES44, + "Reserved 44" + + ec KRBET_KRB_RES45, + "Reserved 45" + + ec KRBET_KRB_RES46, + "Reserved 46" + + ec KRBET_KRB_RES47, + "Reserved 47" + + ec KRBET_KRB_RES48, + "Reserved 48" + + ec KRBET_KRB_RES49, + "Reserved 49" + + ec KRBET_KRB_RES50, + "Reserved 50" + + ec KRBET_GT_PW_NULL, + "Kerberos error: current PW is null" + + ec KRBET_GT_PW_BADPW, + "Kerberos error: Incorrect current password" + + ec KRBET_GT_PW_PROT, + "Kerberos protocol error" + + ec KRBET_GT_PW_KDCERR, + "Error returned by Kerberos KDC" + + ec KRBET_GT_PW_NULLTKT, + "Null Kerberos ticket returned by KDC" + + ec KRBET_SKDC_RETRY, + "Kerberos error: Retry count exceeded" + + ec KRBET_SKDC_CANT, + "Kerberos error: Can't send request" + + ec KRBET_KRB_RES58, + "Reserved 58" + + ec KRBET_KRB_RES59, + "Reserved 59" + + ec KRBET_KRB_RES60, + "Reserved 60" + + ec KRBET_INTK_W_NOTALL, + "Kerberos error: not all tickets returned" + + ec KRBET_INTK_BADPW, + "Kerberos error: incorrect password" + + ec KRBET_INTK_PROT, + "Kerberos error: Protocol Error" + + ec KRBET_KRB_RES64, + "Reserved 64" + + ec KRBET_KRB_RES65, + "Reserved 65" + + ec KRBET_KRB_RES66, + "Reserved 66" + + ec KRBET_KRB_RES67, + "Reserved 67" + + ec KRBET_KRB_RES68, + "Reserved 68" + + ec KRBET_KRB_RES69, + "Reserved 69" + + ec KRBET_INTK_ERR, + "Other error" + + ec KRBET_AD_NOTGT, + "Don't have Kerberos ticket-granting ticket" + + ec KRBET_KRB_RES72, + "Can't get Kerberos inter-realm ticket-granting ticket" + + ec KRBET_KRB_RES73, + "Reserved 73" + + ec KRBET_KRB_RES74, + "Reserved 74" + + ec KRBET_KRB_RES75, + "Reserved 75" + + ec KRBET_NO_TKT_FIL, + "No ticket file found" + + ec KRBET_TKT_FIL_ACC, + "Couldn't access ticket file" + + ec KRBET_TKT_FIL_LCK, + "Couldn't lock ticket file" + + ec KRBET_TKT_FIL_FMT, + "Bad ticket file format" + + ec KRBET_TKT_FIL_INI, + "tf_init not called first" + + ec KRBET_KNAME_FMT, + "Bad Kerberos name format" + + end + diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c new file mode 100644 index 0000000..161aa0f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $"); + +/* + * This file contains an array of error text strings. + * The associated error codes (which are defined in "krb.h") + * follow the string in the comments at the end of each line. + */ + +const char *krb_err_txt[256] = { + "OK", /* 000 */ + "Principal expired (kerberos)", /* 001 */ + "Service expired (kerberos)", /* 002 */ + "Authentication expired (kerberos)", /* 003 */ + "Unknown protocol version number (kerberos)", /* 004 */ + "Principal: Incorrect master key version (kerberos)", /* 005 */ + "Service: Incorrect master key version (kerberos)", /* 006 */ + "Bad byte order (kerberos)", /* 007 */ + "Principal unknown (kerberos)", /* 008 */ + "Principal not unique (kerberos)", /* 009 */ + "Principal has null key (kerberos)", /* 010 */ + "Timeout in request (kerberos)", /* 011 */ + "Reserved error message 12 (kerberos)", /* 012 */ + "Reserved error message 13 (kerberos)", /* 013 */ + "Reserved error message 14 (kerberos)", /* 014 */ + "Reserved error message 15 (kerberos)", /* 015 */ + "Reserved error message 16 (kerberos)", /* 016 */ + "Reserved error message 17 (kerberos)", /* 017 */ + "Reserved error message 18 (kerberos)", /* 018 */ + "Reserved error message 19 (kerberos)", /* 019 */ + "Permission Denied (kerberos)", /* 020 */ + "Can't read ticket file (krb_get_cred)", /* 021 */ + "Can't find ticket (krb_get_cred)", /* 022 */ + "Reserved error message 23 (krb_get_cred)", /* 023 */ + "Reserved error message 24 (krb_get_cred)", /* 024 */ + "Reserved error message 25 (krb_get_cred)", /* 025 */ + "Ticket granting ticket expired (krb_mk_req)", /* 026 */ + "Reserved error message 27 (krb_mk_req)", /* 027 */ + "Reserved error message 28 (krb_mk_req)", /* 028 */ + "Reserved error message 29 (krb_mk_req)", /* 029 */ + "Reserved error message 30 (krb_mk_req)", /* 030 */ + "Can't decode authenticator (krb_rd_req)", /* 031 */ + "Ticket expired (krb_rd_req)", /* 032 */ + "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ + "Repeat request (krb_rd_req)", /* 034 */ + "Ticket for wrong server (krb_rd_req)", /* 035 */ + "Request inconsistent (krb_rd_req)", /* 036 */ + "Time is out of bounds (krb_rd_req)", /* 037 */ + "Incorrect network address (krb_rd_req)", /* 038 */ + "Protocol version mismatch (krb_rd_req)", /* 039 */ + "Illegal message type (krb_rd_req)", /* 040 */ + "Message integrity error (krb_rd_req)", /* 041 */ + "Message duplicate or out of order (krb_rd_req)", /* 042 */ + "Unauthorized request (krb_rd_req)", /* 043 */ + "Reserved error message 44 (krb_rd_req)", /* 044 */ + "Reserved error message 45 (krb_rd_req)", /* 045 */ + "Reserved error message 46 (krb_rd_req)", /* 046 */ + "Reserved error message 47 (krb_rd_req)", /* 047 */ + "Reserved error message 48 (krb_rd_req)", /* 048 */ + "Reserved error message 49 (krb_rd_req)", /* 049 */ + "Reserved error message 50 (krb_rd_req)", /* 050 */ + "Current password is NULL (get_pw_tkt)", /* 051 */ + "Current password incorrect (get_pw_tkt)", /* 052 */ + "Protocol error (gt_pw_tkt)", /* 053 */ + "Error returned by KDC (gt_pw_tkt)", /* 054 */ + "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ + "Retry count exceeded (send_to_kdc)", /* 056 */ + "Can't send request (send_to_kdc)", /* 057 */ + "Reserved error message 58 (send_to_kdc)", /* 058 */ + "Reserved error message 59 (send_to_kdc)", /* 059 */ + "Reserved error message 60 (send_to_kdc)", /* 060 */ + "Warning: Not ALL tickets returned", /* 061 */ + "Password incorrect", /* 062 */ + "Protocol error (get_in_tkt)", /* 063 */ + "Reserved error message 64 (get_in_tkt)", /* 064 */ + "Reserved error message 65 (get_in_tkt)", /* 065 */ + "Reserved error message 66 (get_in_tkt)", /* 066 */ + "Reserved error message 67 (get_in_tkt)", /* 067 */ + "Reserved error message 68 (get_in_tkt)", /* 068 */ + "Reserved error message 69 (get_in_tkt)", /* 069 */ + "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */ + "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ + "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */ + "Reserved error message 73 (get_ad_tkt)", /* 073 */ + "Reserved error message 74 (get_ad_tkt)", /* 074 */ + "Reserved error message 75 (get_ad_tkt)", /* 075 */ + "No ticket file (tf_util)", /* 076 */ + "Can't access ticket file (tf_util)", /* 077 */ + "Can't lock ticket file; try later (tf_util)", /* 078 */ + "Bad ticket file format (tf_util)", /* 079 */ + "Read ticket file before tf_init (tf_util)", /* 080 */ + "Bad Kerberos name format (kname_parse)", /* 081 */ + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "Generic kerberos error (kfailure)", /* 255 */ +}; + +static const char err_failure[] = "Illegal error code passed (krb_get_err_text)"; + +const char * +krb_get_err_text(int code) +{ + if(code < 0 || code >= MAX_KRB_ERRORS) + return err_failure; + return krb_err_txt[code]; +} diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c new file mode 100644 index 0000000..d3e6cc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $"); + +/* + * decrypt_tkt(): Given user, instance, realm, passwd, key_proc + * and the cipher text sent from the KDC, decrypt the cipher text + * using the key returned by key_proc. + */ + +static int +decrypt_tkt(char *user, char *instance, char *realm, + void *arg, key_proc_t key_proc, KTEXT *cip) +{ + des_cblock key; /* Key for decrypting cipher */ + int ret; + + ret = key_proc(user, instance, realm, arg, &key); + if (ret != 0) + return ret; + + encrypt_ktext(*cip, &key, DES_DECRYPT); + + memset(&key, 0, sizeof(key)); + return 0; +} + +/* + * krb_get_in_tkt() gets a ticket for a given principal to use a given + * service and stores the returned ticket and session key for future + * use. + * + * The "user", "instance", and "realm" arguments give the identity of + * the client who will use the ticket. The "service" and "sinstance" + * arguments give the identity of the server that the client wishes + * to use. (The realm of the server is the same as the Kerberos server + * to whom the request is sent.) The "life" argument indicates the + * desired lifetime of the ticket; the "key_proc" argument is a pointer + * to the routine used for getting the client's private key to decrypt + * the reply from Kerberos. The "decrypt_proc" argument is a pointer + * to the routine used to decrypt the reply from Kerberos; and "arg" + * is an argument to be passed on to the "key_proc" routine. + * + * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it + * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned + * by Kerberos, then the error code it contains is returned. Other + * error codes returned by this routine include INTK_PROT to indicate + * wrong protocol version, INTK_BADPW to indicate bad password (if + * decrypted ticket didn't make sense), INTK_ERR if the ticket was for + * the wrong server or the ticket store couldn't be initialized. + * + * The format of the message sent to Kerberos is as follows: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_KDC_REQUEST | message type + * HOST_BYTE_ORDER local byte order in lsb + * string user client's name + * string instance client's instance + * string realm client's realm + * 4 bytes tlocal.tv_sec timestamp in seconds + * 1 byte life desired lifetime + * string service service's name + * string sinstance service's instance + */ + +int +krb_get_in_tkt(char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +{ + KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; /* Packet to KDC */ + KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + int kerror; + struct timeval tv; + + /* BUILD REQUEST PACKET */ + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1); + + p += krb_put_nir(user, instance, realm, p); + + gettimeofday(&tv, NULL); + p += krb_put_int(tv.tv_sec, p, 4); + p += krb_put_int(life, p, 1); + + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + + rpkt->length = 0; + + /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ + + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + p = rpkt->dat; + + { + CREDENTIALS cred; + KTEXT_ST cip; + KTEXT foo = &cip; /* braindamage */ + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || + strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + /* initialize ticket cache */ + + return tf_setup(&cred, user, instance); + } +} diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h new file mode 100644 index 0000000..4475883 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_locl.h @@ -0,0 +1,163 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */ + +#ifndef __krb_locl_h +#define __krb_locl_h + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include "protos.h" + +#include +#include +#include +#include +#include +#include + +#include + +#ifdef HAVE_PWD_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_IO_H +#include +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_SYS_FILE_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_WINSOCK_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include +#endif +#ifdef HAVE_RESOLV_H +#include +#endif + +#ifdef SOCKS +#include +#endif + +#include + +#include +#include + +#include "resolve.h" + +/* --- */ + +/* Globals! */ +extern int krb_debug; +extern int krb_ap_req_debug; + +/* Utils */ +int krb_name_to_name(const char *, char *, size_t); + +void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); +int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); +int kdc_reply_cipher(KTEXT reply, KTEXT cip); + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday (struct timeval *, void *); +#endif + +void k_ricercar(char*); + +/* safe multiple strcat */ +int k_concat(char*, size_t, ...); +int k_vconcat(char*, size_t, va_list); + +/* mallocing versions of the above */ +size_t k_vmconcat (char**, size_t, va_list); +size_t k_mconcat (char**, size_t, ...); + +/* used in rd_safe.c and mk_safe.c */ + +void fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little); + +#endif /* __krb_locl_h */ diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c new file mode 100644 index 0000000..e3d5e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kuserok.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $"); + +#define OK 0 +#define NOTOK 1 +#define MAX_USERNAME 10 + +/* + * Given a Kerberos principal and a local username, determine whether + * user is authorized to login according to the authorization file + * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if + * not authorized. + * + * IMPORTANT CHANGE: To eliminate the need of making a distinction + * between the 3 cases: + * + * 1. We can't verify that a .klogin file doesn't exist (no home dir). + * 2. It's there but we aren't allowed to read it. + * 3. We can read it and ~luser@LOCALREALM is (not) included. + * + * We instead make the assumption that luser@LOCALREALM is *always* + * included. Thus it is impossible to have an empty .klogin file and + * also to exclude luser@LOCALREALM from it. Root is treated differently + * since it's home should always be available. + * + * OLD STRATEGY: + * If there is no account for "luser" on the local machine, returns + * NOTOK. If there is no authorization file, and the given Kerberos + * name "kdata" translates to the same name as "luser" (using + * krb_kntoln()), returns OK. Otherwise, if the authorization file + * can't be accessed, returns NOTOK. Otherwise, the file is read for + * a matching principal name, instance, and realm. If one is found, + * returns OK, if none is found, returns NOTOK. + * + * The file entries are in the format: + * + * name.instance@realm + * + * one entry per line. + * + */ + +int +krb_kuserok(char *name, char *instance, char *realm, char *luser) +{ + struct passwd *pwd; + char lrealm[REALM_SZ]; + FILE *f; + char line[1024]; + char file[MaxPathLen]; + struct stat st; + + pwd = getpwnam(luser); + if(pwd == NULL) + return NOTOK; + if(krb_get_lrealm(lrealm, 1)) + return NOTOK; + if(pwd->pw_uid != 0 && + strcmp(name, luser) == 0 && + strcmp(instance, "") == 0 && + strcmp(realm, lrealm) == 0) + return OK; + strcpy(file, pwd->pw_dir); + strcat(file, "/.klogin"); + + f = fopen(file, "r"); + if(f == NULL) + return NOTOK; + + /* this is not a working test in filesystems like AFS and DFS */ + if(fstat(fileno(f), &st) < 0){ + fclose(f); + return NOTOK; + } + + if(st.st_uid != pwd->pw_uid){ + fclose(f); + return NOTOK; + } + + while(fgets(line, sizeof(line), f)){ + char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ]; + if(line[strlen(line) - 1] != '\n') + /* read till end of line */ + while(1){ + int c = fgetc(f); + if(c == '\n' || c == EOF) + break; + } + else + line[strlen(line) - 1] = 0; + + if(kname_parse(fname, finst, frealm, line)) + continue; + if(strcmp(name, fname)) + continue; + if(strcmp(instance, finst)) + continue; + if(frealm[0] == 0) + strcpy(frealm, lrealm); + if(strcmp(realm, frealm)) + continue; + fclose(f); + return OK; + } + fclose(f); + return NOTOK; +} + +/* compatibility interface */ + +int +kuserok(AUTH_DAT *auth, char *luser) +{ + return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser); +} + diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c new file mode 100644 index 0000000..1866996 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lifetime.c @@ -0,0 +1,213 @@ +/* + * Ticket lifetime. This defines the table used to lookup lifetime + * for the fixed part of rande of the one byte lifetime field. Values + * less than 0x80 are intrpreted as the number of 5 minute intervals. + * Values from 0x80 to 0xBF should be looked up in this table. The + * value of 0x80 is the same using both methods: 10 and two-thirds + * hours . The lifetime of 0xBF is 30 days. The intervening values + * of have a fixed ratio of roughly 1.06914. The value 0xFF is + * defined to mean a ticket has no expiration time. This should be + * used advisedly since individual servers may impose defacto + * upperbounds on ticket lifetimes. + */ + +#include "krb_locl.h" + +RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $"); + +/* If you want to disable this feature */ +int krb_no_long_lifetimes = 0; + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((unsigned long)0x7fffffffL) +#endif + +static const int tkt_lifetimes[TKTLIFENUMFIXED] = { + 38400, /* 10.67 hours, 0.44 days */ + 41055, /* 11.40 hours, 0.48 days */ + 43894, /* 12.19 hours, 0.51 days */ + 46929, /* 13.04 hours, 0.54 days */ + 50174, /* 13.94 hours, 0.58 days */ + 53643, /* 14.90 hours, 0.62 days */ + 57352, /* 15.93 hours, 0.66 days */ + 61318, /* 17.03 hours, 0.71 days */ + 65558, /* 18.21 hours, 0.76 days */ + 70091, /* 19.47 hours, 0.81 days */ + 74937, /* 20.82 hours, 0.87 days */ + 80119, /* 22.26 hours, 0.93 days */ + 85658, /* 23.79 hours, 0.99 days */ + 91581, /* 25.44 hours, 1.06 days */ + 97914, /* 27.20 hours, 1.13 days */ + 104684, /* 29.08 hours, 1.21 days */ + 111922, /* 31.09 hours, 1.30 days */ + 119661, /* 33.24 hours, 1.38 days */ + 127935, /* 35.54 hours, 1.48 days */ + 136781, /* 37.99 hours, 1.58 days */ + 146239, /* 40.62 hours, 1.69 days */ + 156350, /* 43.43 hours, 1.81 days */ + 167161, /* 46.43 hours, 1.93 days */ + 178720, /* 49.64 hours, 2.07 days */ + 191077, /* 53.08 hours, 2.21 days */ + 204289, /* 56.75 hours, 2.36 days */ + 218415, /* 60.67 hours, 2.53 days */ + 233517, /* 64.87 hours, 2.70 days */ + 249664, /* 69.35 hours, 2.89 days */ + 266926, /* 74.15 hours, 3.09 days */ + 285383, /* 79.27 hours, 3.30 days */ + 305116, /* 84.75 hours, 3.53 days */ + 326213, /* 90.61 hours, 3.78 days */ + 348769, /* 96.88 hours, 4.04 days */ + 372885, /* 103.58 hours, 4.32 days */ + 398668, /* 110.74 hours, 4.61 days */ + 426234, /* 118.40 hours, 4.93 days */ + 455705, /* 126.58 hours, 5.27 days */ + 487215, /* 135.34 hours, 5.64 days */ + 520904, /* 144.70 hours, 6.03 days */ + 556921, /* 154.70 hours, 6.45 days */ + 595430, /* 165.40 hours, 6.89 days */ + 636601, /* 176.83 hours, 7.37 days */ + 680618, /* 189.06 hours, 7.88 days */ + 727680, /* 202.13 hours, 8.42 days */ + 777995, /* 216.11 hours, 9.00 days */ + 831789, /* 231.05 hours, 9.63 days */ + 889303, /* 247.03 hours, 10.29 days */ + 950794, /* 264.11 hours, 11.00 days */ + 1016537, /* 282.37 hours, 11.77 days */ + 1086825, /* 301.90 hours, 12.58 days */ + 1161973, /* 322.77 hours, 13.45 days */ + 1242318, /* 345.09 hours, 14.38 days */ + 1328218, /* 368.95 hours, 15.37 days */ + 1420057, /* 394.46 hours, 16.44 days */ + 1518247, /* 421.74 hours, 17.57 days */ + 1623226, /* 450.90 hours, 18.79 days */ + 1735464, /* 482.07 hours, 20.09 days */ + 1855462, /* 515.41 hours, 21.48 days */ + 1983758, /* 551.04 hours, 22.96 days */ + 2120925, /* 589.15 hours, 24.55 days */ + 2267576, /* 629.88 hours, 26.25 days */ + 2424367, /* 673.44 hours, 28.06 days */ + 2592000}; /* 720.00 hours, 30.00 days */ + +/* + * krb_life_to_time - takes a start time and a Kerberos standard + * lifetime char and returns the corresponding end time. There are + * four simple cases to be handled. The first is a life of 0xff, + * meaning no expiration, and results in an end time of 0xffffffff. + * The second is when life is less than the values covered by the + * table. In this case, the end time is the start time plus the + * number of 5 minute intervals specified by life. The third case + * returns start plus the MAXTKTLIFETIME if life is greater than + * TKTLIFEMAXFIXED. The last case, uses the life value (minus + * TKTLIFEMINFIXED) as an index into the table to extract the lifetime + * in seconds, which is added to start to produce the end time. + */ +u_int32_t +krb_life_to_time(u_int32_t start, int life_) +{ + unsigned char life = (unsigned char) life_; + + if (krb_no_long_lifetimes) return start + life*5*60; + + if (life == TKTLIFENOEXPIRE) return NEVERDATE; + if (life < TKTLIFEMINFIXED) return start + life*5*60; + if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME; + return start + tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + +/* + * krb_time_to_life - takes start and end times for the ticket and + * returns a Kerberos standard lifetime char, possibily using the + * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the + * special case of (end == NEVERDATE) is handled to mean no + * expiration. Then negative lifetimes and those greater than the + * maximum ticket lifetime are rejected. Then lifetimes less than the + * first table entry are handled by rounding the requested lifetime + * *up* to the next 5 minute interval. The final step is to search + * the table for the smallest entry *greater than or equal* to the + * requested entry. + */ +int krb_time_to_life(u_int32_t start, u_int32_t end) +{ + int i; + long lifetime = end - start; + + if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60); + + if (end >= NEVERDATE) return TKTLIFENOEXPIRE; + if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0; + if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60); + for (i=0; i + +RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $"); + +struct krb_log_facility { + char filename[MaxPathLen]; + FILE *file; + krb_log_func_t func; +}; + +int +krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) +{ + FILE *file = NULL; + int ret; + + if (f->file != NULL) + file = f->file; + else if (f->filename && f->filename[0]) + file = fopen(f->filename, "a"); + + ret = f->func(file, format, args); + + if (file != f->file) + fclose(file); + return ret; +} + +int +krb_logger(struct krb_log_facility *f, const char *format, ...) +{ + va_list args; + int ret; + va_start(args, format); + ret = krb_vlogger(f, format, args); + va_end(args); + return ret; +} + +/* + * If FILE * is given log to it, otherwise, log to filename. When + * given a file name the file is opened and closed for each log + * record. + */ +int +krb_openlog(struct krb_log_facility *f, + char *filename, + FILE *file, + krb_log_func_t func) +{ + strcpy(f->filename, filename); + f->file = file; + f->func = func; + return KSUCCESS; +} + +/* ------------------------------------------------------------ + Compatibility functions from warning.c + ------------------------------------------------------------ */ + +static int +log_tty(FILE *f, const char *format, va_list args) +{ + if (f != NULL && isatty(fileno(f))) + vfprintf(f, format, args); + return KSUCCESS; +} + +/* stderr */ +static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty }; + +static void +init_std_log () +{ + static int done = 0; + + if (!done) { + std_log.file = stderr; + done = 1; + } +} + +/* + * + */ +void +krb_set_warnfn (krb_warnfn_t newfunc) +{ + init_std_log (); + std_log.func = newfunc; +} + +/* + * + */ +krb_warnfn_t +krb_get_warnfn (void) +{ + init_std_log (); + return std_log.func; +} + +/* + * Log warnings to stderr if it's a tty. + */ +void +krb_warning (const char *format, ...) +{ + va_list args; + + init_std_log (); + va_start(args, format); + krb_vlogger(&std_log, format, args); + va_end(args); +} + +/* ------------------------------------------------------------ + Compatibility functions from klog.c and log.c + ------------------------------------------------------------ */ + +/* + * Used by kerberos and kadmind daemons and in libkrb (rd_req.c). + * + * By default they log to the kerberos server log-file (KRBLOG) to be + * backwards compatible. + */ + +static int +log_with_timestamp_and_nl(FILE *file, const char *format, va_list args) +{ + time_t now; + if(file == NULL) + return KFAILURE; + time(&now); + fputs(krb_stime(&now), file); + fputs(": ", file); + vfprintf(file, format, args); + fputs("\n", file); + fflush(file); + return KSUCCESS; +} + +static struct krb_log_facility +file_log = { KRBLOG, NULL, log_with_timestamp_and_nl }; + +/* + * kset_logfile() changes the name of the file to which + * messages are logged. If kset_logfile() is not called, + * the logfile defaults to KRBLOG, defined in "krb.h". + */ + +void +kset_logfile(char *filename) +{ + krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl); +} + +/* + * krb_log() and klog() is used to add entries to the logfile. + * + * The log entry consists of a timestamp and the given arguments + * printed according to the given "format" string. + * + * The log file is opened and closed for each log entry. + * + * If the given log type "type" is unknown, or if the log file + * cannot be opened, no entry is made to the log file. + * + * CHANGE: the type is always ignored + * + * The return value of klog() is always a pointer to the formatted log + * text string "logtxt". + */ + +/* Used in kerberos.c only. */ +char * +klog(int type, const char *format, ...) +{ + static char logtxt[1024]; + + va_list ap; + + va_start(ap, format); + vsnprintf(logtxt, sizeof(logtxt), format, ap); + va_end(ap); + + krb_logger(&file_log, "%s", logtxt); + + return logtxt; +} + +/* Used in kadmind and rd_req.c */ +void +krb_log(const char *format, ...) +{ + va_list args; + + va_start(args, format); + krb_vlogger(&file_log, format, args); + va_end(args); +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c new file mode 100644 index 0000000..bc3c484 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $"); + +#include "lsb_addr_comp.h" + +int +krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) +{ + int i; + u_int32_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +int +krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) +{ + int i; + u_int16_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +u_int32_t +lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) +{ + /* + * direction bit is the sign bit of the timestamp. Ok until + * 2038?? + */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ + dst->sin_addr.s_addr) < 0) + t = -t; + else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, + dst->sin_addr.s_addr)==0) + if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) + t = -t; + /* + * all that for one tiny bit! Heaven help those that talk to + * themselves. + */ + t = t & 0xffffffff; + return t; +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.h b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h new file mode 100644 index 0000000..21adf06 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h @@ -0,0 +1,26 @@ +/* + * $Id: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Comparison macros to emulate LSBFIRST comparison results of network + * byte-order quantities + */ + +#ifndef LSB_ADDR_COMP_DEFS +#define LSB_ADDR_COMP_DEFS + +/* Compare x and y in VAX byte order, result is -1, 0 or 1. */ + +#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y)) + +#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y)) + +int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y); +int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y); +u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst); + +#endif /* LSB_ADDR_COMP_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c new file mode 100644 index 0000000..7cfb36b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_auth.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $"); + +/* + * Generate an authenticator for service.instance@realm. + * instance is canonicalized by `krb_get_phost' + * realm is set to the local realm if realm == NULL + * The ticket acquired by `krb_mk_req' is returned in `ticket' and the + * authenticator in `buf'. + * Options control the behaviour (see krb_sendauth). + */ + +int +krb_mk_auth(int32_t options, + KTEXT ticket, + char *service, + char *instance, + char *realm, + u_int32_t checksum, + char *version, + KTEXT buf) +{ + char realinst[INST_SZ]; + char realrealm[REALM_SZ]; + int ret; + unsigned char *p; + + if (options & KOPT_DONT_CANON) + strncpy(realinst, instance, sizeof(realinst)); + else + strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + + if(!(options & KOPT_DONT_MK_REQ)) { + ret = krb_mk_req (ticket, service, realinst, realm, checksum); + if (ret != KSUCCESS) + return ret; + } + + p = buf->dat; + + memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + memcpy (p, version, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + p += krb_put_int(ticket->length, p, 4); + memcpy(p, ticket->dat, ticket->length); + p += ticket->length; + buf->length = p - buf->dat; + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c new file mode 100644 index 0000000..710587a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_err.c @@ -0,0 +1,56 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $"); + +/* + * This routine creates a general purpose error reply message. It + * doesn't use KTEXT because application protocol may have long + * messages, and may want this part of buffer contiguous to other + * stuff. + * + * The error reply is built in "p", using the error code "e" and + * error text "e_string" given. The length of the error reply is + * returned. + * + * The error reply is in the following format: + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_ERR message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte order + * 4 bytes e given error code + * string e_string given error text + */ + +int32_t +krb_mk_err(u_char *p, int32_t e, char *e_string) +{ + unsigned char *start = p; + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1); + + p += krb_put_int(e, p, 4); + p += krb_put_string(e_string, p); + return p - start; +} diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c new file mode 100644 index 0000000..b6a9cc4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_priv.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes + * some user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address. + * The packet is encrypted by pcbc_encrypt(), using the given + * "key" and "schedule". + * The length of the resulting packet "out" is + * returned. + * + * It is similar to krb_mk_safe() except for the additional key + * schedule argument "schedule" and the fact that the data is encrypted + * rather than appended with a checksum. The protocol version is + * KRB_PROT_VERSION, defined in "krb.h". + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_PRIVATE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * 4 bytes c_length length of data + * we encrypt from here with pcbc_encrypt + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * 0<=n<=7 bytes pad to 8 byte multiple zeroes + */ + +int32_t +krb_mk_priv(void *in, void *out, u_int32_t length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char *p = (unsigned char*)out; + unsigned char *cipher; + + struct timeval tv; + u_int32_t src_addr; + u_int32_t len; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); + + len = 4 + length + 1 + 4 + 4; + len = (len + 7) & ~7; + p += krb_put_int(len, p, 4); + + cipher = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ =tv.tv_usec / 5000; + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + memset(p, 0, 7); + + des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, + len, schedule, key, DES_ENCRYPT); + + return (cipher - (unsigned char*)out) + len; +} diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c new file mode 100644 index 0000000..313ea04 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_req.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $"); + +static int lifetime = 255; /* But no longer than TGT says. */ + + +static void +build_request(KTEXT req, char *name, char *inst, char *realm, + u_int32_t checksum) +{ + struct timeval tv; + unsigned char *p = req->dat; + + p += krb_put_nir(name, inst, realm, p); + + p += krb_put_int(checksum, p, 4); + + + /* Fill in the times on the request id */ + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec / 5000; /* 5ms */ + + p += krb_put_int(tv.tv_sec, p, 4); + + /* Fill to a multiple of 8 bytes for DES */ + req->length = ((p - req->dat + 7)/8) * 8; +} + + +/* + * krb_mk_req takes a text structure in which an authenticator is to + * be built, the name of a service, an instance, a realm, + * and a checksum. It then retrieves a ticket for + * the desired service and creates an authenticator in the text + * structure passed as the first argument. krb_mk_req returns + * KSUCCESS on success and a Kerberos error code on failure. + * + * The peer procedure on the other end is krb_rd_req. When making + * any changes to this routine it is important to make corresponding + * changes to krb_rd_req. + * + * The authenticator consists of the following: + * + * authent->dat + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_REQUEST message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte ordering + * unsigned char kvno from ticket server's key version + * string realm server's realm + * unsigned char tl ticket length + * unsigned char idl request id length + * text ticket->dat ticket for server + * text req_id->dat request id + * + * The ticket information is retrieved from the ticket cache or + * fetched from Kerberos. The request id (called the "authenticator" + * in the papers on Kerberos) contains the following: + * + * req_id->dat + * + * string cr.pname {name, instance, and + * string cr.pinst realm of principal + * string myrealm making this request} + * 4 bytes checksum checksum argument given + * unsigned char tv_local.tf_usec time (milliseconds) + * 4 bytes tv_local.tv_sec time (seconds) + * + * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, + * all rounded up to multiple of 8. + */ + +int +krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, + int32_t checksum) +{ + KTEXT_ST req_st; + KTEXT req_id = &req_st; + + CREDENTIALS cr; /* Credentials used by retr */ + KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ + int retval; /* Returned by krb_get_cred */ + + char myrealm[REALM_SZ]; + + unsigned char *p = authent->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + + p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1); + + /* Get the ticket and move it into the authenticator */ + if (krb_ap_req_debug) + krb_warning("Realm: %s\n", realm); + + retval = krb_get_cred(service,instance,realm,&cr); + + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval == KSUCCESS) + retval = krb_get_cred(service, instance, realm, &cr); + } + + if (retval != KSUCCESS) + return retval; + + + /* + * With multi realm ticket files either find a matching TGT or + * else use the first TGT for inter-realm authentication. + * + * In myrealm hold the realm of the principal "owning" the + * corresponding ticket-granting-ticket. + */ + + retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); + if (retval == KSUCCESS) + strncpy(myrealm, realm, REALM_SZ); + else + retval = krb_get_tf_realm(TKT_FILE, myrealm); + + if (retval != KSUCCESS) + return retval; + + if (krb_ap_req_debug) + krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, + cr.pname, cr.pinst, myrealm); + + p += krb_put_int(cr.kvno, p, 1); + + p += krb_put_string(realm, p); + + p += krb_put_int(ticket->length, p, 1); + + build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + + encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); + + p += krb_put_int(req_id->length, p, 1); + + memcpy(p, ticket->dat, ticket->length); + + p += ticket->length; + + memcpy(p, req_id->dat, req_id->length); + + p += req_id->length; + + authent->length = p - authent->dat; + + memset(&cr, 0, sizeof(cr)); + memset(&req_st, 0, sizeof(req_st)); + + if (krb_ap_req_debug) + krb_warning("Authent->length = %d\n", authent->length); + + return KSUCCESS; +} + +/* + * krb_set_lifetime sets the default lifetime for additional tickets + * obtained via krb_mk_req(). + * + * It returns the previous value of the default lifetime. + */ + +int +krb_set_lifetime(int newval) +{ + int olife = lifetime; + + lifetime = newval; + return(olife); +} diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c new file mode 100644 index 0000000..df5ca21 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + + +/* from rd_safe.c */ +extern int dqc_type; +void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); + +/* + * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some + * user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address, followed by a checksum computed on the above, using the + * given "key". The length of the resulting packet is returned. + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_SAFE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * ===================== begin checksum ================================ + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * ======================= end checksum ================================ + * + * 16 bytes big_cksum quadratic checksum of + * above using "key" + */ + +int32_t +krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char * p = (unsigned char*)out; + struct timeval tv; + unsigned char *start; + u_int32_t src_addr; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_SAFE, p, 1); + + start = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec/5000; /* 5ms */ + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + { + /* We are faking big endian mode, so we need to fix the + * checksum (that is byte order dependent). We always send a + * checksum of the new type, unless we know that we are + * talking to an old client (this requires a call to + * krb_rd_safe first). + */ + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); + + if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || + dqc_type == DES_QUAD_OLD) + memcpy(p, old_checksum, 16); + else + memcpy(p, new_checksum, 16); + } + p += 16; + + return p - (unsigned char*)out; +} diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c new file mode 100644 index 0000000..aaceee5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/month_sname.c @@ -0,0 +1,39 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $"); + +/* + * Given an integer 1-12, month_sname() returns a string + * containing the first three letters of the corresponding + * month. Returns 0 if the argument is out of range. + */ + +const char *month_sname(int n) +{ + static const char *name[] = { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + return((n < 1 || n > 12) ? 0 : name [n-1]); +} diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c new file mode 100644 index 0000000..fa95b89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/name2name.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $"); + +/* convert host to a more fully qualified domain name, returns 0 if + * phost is the same as host, 1 otherwise. phost should be + * phost_size bytes long. + */ + +int +krb_name_to_name(const char *host, char *phost, size_t phost_size) +{ + struct hostent *hp; + struct in_addr adr; + const char *tmp; + + adr.s_addr = inet_addr(host); + hp = gethostbyname(host); + if (hp == NULL && adr.s_addr != INADDR_NONE) + hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); + if (hp == NULL) + tmp = host; + else + tmp = hp->h_name; + strncpy (phost, tmp, phost_size); + phost[phost_size - 1] = '\0'; + + if (strcmp(phost, host) == 0) + return 0; + else + return 1; +} + +/* lowercase and truncate */ + +void +k_ricercar(char *name) +{ + char *p = name; + while(*p && *p != '.'){ + if(isupper(*p)) + *p = tolower(*p); + p++; + } + if(*p == '.') + *p = 0; +} + +/* + * This routine takes an alias for a host name and returns the first + * field, in lower case, of its domain name. + * + * Example: "fOo.BAR.com" -> "foo" + */ + +char * +krb_get_phost(const char *alias) +{ + static char phost[MaxHostNameLen+1]; + + krb_name_to_name(alias, phost, sizeof(phost)); + k_ricercar(phost); + return phost; +} diff --git a/crypto/kerberosIV/lib/krb/netread.c b/crypto/kerberosIV/lib/krb/netread.c new file mode 100644 index 0000000..cbc1bd1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netread.c @@ -0,0 +1,55 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netread.c,v 1.6 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_read() reads from the file descriptor "fd" to the buffer + * "buf", until either 1) "len" bytes have been read or 2) cannot + * read anymore from "fd". It returns the number of bytes read + * or a read() error. (The calling interface is identical to + * read(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_read (int fd, void *v, size_t len) +{ + int cc, len2 = 0; + char *buf = v; + + do { + cc = read(fd, buf, len); + if (cc < 0) + return(cc); /* errno is already set */ + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } + } while (len > 0); + return(len2); +} diff --git a/crypto/kerberosIV/lib/krb/netwrite.c b/crypto/kerberosIV/lib/krb/netwrite.c new file mode 100644 index 0000000..0703d91 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netwrite.c @@ -0,0 +1,52 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netwrite.c,v 1.7 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_write() writes "len" bytes from "buf" to the file + * descriptor "fd". It returns the number of bytes written or + * a write() error. (The calling interface is identical to + * write(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_write(int fd, const void *v, size_t len) +{ + int cc; + int wrlen = len; + const char *buf = (const char*)v; + + do { + cc = write(fd, buf, wrlen); + if (cc < 0) + return(cc); + else { + buf += cc; + wrlen -= cc; + } + } while (wrlen > 0); + return(len); +} diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c new file mode 100644 index 0000000..d43b284 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/one.c @@ -0,0 +1,27 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. M.I.T. makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + */ + +/* + * definition of variable set to 1. + * used in krb_conf.h to determine host byte order. + */ + +int krbONE = 1; diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c new file mode 100644 index 0000000..1184330 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/parse_name.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $"); + +int +krb_parse_name(const char *fullname, krb_principal *principal) +{ + const char *p; + char *ns, *np; + enum {n, i, r} pos = n; + int quote = 0; + ns = np = principal->name; + + principal->name[0] = 0; + principal->instance[0] = 0; + principal->realm[0] = 0; + + for(p = fullname; *p; p++){ + if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ + return KNAME_FMT; + if(quote){ + *np++ = *p; + quote = 0; + continue; + } + if(*p == '\\') + quote = 1; + else if(*p == '.' && pos == n){ + *np = 0; + ns = np = principal->instance; + pos = i; + }else if(*p == '@' && (pos == n || pos == i)){ + *np = 0; + ns = np = principal->realm; + pos = r; + }else + *np++ = *p; + } + *np = 0; + if(quote || principal->name[0] == 0) + return KNAME_FMT; + return KSUCCESS; +} + +int +kname_parse(char *np, char *ip, char *rp, char *fullname) +{ + krb_principal p; + int ret; + if((ret = krb_parse_name(fullname, &p)) == 0){ + strcpy(np, p.name); + strcpy(ip, p.instance); + if(p.realm[0]) + strcpy(rp, p.realm); + } + return ret; +} +/* + * k_isname() returns 1 if the given name is a syntactically legitimate + * Kerberos name; returns 0 if it's not. + */ + +int +k_isname(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > ANAME_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': + return 0; + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + + +/* + * k_isinst() returns 1 if the given name is a syntactically legitimate + * Kerberos instance; returns 0 if it's not. + */ + +int +k_isinst(char *s) +{ + char c; + int backslash = 0; + + if (strlen(s) > INST_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': +#if INSTANCE_DOTS_OK + break; +#else /* INSTANCE_DOTS_OK */ + return 0; +#endif /* INSTANCE_DOTS_OK */ + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + +/* + * k_isrealm() returns 1 if the given name is a syntactically legitimate + * Kerberos realm; returns 0 if it's not. + */ + +int +k_isrealm(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > REALM_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '@': + return 0; + /* break; */ + } + } + return 1; +} diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h new file mode 100644 index 0000000..e4825e1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/prot.h @@ -0,0 +1,105 @@ +/* + * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Include file with authentication protocol information. + */ + +#ifndef PROT_DEFS +#define PROT_DEFS + +#define KRB_SERVICE "kerberos-iv" +#define KRB_PORT 750 /* PC's don't have + * /etc/services */ +#define KRB_PROT_VERSION 4 +#define MAX_PKT_LEN 1000 +#define MAX_TXT_LEN 1000 + +/* Macro's to obtain various fields from a packet */ + +#define pkt_version(packet) (unsigned int) *(packet->dat) +#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) +#define pkt_a_name(packet) (packet->dat+2) +#define pkt_a_inst(packet) \ + (packet->dat+3+strlen((char *)pkt_a_name(packet))) +#define pkt_a_realm(packet) \ + (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) + +/* Macro to obtain realm from application request */ +#define apreq_realm(auth) (auth->dat + 3) + +#define pkt_time_ws(packet) (char *) \ + (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +#define pkt_no_req(packet) (unsigned short) \ + *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_x_date(packet) (char *) \ + (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_err_code(packet) ( (char *) \ + (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet)))) +#define pkt_err_text(packet) \ + (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +/* Routines to create and read packets may be found in prot.c */ + +KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, + int32_t time_ws, int n, u_int32_t x_date, + int kvno, KTEXT cipher); +#ifdef DEBUG +KTEXT krb_create_death_packet(char *a_name); +#endif + +/* Message types , always leave lsb for byte order */ + +#define AUTH_MSG_KDC_REQUEST 1<<1 +#define AUTH_MSG_KDC_REPLY 2<<1 +#define AUTH_MSG_APPL_REQUEST 3<<1 +#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 +#define AUTH_MSG_ERR_REPLY 5<<1 +#define AUTH_MSG_PRIVATE 6<<1 +#define AUTH_MSG_SAFE 7<<1 +#define AUTH_MSG_APPL_ERR 8<<1 +#define AUTH_MSG_KDC_FORWARD 9<<1 +#define AUTH_MSG_KDC_RENEW 10<<1 +#define AUTH_MSG_DIE 63<<1 + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 +#define KERB_ERR_TIMEOUT 11 + +/* sendauth - recvauth */ + +/* + * If the protocol changes, you will need to change the version string + * be sure to support old versions of krb_sendauth! + */ + +#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ + +#endif /* PROT_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c new file mode 100644 index 0000000..3382eab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_err.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); + +/* + * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", + * return the error code from the message in "code" and the text in + * "m_data" as follows: + * + * m_data->app_data points to the error text + * m_data->app_length points to the length of the error text + * + * If all goes well, return RD_AP_OK. If the version number + * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR + * type message, return RD_AP_MSG_TYPE. + * + * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c + */ + +int +krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + + unsigned char pvno, type; + int little_endian; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_ERR) + return RD_AP_MSG_TYPE; + + p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian); + + m_data->app_data = p; + m_data->app_length = in_length; /* XXX is this correct? */ + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c new file mode 100644 index 0000000..58ecd9f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_priv.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_rd_priv() decrypts and checks the integrity of an + * AUTH_MSG_PRIVATE message. Given the message received, "in", + * the length of that message, "in_length", the key "schedule" + * and "key", and the network addresses of the + * "sender" and "receiver" of the message, krb_rd_safe() returns + * RD_AP_OK if the message is okay, otherwise some error code. + * + * The message data retrieved from "in" are returned in the structure + * "m_data". The pointer to the application data + * (m_data->app_data) refers back to the appropriate place in "in". + * + * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_priv(void *in, u_int32_t in_length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + int little_endian; + u_int32_t clen; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + unsigned char pvno, type; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + p += krb_get_int(p, &clen, 4, little_endian); + + if(clen + 2 > in_length) + return RD_AP_MODIFIED; + + des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, + schedule, key, DES_DECRYPT); + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + if(m_data->app_length + 17 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + /* check the time integrity of the msg */ + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) + return RD_AP_TIME; + if (krb_debug) + krb_warning("\ndelta_t = %d", (int) delta_t); + + /* + * caller must check timestamps for proper order and + * replays, since server might have multiple clients + * each with its own timestamps and we don't assume + * tightly synchronized clocks. + */ + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c new file mode 100644 index 0000000..1a3e848 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $"); + +static struct timeval t_local = { 0, 0 }; + +/* + * Keep the following information around for subsequent calls + * to this routine by the same server using the same key. + */ + +static des_key_schedule serv_key; /* Key sched to decrypt ticket */ +static des_cblock ky; /* Initialization vector */ +static int st_kvno; /* version number for this key */ +static char st_rlm[REALM_SZ]; /* server's realm */ +static char st_nam[ANAME_SZ]; /* service name */ +static char st_inst[INST_SZ]; /* server's instance */ + +/* + * This file contains two functions. krb_set_key() takes a DES + * key or password string and returns a DES key (either the original + * key, or the password converted into a DES key) and a key schedule + * for it. + * + * krb_rd_req() reads an authentication request and returns information + * about the identity of the requestor, or an indication that the + * identity information was not authentic. + */ + +/* + * krb_set_key() takes as its first argument either a DES key or a + * password string. The "cvt" argument indicates how the first + * argument "key" is to be interpreted: if "cvt" is null, "key" is + * taken to be a DES key; if "cvt" is non-null, "key" is taken to + * be a password string, and is converted into a DES key using + * string_to_key(). In either case, the resulting key is returned + * in the external static variable "ky". A key schedule is + * generated for "ky" and returned in the external static variable + * "serv_key". + * + * This routine returns the return value of des_key_sched. + * + * krb_set_key() needs to be in the same .o file as krb_rd_req() so that + * the key set by krb_set_key() is available in private storage for + * krb_rd_req(). + */ + +int +krb_set_key(void *key, int cvt) +{ +#ifdef NOENCRYPTION + memset(ky, 0, sizeof(ky)); + return KSUCCESS; +#else /* Encrypt */ + if (cvt) + des_string_to_key((char*)key, &ky); + else + memcpy((char*)ky, key, 8); + return(des_key_sched(&ky, serv_key)); +#endif /* NOENCRYPTION */ +} + + +/* + * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or + * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), + * checks its integrity and returns a judgement as to the requestor's + * identity. + * + * The "authent" argument is a pointer to the received message. + * The "service" and "instance" arguments name the receiving server, + * and are used to get the service's ticket to decrypt the ticket + * in the message, and to compare against the server name inside the + * ticket. "from_addr" is the network address of the host from which + * the message was received; this is checked against the network + * address in the ticket. If "from_addr" is zero, the check is not + * performed. "ad" is an AUTH_DAT structure which is + * filled in with information about the sender's identity according + * to the authenticator and ticket sent in the message. Finally, + * "fn" contains the name of the file containing the server's key. + * (If "fn" is NULL, the server's key is assumed to have been set + * by krb_set_key(). If "fn" is the null string ("") the default + * file KEYFILE, defined in "krb.h", is used.) + * + * krb_rd_req() returns RD_AP_OK if the authentication information + * was genuine, or one of the following error codes (defined in + * "krb.h"): + * + * RD_AP_VERSION - wrong protocol version number + * RD_AP_MSG_TYPE - wrong message type + * RD_AP_UNDEC - couldn't decipher the message + * RD_AP_INCON - inconsistencies found + * RD_AP_BADD - wrong network address + * RD_AP_TIME - client time (in authenticator) + * too far off server time + * RD_AP_NYV - Kerberos time (in ticket) too + * far off server time + * RD_AP_EXP - ticket expired + * + * For the message format, see krb_mk_req(). + * + * Mutual authentication is not implemented. + */ + +int +krb_rd_req(KTEXT authent, /* The received message */ + char *service, /* Service name */ + char *instance, /* Service instance */ + int32_t from_addr, /* Net address of originating host */ + AUTH_DAT *ad, /* Structure to be filled in */ + char *fn) /* Filename to get keys from */ +{ + static KTEXT_ST ticket; /* Temp storage for ticket */ + static KTEXT tkt = &ticket; + static KTEXT_ST req_id_st; /* Temp storage for authenticator */ + KTEXT req_id = &req_id_st; + + char realm[REALM_SZ]; /* Realm of issuing kerberos */ + + unsigned char skey[KKEY_SZ]; /* Session key from ticket */ + char sname[SNAME_SZ]; /* Service name from ticket */ + char iname[INST_SZ]; /* Instance name from ticket */ + char r_aname[ANAME_SZ]; /* Client name from authenticator */ + char r_inst[INST_SZ]; /* Client instance from authenticator */ + char r_realm[REALM_SZ]; /* Client realm from authenticator */ + u_int32_t r_time_sec; /* Coarse time from authenticator */ + unsigned long delta_t; /* Time in authenticator - local time */ + long tkt_age; /* Age of ticket */ + static unsigned char s_kvno;/* Version number of the server's key + * Kerberos used to encrypt ticket */ + + struct timeval tv; + int status; + + int pvno; + int type; + int little_endian; + + unsigned char *p; + + if (authent->length <= 0) + return(RD_AP_MODIFIED); + + p = authent->dat; + + /* get msg version, type and byte order, and server key version */ + + pvno = *p++; + + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) + return RD_AP_MSG_TYPE; + + s_kvno = *p++; + + p += krb_get_string(p, realm); + + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || + strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service, instance, realm, s_kvno, + fn, (char *)skey)) + return(RD_AP_UNDEC); + if ((status = krb_set_key((char*)skey, 0))) + return(status); + strcpy(st_rlm, realm); + strcpy(st_nam, service); + strcpy(st_inst, instance); + } + + tkt->length = *p++; + + req_id->length = *p++; + + if(tkt->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(tkt->dat, p, tkt->length); + p += tkt->length; + + if (krb_ap_req_debug) + krb_log("ticket->length: %d",tkt->length); + + /* Decrypt and take apart ticket */ + if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, + &ad->address, ad->session, &ad->life, + &ad->time_sec, sname, iname, &ky, serv_key)) + return RD_AP_UNDEC; + + if (krb_ap_req_debug) { + krb_log("Ticket Contents."); + krb_log(" Aname: %s.%s",ad->pname, ad->prealm); + krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL)); + } + + /* Extract the authenticator */ + + if(req_id->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(req_id->dat, p, req_id->length); + p = req_id->dat; + +#ifndef NOENCRYPTION + /* And decrypt it with the session key from the ticket */ + if (krb_ap_req_debug) krb_log("About to decrypt authenticator"); + + encrypt_ktext(req_id, &ad->session, DES_DECRYPT); + + if (krb_ap_req_debug) krb_log("Done."); +#endif /* NOENCRYPTION */ + + /* cast req_id->length to int? */ +#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); + + p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ + + p += krb_get_int(p, &ad->checksum, 4, little_endian); + + p++; /* time_5ms is not used */ + + p += krb_get_int(p, &r_time_sec, 4, little_endian); + + /* Check for authenticity of the request */ + if (krb_ap_req_debug) + krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, + r_aname, r_inst, r_realm); + if (strcmp(ad->pname, r_aname) != 0 || + strcmp(ad->pinst, r_inst) != 0 || + strcmp(ad->prealm, r_realm) != 0) + return RD_AP_INCON; + + if (krb_ap_req_debug) + krb_log("Address: %x %x", ad->address, from_addr); + + if (from_addr && (!krb_equiv(ad->address, from_addr))) + return RD_AP_BADD; + + gettimeofday(&tv, NULL); + delta_t = abs((int)(tv.tv_sec - r_time_sec)); + if (delta_t > CLOCK_SKEW) { + if (krb_ap_req_debug) + krb_log("Time out of range: %lu - %lu = %lu", + (unsigned long)t_local.tv_sec, + (unsigned long)r_time_sec, + (unsigned long)delta_t); + return RD_AP_TIME; + } + + /* Now check for expiration of ticket */ + + tkt_age = tv.tv_sec - ad->time_sec; + if (krb_ap_req_debug) + krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x", + (long)tv.tv_sec, + (unsigned long)ad->time_sec, + tkt_age, + ad->life); + + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) + return RD_AP_NYV; + + if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life)) + return RD_AP_EXP; + + /* All seems OK */ + ad->reply.length = 0; + + return(RD_AP_OK); +} diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c new file mode 100644 index 0000000..8471df0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* Generate two checksums in the given byteorder of the data, one + * new-form and one old-form. It has to be done this way to be + * compatible with the old version of des_quad_cksum. + */ + +/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ +int dqc_type = DES_QUAD_DEFAULT; + +void +fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little) +{ + des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); + if(HOST_BYTE_ORDER){ + if(little){ + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t *tmp = (u_int32_t*)new_checksum; + memcpy(old_checksum, new_checksum, 16); + swap_u_16(old_checksum); + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + } + }else{ + if(little){ + u_int32_t *tmp = (u_int32_t*)new_checksum; + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t tmp[4]; + tmp[0] = ((u_int32_t*)new_checksum)[3]; + tmp[1] = ((u_int32_t*)new_checksum)[2]; + tmp[2] = ((u_int32_t*)new_checksum)[1]; + tmp[3] = ((u_int32_t*)new_checksum)[0]; + memcpy(old_checksum, tmp, 16); + } + } +} + +/* + * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. + * Given the message received, "in", the length of that message, + * "in_length", the "key" to compute the checksum with, and the + * network addresses of the "sender" and "receiver" of the message, + * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise + * some error code. + * + * The message data retrieved from "in" is returned in the structure + * "m_data". The pointer to the application data (m_data->app_data) + * refers back to the appropriate place in "in". + * + * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in, *start; + + unsigned char pvno, type; + int little_endian; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + if(type != AUTH_MSG_SAFE) + return RD_AP_MSG_TYPE; + + start = p; + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + + if(m_data->app_length + 31 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) return RD_AP_TIME; + + /* + * caller must check timestamps for proper order and replays, since + * server might have multiple clients each with its own timestamps + * and we don't assume tightly synchronized clocks. + */ + + { + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, + new_checksum, old_checksum, little_endian); + if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && + memcmp(new_checksum, p, 16) == 0) + dqc_type = DES_QUAD_NEW; + else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && + memcmp(old_checksum, p, 16) == 0) + dqc_type = DES_QUAD_OLD; + else + return RD_AP_MODIFIED; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c new file mode 100644 index 0000000..6de5db2 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/read_service_key.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $"); + +/* + * The private keys for servers on a given host are stored in a + * "srvtab" file (typically "/etc/srvtab"). This routine extracts + * a given server's key from the file. + * + * read_service_key() takes the server's name ("service"), "instance", + * and "realm" and a key version number "kvno", and looks in the given + * "file" for the corresponding entry, and if found, returns the entry's + * key field in "key". + * + * If "instance" contains the string "*", then it will match + * any instance, and the chosen instance will be copied to that + * string. For this reason it is important that the there is enough + * space beyond the "*" to receive the entry. + * + * If "kvno" is 0, it is treated as a wild card and the first + * matching entry regardless of the "vno" field is returned. + * + * This routine returns KSUCCESS on success, otherwise KFAILURE. + * + * The format of each "srvtab" entry is as follows: + * + * Size Variable Field in file + * ---- -------- ------------- + * string serv server name + * string inst server instance + * string realm server realm + * 1 byte vno server key version # + * 8 bytes key server's key + * ... ... ... + */ + + +int +read_service_key(char *service, /* Service Name */ + char *instance, /* Instance name or "*" */ + char *realm, /* Realm */ + int kvno, /* Key version number */ + char *file, /* Filename */ + char *key) /* Pointer to key to be filled in */ +{ + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char vno; /* Key version number */ + int wcard; + + int stab; + + if ((stab = open(file, O_RDONLY, 0)) < 0) + return(KFAILURE); + + wcard = (instance[0] == '*') && (instance[1] == '\0'); + + while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ + getst(stab,inst,INST_SZ); /* Instance */ + getst(stab,rlm,REALM_SZ); /* Realm */ + /* Vers number */ + if (read(stab, &vno, 1) != 1) { + close(stab); + return(KFAILURE); + } + /* Key */ + if (read(stab,key,8) != 8) { + close(stab); + return(KFAILURE); + } + /* Is this the right service */ + if (strcmp(serv,service)) + continue; + /* How about instance */ + if (!wcard && strcmp(inst,instance)) + continue; + if (wcard) + strncpy(instance,inst,INST_SZ); + /* Is this the right realm */ + if (strcmp(rlm,realm)) + continue; + + /* How about the key version number */ + if (kvno && kvno != (int) vno) + continue; + + close(stab); + return(KSUCCESS); + } + + /* Can't find the requested service */ + close(stab); + return(KFAILURE); +} diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c new file mode 100644 index 0000000..2ce852a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/realm_parse.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $"); + +static int +realm_parse(char *realm, int length, const char *file) +{ + FILE *F; + char tr[128]; + char *p; + + if ((F = fopen(file,"r")) == NULL) + return -1; + + while(fgets(tr, sizeof(tr), F)){ + char *unused = NULL; + p = strtok_r(tr, " \t\n\r", &unused); + if(p && strcasecmp(p, realm) == 0){ + fclose(F); + strncpy(realm, p, length); + return 0; + } + } + fclose(F); + return -1; +} + +static const char *const files[] = KRB_CNF_FILES; + +int +krb_realm_parse(char *realm, int length) +{ + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (realm_parse(realm, length, fname) == 0) + return 0; + } + + for (i = 0; files[i] != NULL; i++) + if (realm_parse(realm, length, files[i]) == 0) + return 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c new file mode 100644 index 0000000..6c96897 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/recvauth.c @@ -0,0 +1,190 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $"); + +/* + * krb_recvauth() reads (and optionally responds to) a message sent + * using krb_sendauth(). The "options" argument is a bit-field of + * selected options (see "sendauth.c" for options description). + * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL + * (mutual authentication requested). The "fd" argument supplies + * a file descriptor to read from (and write to, if mutual authenti- + * cation is requested). + * + * Part of the received message will be a Kerberos ticket sent by the + * client; this is read into the "ticket" argument. The "service" and + * "instance" arguments supply the server's Kerberos name. If the + * "instance" argument is the string "*", it is treated as a wild card + * and filled in during the krb_rd_req() call (see read_service_key()). + * + * The "faddr" and "laddr" give the sending (client) and receiving + * (local server) network addresses. ("laddr" may be left NULL unless + * mutual authentication is requested, in which case it must be set.) + * + * The authentication information extracted from the message is returned + * in "kdata". The "filename" argument indicates the file where the + * server's key can be found. (It is passed on to krb_rd_req().) If + * left null, the default "/etc/srvtab" will be used. + * + * If mutual authentication is requested, the session key schedule must + * be computed in order to reply; this schedule is returned in the + * "schedule" argument. A string containing the application version + * number from the received message is returned in "version", which + * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. + * + * See krb_sendauth() for the format of the received client message. + * + * krb_recvauth() first reads the protocol version string from the + * given file descriptor. If it doesn't match the current protocol + * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In + * that case, the string of characters up to the first space is read + * and interpreted as the ticket length, then the ticket is read. + * + * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() + * next reads the application protocol version string. Then the + * ticket length and ticket itself are read. + * + * The ticket is decrypted and checked by the call to krb_rd_req(). + * If no mutual authentication is required, the result of the + * krb_rd_req() call is retured by this routine. If mutual authenti- + * cation is required, a message in the following format is returned + * on "fd": + * + * Size Variable Field + * ---- -------- ----- + * + * 4 bytes tkt_len length of ticket or -1 + * if error occurred + * + * priv_len tmp_buf "private" message created + * by krb_mk_priv() which + * contains the incremented + * checksum sent by the client + * encrypted in the session + * key. (This field is not + * present in case of error.) + * + * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some + * other error code is returned. + */ + +static int +send_error_reply(int fd) +{ + unsigned char tmp[4] = { 255, 255, 255, 255 }; + if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp)) + return -1; + return 0; +} + +int +krb_recvauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descr. to read from */ + KTEXT ticket, /* storage for client's ticket */ + char *service, /* service expected */ + char *instance, /* inst expected (may be filled in) */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + struct sockaddr_in *laddr, /* local address */ + AUTH_DAT *kdata, /* kerberos data (returned) */ + char *filename, /* name of file with service keys */ + struct des_ks_struct *schedule, /* key schedule (return) */ + char *version) /* version string (filled in) */ +{ + int cc; + char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ + int rem; + int32_t priv_len; + u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + + /* read the protocol version number */ + if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + krb_vers[KRB_SENDAUTH_VLEN] = '\0'; + + /* read the application version string */ + if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + version[KRB_SENDAUTH_VLEN] = '\0'; + + /* get the length of the ticket */ + { + char tmp[4]; + if (krb_net_read(fd, tmp, 4) != 4) + return -1; + krb_get_int(tmp, &ticket->length, 4, 0); + } + + /* sanity check */ + if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) { + if (options & KOPT_DO_MUTUAL) { + if(send_error_reply(fd)) + return -1; + return KFAILURE; + } else + return KFAILURE; /* XXX there may still be junk on the fd? */ + } + + /* read the ticket */ + if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length) + return -1; + /* + * now have the ticket. decrypt it to get the authenticated + * data. + */ + rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr, + kdata, filename); + + /* if we are doing mutual auth, compose a response */ + if (options & KOPT_DO_MUTUAL) { + if (rem != KSUCCESS){ + /* the krb_rd_req failed */ + if(send_error_reply(fd)) + return -1; + return rem; + } + + /* add one to the (formerly) sealed checksum, and re-seal it + for return to the client */ + { + unsigned char cs[4]; + krb_put_int(kdata->checksum + 1, cs, 4); +#ifndef NOENCRYPTION + des_key_sched(&kdata->session,schedule); +#endif + priv_len = krb_mk_priv(cs, + tmp_buf+4, + 4, + schedule, + &kdata->session, + laddr, + faddr); + } + /* mk_priv will never fail */ + priv_len += krb_put_int(priv_len, tmp_buf, 4); + + if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len) + return -1; + } + return rem; +} diff --git a/crypto/kerberosIV/lib/krb/resolve.c b/crypto/kerberosIV/lib/krb/resolve.c new file mode 100644 index 0000000..7777c0e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.c @@ -0,0 +1,288 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include "resolve.h" + +RCSID("$Id: resolve.c,v 1.11 1997/06/01 04:19:20 assar Exp $"); + +#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) + +#define DECL(X) {#X, T_##X} + +static struct stot{ + char *name; + int type; +}stot[] = { + DECL(A), + DECL(NS), + DECL(CNAME), + DECL(PTR), + DECL(MX), + DECL(TXT), + DECL(AFSDB), + DECL(SRV), + {NULL, 0} +}; + +static int +string_to_type(const char *name) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(strcasecmp(name, p->name) == 0) + return p->type; + return -1; +} + +#if 0 +static char * +type_to_string(int type) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(type == p->type) + return p->name; + return NULL; +} +#endif + +void +dns_free_data(struct dns_reply *r) +{ + struct resource_record *rr; + if(r->q.domain) + free(r->q.domain); + for(rr = r->head; rr;){ + struct resource_record *tmp = rr; + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + rr = rr->next; + free(tmp); + } + free (r); +} + +static struct dns_reply* +parse_reply(unsigned char *data, int len) +{ + unsigned char *p; + char host[128]; + int status; + + struct dns_reply *r; + struct resource_record **rr; + + r = (struct dns_reply*)malloc(sizeof(struct dns_reply)); + memset(r, 0, sizeof(struct dns_reply)); + + p = data; + memcpy(&r->h, p, sizeof(HEADER)); + p += sizeof(HEADER); + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + r->q.domain = strdup(host); + p += status; + r->q.type = (p[0] << 8 | p[1]); + p += 2; + r->q.class = (p[0] << 8 | p[1]); + p += 2; + rr = &r->head; + while(p < data + len){ + int type, class, ttl, size; + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + p += status; + type = (p[0] << 8) | p[1]; + p += 2; + class = (p[0] << 8) | p[1]; + p += 2; + ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + size = (p[0] << 8) | p[1]; + p += 2; + *rr = (struct resource_record*)calloc(1, + sizeof(struct resource_record)); + (*rr)->domain = strdup(host); + (*rr)->type = type; + (*rr)->class = class; + (*rr)->ttl = ttl; + (*rr)->size = size; + switch(type){ + case T_NS: + case T_CNAME: + case T_PTR: + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.txt = strdup(host); + break; + case T_MX: + case T_AFSDB:{ + status = dn_expand(data, data + len, p + 2, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + strlen(host)); + (*rr)->u.mx->preference = (p[0] << 8) | p[1]; + strcpy((*rr)->u.mx->domain, host); + break; + } + case T_SRV:{ + status = dn_expand(data, data + len, p + 6, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + strlen(host)); + (*rr)->u.srv->priority = (p[0] << 8) | p[1]; + (*rr)->u.srv->weight = (p[2] << 8) | p[3]; + (*rr)->u.srv->port = (p[4] << 8) | p[5]; + strcpy((*rr)->u.srv->target, host); + break; + } + case T_TXT:{ + (*rr)->u.txt = (char*)malloc(size + 1); + strncpy((*rr)->u.txt, (char*)p + 1, *p); + (*rr)->u.txt[*p] = 0; + break; + } + + default: + (*rr)->u.data = (unsigned char*)malloc(size); + memcpy((*rr)->u.data, p, size); + } + p += size; + rr = &(*rr)->next; + } + *rr = NULL; + return r; +} + + + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + unsigned char reply[1024]; + int len; + int type; + struct dns_reply *r = NULL; + + type = string_to_type(type_name); + len = res_search(domain, C_IN, type, reply, sizeof(reply)); + if(len >= 0) + r = parse_reply(reply, len); + return r; +} + +#else /* defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + return NULL; +} + +void +dns_free_data(struct dns_reply *r) +{ +} + +#endif + +#ifdef TEST + +int +main(int argc, char **argv) +{ + struct dns_reply *r; + struct resource_record *rr; + r = dns_lookup(argv[1], argv[2]); + if(r == NULL){ + printf("No reply.\n"); + return 1; + } + for(rr = r->head; rr;rr=rr->next){ + printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl); + switch(rr->type){ + case T_NS: + printf("%s\n", (char*)rr->data); + break; + case T_A: + printf("%d.%d.%d.%d\n", + ((unsigned char*)rr->data)[0], + ((unsigned char*)rr->data)[1], + ((unsigned char*)rr->data)[2], + ((unsigned char*)rr->data)[3]); + break; + case T_MX: + case T_AFSDB:{ + struct mx_record *mx = (struct mx_record*)rr->data; + printf("%d %s\n", mx->preference, mx->domain); + break; + } + case T_SRV:{ + struct srv_record *srv = (struct srv_record*)rr->data; + printf("%d %d %d %s\n", srv->priority, srv->weight, + srv->port, srv->target); + break; + } + default: + printf("\n"); + break; + } + } + + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/resolve.h b/crypto/kerberosIV/lib/krb/resolve.h new file mode 100644 index 0000000..dac9993 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */ + +/* THIS IS NOT (yet) A PUBLIC INTERFACE */ + + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +/* We use these, but they are not always present in */ + +#ifndef T_TXT +#define T_TXT 16 +#endif +#ifndef T_AFSDB +#define T_AFSDB 18 +#endif +#ifndef T_SRV +#define T_SRV 33 +#endif + +struct dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct mx_record{ + unsigned preference; + char domain[1]; +}; + +struct srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct mx_record *mx; + struct mx_record *afsdb; /* mx and afsdb are identical */ + struct srv_record *srv; + struct in_addr *a; + char *txt; + }u; + struct resource_record *next; +}; + + +#ifndef HAVE_ARPA_NAMESER_H /* XXX */ +typedef int HEADER; /* will never be used */ +#endif + +struct dns_reply{ + HEADER h; + struct dns_query q; + struct resource_record *head; +}; + + +struct dns_reply* dns_lookup(const char *, const char *); + +void dns_free_data(struct dns_reply *r); + +#endif /* __RESOLVE_H__ */ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c new file mode 100644 index 0000000..4b136aa --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Almost all programs use these routines (implicitly) so it's a good + * place to put the version string. */ + +#include "version.h" + +#include "krb_locl.h" + +RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $"); + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb) +{ + int i; + unsigned char *from = (unsigned char *)f; + + *to = 0; + if(lsb){ + for(i = size-1; i >= 0; i--) + *to = (*to << 8) | from[i]; + }else{ + for(i = 0; i < size; i++) + *to = (*to << 8) | from[i]; + } + return size; +} + +int +krb_put_int(u_int32_t from, void *to, int size) +{ + int i; + unsigned char *p = (unsigned char *)to; + for(i = size - 1; i >= 0; i--){ + p[i] = from & 0xff; + from >>= 8; + } + return size; +} + + +/* addresses are always sent in network byte order */ + +int +krb_get_address(void *from, u_int32_t *to) +{ + unsigned char *p = (unsigned char*)from; + *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + return 4; +} + +int +krb_put_address(u_int32_t addr, void *to) +{ + return krb_put_int(ntohl(addr), to, 4); +} + +int +krb_put_string(char *from, void *to) +{ + strcpy((char *)to, from); + return strlen(from) + 1; +} + +int +krb_get_string(void *from, char *to) +{ + return krb_put_string(from, to); +} + +int +krb_get_nir(void *from, char *name, char *instance, char *realm) +{ + char *p = (char *)from; + + p += krb_get_string(p, name); + p += krb_get_string(p, instance); + if(realm) + p += krb_get_string(p, realm); + return p - (char *)from; +} + +int +krb_put_nir(char *name, char *instance, char *realm, void *to) +{ + char *p = (char *)to; + p += krb_put_string(name, p); + p += krb_put_string(instance, p); + if(realm) + p += krb_put_string(realm, p); + return p - (char *)to; +} diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c new file mode 100644 index 0000000..cfd6c07 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/save_credentials.c @@ -0,0 +1,59 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $"); + +/* + * This routine takes a ticket and associated info and calls + * tf_save_cred() to store them in the ticket cache. The peer + * routine for extracting a ticket and associated info from the + * ticket cache is krb_get_cred(). When changes are made to + * this routine, the corresponding changes should be made + * in krb_get_cred() as well. + * + * Returns KSUCCESS if all goes well, otherwise an error returned + * by the tf_init() or tf_save_cred() routines. + */ + +int +save_credentials(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + int32_t issue_date) /* The issue time */ +{ + int tf_status; /* return values of the tf_util calls */ + + /* Open and lock the ticket file for writing */ + if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Save credentials by appending to the ticket file */ + tf_status = tf_save_cred(service, instance, realm, session, + lifetime, kvno, ticket, issue_date); + tf_close(); + return (tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c new file mode 100644 index 0000000..828b34d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -0,0 +1,251 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $"); + +struct host { + struct sockaddr_in addr; + int proto; +}; + +static const char *prog = "send_to_kdc"; +static send_recv(KTEXT pkt, KTEXT rpkt, int f, + struct sockaddr_in *_to, struct host *addrs, + int h_hosts); + +/* + * This file contains two routines, send_to_kdc() and send_recv(). + * send_recv() is a static routine used by send_to_kdc(). + */ + +/* + * send_to_kdc() sends a message to the Kerberos authentication + * server(s) in the given realm and returns the reply message. + * The "pkt" argument points to the message to be sent to Kerberos; + * the "rpkt" argument will be filled in with Kerberos' reply. + * The "realm" argument indicates the realm of the Kerberos server(s) + * to transact with. If the realm is null, the local realm is used. + * + * If more than one Kerberos server is known for a given realm, + * different servers will be queried until one of them replies. + * Several attempts (retries) are made for each server before + * giving up entirely. + * + * If an answer was received from a Kerberos host, KSUCCESS is + * returned. The following errors can be returned: + * + * SKDC_CANT - can't get local realm + * - can't find "kerberos" in /etc/services database + * - can't open socket + * - can't bind socket + * - all ports in use + * - couldn't find any Kerberos host + * + * SKDC_RETRY - couldn't get an answer from any Kerberos server, + * after several retries + */ + +int +send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) +{ + int i; + int no_host; /* was a kerberos host found? */ + int retry; + int n_hosts; + int retval; + struct hostent *host; + char lrealm[REALM_SZ]; + struct krb_host *k_host; + struct host *hosts = malloc(sizeof(*hosts)); + + if (hosts == NULL) + return SKDC_CANT; + + /* + * If "realm" is non-null, use that, otherwise get the + * local realm. + */ + if (realm) + strcpy(lrealm, realm); + else + if (krb_get_lrealm(lrealm,1)) { + if (krb_debug) + krb_warning("%s: can't get local realm\n", prog); + return(SKDC_CANT); + } + if (krb_debug) + krb_warning("lrealm is %s\n", lrealm); + + no_host = 1; + /* get an initial allocation */ + n_hosts = 0; + for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) { + char *p; + + if (krb_debug) + krb_warning("Getting host entry for %s...", k_host->host); + host = gethostbyname(k_host->host); + if (krb_debug) { + krb_warning("%s.\n", + host ? "Got it" : "Didn't get it"); + } + if (!host) + continue; + no_host = 0; /* found at least one */ + while ((p = *(host->h_addr_list)++)) { + hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1)); + if (hosts == NULL) + return SKDC_CANT; + memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr)); + hosts[n_hosts].addr.sin_family = host->h_addrtype; + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + memcpy(&hosts[n_hosts].addr.sin_addr, p, + sizeof(hosts[n_hosts].addr.sin_addr)); + ++n_hosts; + if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto, + &hosts[n_hosts-1].addr, hosts, n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + if (krb_debug) { + krb_warning("Timeout, error, or wrong descriptor\n"); + } + } + } + if (no_host) { + if (krb_debug) + krb_warning("%s: can't find any Kerberos host.\n", + prog); + retval = SKDC_CANT; + goto rtn; + } + /* retry each host in sequence */ + for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { + for (i = 0; i < n_hosts; ++i) { + if (send_recv(pkt, rpkt, + hosts[i].proto, + &hosts[i].addr, + hosts, + n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + } + } + retval = SKDC_RETRY; +rtn: + free(hosts); + return(retval); +} + +/* + * try to send out and receive message. + * return 1 on success, 0 on failure + */ + +static int +send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, + struct sockaddr_in *_to, struct host *addrs, int n_hosts) +{ + fd_set readfds; + int numsent; + + /* CLIENT_KRB_TIMEOUT indicates the time to wait before + * retrying a server. It's defined in "krb.h". + */ + struct timeval timeout; + timeout.tv_sec = CLIENT_KRB_TIMEOUT; + timeout.tv_usec = 0; + + if (krb_debug) { + if (_to->sin_family == AF_INET) + krb_warning("Sending message to %s...", + inet_ntoa(_to->sin_addr)); + else + krb_warning("Sending message..."); + } + if(stream){ + unsigned char tmp[4]; + krb_put_int(pkt->length, tmp, 4); + if((numsent = send(f, tmp, 4, 0)) != 4){ + if (krb_debug) + krb_warning("sent only %d/%d\n", numsent, 4); + return 0; + } + } + if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) { + if (krb_debug) + krb_warning("sent only %d/%d\n",numsent, pkt->length); + return 0; + } + if (krb_debug) + krb_warning("Sent\nWaiting for reply..."); + FD_ZERO(&readfds); + FD_SET(f, &readfds); + /* select - either recv is ready, or timeout */ + /* see if timeout or error or wrong descriptor */ + if (select(f + 1, &readfds, 0, 0, &timeout) < 1 + || !FD_ISSET(f, &readfds)) { + if (krb_debug) + krb_warning("select failed: errno = %d", errno); + return 0; + } + if(stream){ + if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0) + return 0; + }else{ + if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) { + if (krb_debug) + krb_warning("recvfrom: errno = %d\n", errno); + return 0; + } + } + return 1; +} + +static int +send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to, + struct host *addrs, int n_hosts) +{ + int f; + int ret = 0; + if(proto == IPPROTO_UDP) + f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + else if(proto == IPPROTO_TCP) + f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + else{ + krb_warning("Unknown protocol `%d'.\n", proto); + return 0; + } + + if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0) + krb_warning("Connecting socket: errno = %d\n", errno); + else + ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, + _to, addrs, n_hosts); + + close(f); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c new file mode 100644 index 0000000..4240bcf --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sendauth.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $"); + +/* + * krb_sendauth() transmits a ticket over a file descriptor for a + * desired service, instance, and realm, doing mutual authentication + * with the server if desired. + */ + +/* + * The first argument to krb_sendauth() contains a bitfield of + * options (the options are defined in "krb.h"): + * + * KOPT_DONT_CANON Don't canonicalize instance as a hostname. + * (If this option is not chosen, krb_get_phost() + * is called to canonicalize it.) + * + * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. + * A ticket must be supplied in the "ticket" + * argument. + * (If this option is not chosen, and there + * is no ticket for the given server in the + * ticket cache, one will be fetched using + * krb_mk_req() and returned in "ticket".) + * + * KOPT_DO_MUTUAL Do mutual authentication, requiring that the + * receiving server return the checksum+1 encrypted + * in the session key. The mutual authentication + * is done using krb_mk_priv() on the other side + * (see "recvauth.c") and krb_rd_priv() on this + * side. + * + * The "fd" argument is a file descriptor to write to the remote + * server on. The "ticket" argument is used to store the new ticket + * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is + * chosen, the ticket must be supplied in the "ticket" argument. + * The "service", "inst", and "realm" arguments identify the ticket. + * If "realm" is null, the local realm is used. + * + * The following arguments are only needed if the KOPT_DO_MUTUAL option + * is chosen: + * + * The "checksum" argument is a number that the server will add 1 to + * to authenticate itself back to the client; the "msg_data" argument + * holds the returned mutual-authentication message from the server + * (i.e., the checksum+1); the "cred" structure is used to hold the + * session key of the server, extracted from the ticket file, for use + * in decrypting the mutual authentication message from the server; + * and "schedule" holds the key schedule for that decryption. The + * the local and server addresses are given in "laddr" and "faddr". + * + * The application protocol version number (of up to KRB_SENDAUTH_VLEN + * characters) is passed in "version". + * + * If all goes well, KSUCCESS is returned, otherwise some error code. + * + * The format of the message sent to the server is: + * + * Size Variable Field + * ---- -------- ----- + * + * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol + * bytes version number + * + * KRB_SENDAUTH_VLEN version application protocol + * bytes version number + * + * 4 bytes ticket->length length of ticket + * + * ticket->length ticket->dat ticket itself + */ + +int +krb_sendauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descriptor to write onto */ + KTEXT ticket, /* where to put ticket (return); or + * supplied in case of KOPT_DONT_MK_REQ */ + char *service, /* service name, instance, realm */ + char *instance, + char *realm, + u_int32_t checksum, /* checksum to include in request */ + MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */ + CREDENTIALS *cred, /* credentials (return) */ + struct des_ks_struct *schedule, /* key schedule (return) */ + struct sockaddr_in *laddr, /* local address */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + char *version) /* version string */ +{ + int ret; + KTEXT_ST buf; + char realrealm[REALM_SZ]; + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + ret = krb_mk_auth (options, ticket, service, instance, realm, checksum, + version, &buf); + if (ret != KSUCCESS) + return ret; + ret = krb_net_write(fd, buf.dat, buf.length); + if(ret < 0) + return -1; + + if (options & KOPT_DO_MUTUAL) { + char tmp[4]; + u_int32_t len; + char inst[INST_SZ]; + + ret = krb_net_read (fd, tmp, 4); + if (ret < 0) + return -1; + + krb_get_int (tmp, &len, 4, 0); + if (len == 0xFFFFFFFF || len > sizeof(buf.dat)) + return KFAILURE; + buf.length = len; + ret = krb_net_read (fd, buf.dat, len); + if (ret < 0) + return -1; + + if (options & KOPT_DONT_CANON) + strncpy (inst, instance, sizeof(inst)); + else + strncpy (inst, krb_get_phost(instance), sizeof(inst)); + + ret = krb_get_cred (service, inst, realm, cred); + if (ret != KSUCCESS) + return ret; + + des_key_sched(&cred->session, schedule); + + ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, + schedule, laddr, faddr); + if (ret != KSUCCESS) + return ret; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c new file mode 100644 index 0000000..d64bbeb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sizetest.c @@ -0,0 +1,41 @@ +#include "krb_locl.h" + +RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $"); + +static +void +err(const char *msg) +{ + fputs(msg, stderr); + exit(1); +} + +int +main() +{ + if (sizeof(u_int8_t) < 1) + err("sizeof(u_int8_t) is smaller than 1 byte\n"); + if (sizeof(u_int16_t) < 2) + err("sizeof(u_int16_t) is smaller than 2 bytes\n"); + if (sizeof(u_int32_t) < 4) + err("sizeof(u_int32_t) is smaller than 4 bytes\n"); + + if (sizeof(u_int8_t) > 1) + fputs("warning: sizeof(u_int8_t) is larger than 1 byte, " + "some stuff may not work properly!\n", stderr); + + { + u_int8_t u = 1; + int i; + for (i = 0; u != 0 && i < 100; i++) + u <<= 1; + + if (i < 8) + err("u_int8_t is smaller than 8 bits\n"); + else if (i > 8) + fputs("warning: u_int8_t is larger than 8 bits, " + "some stuff may not work properly!\n", stderr); + } + + exit(0); +} diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c new file mode 100644 index 0000000..ec57d8f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/stime.c @@ -0,0 +1,35 @@ +/* + * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * . + */ + +#include "krb_locl.h" + +RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $"); + +/* + * Given a pointer to a long containing the number of seconds + * since the beginning of time (midnight 1 Jan 1970 GMT), return + * a string containing the local time in the form: + * + * "25-Jan-1988 10:17:56" + */ + +const char * +krb_stime(time_t *t) +{ + static char st[40]; + struct tm *tm; + + tm = localtime(t); + snprintf(st, sizeof(st), + "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday, + month_sname(tm->tm_mon + 1),tm->tm_year + 1900, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return st; +} diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c new file mode 100644 index 0000000..2b00fc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/str2key.c @@ -0,0 +1,103 @@ +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts its via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +#include "krb_locl.h" + +RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $"); + +static void +mklower(char *s) +{ + for (; *s; s++) + if ('A' <= *s && *s <= 'Z') + *s = *s - 'A' + 'a'; +} + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + int i; + int passlen; + + memset (key, 0, sizeof(key)); + memset(password, 0, sizeof(password)); + + strncpy (password, cell, 8); + passlen = strlen (str); + if (passlen > 8) passlen = 8; + + for (i=0; i sizeof(password)) passlen = sizeof(password); + + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + + des_fixup_key_parity (key); +} + +void +afs_string_to_key(char *str, char *cell, des_cblock *key) +{ + char realm[REALM_SZ+1]; + strncpy(realm, cell, REALM_SZ); + realm[REALM_SZ] = 0; + mklower(realm); + + if (strlen(str) > 8) + afs_transarc_StringToKey (str, realm, key); + else + afs_cmu_StringToKey (str, realm, key); +} diff --git a/crypto/kerberosIV/lib/krb/swab.c b/crypto/kerberosIV/lib/krb/swab.c new file mode 100644 index 0000000..d68ce3d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/swab.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: swab.c,v 1.4 1997/04/01 08:18:45 joda Exp $"); +#endif + +#ifndef HAVE_SWAB +void +swab (char *from, char *to, int nbytes) +{ + while(nbytes >= 2) { + *(to + 1) = *from; + *to = *(from + 1); + to += 2; + from += 2; + nbytes -= 2; + } +} +#endif diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c new file mode 100644 index 0000000..a196448 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -0,0 +1,645 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $"); + + +#define TOO_BIG -1 +#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before + * retry if ticket file is + * locked */ +#define TF_LCK_RETRY_COUNT (50) /* number of retries */ + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +/* + * fd must be initialized to something that won't ever occur as a real + * file descriptor. Since open(2) returns only non-negative numbers as + * valid file descriptors, and tf_init always stuffs the return value + * from open in here even if it is an error flag, we must + * a. Initialize fd to a negative number, to indicate that it is + * not initially valid. + * b. When checking for a valid fd, assume that negative values + * are invalid (ie. when deciding whether tf_init has been + * called.) + * c. In tf_close, be sure it gets reinitialized to a negative + * number. + */ +static int fd = -1; +static int curpos; /* Position in tfbfr */ +static int lastpos; /* End of tfbfr */ +static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ + +static int tf_gets(char *s, int n); +static int tf_read(void *s, int n); + +/* + * This file contains routines for manipulating the ticket cache file. + * + * The ticket file is in the following format: + * + * principal's name (null-terminated string) + * principal's instance (null-terminated string) + * CREDENTIAL_1 + * CREDENTIAL_2 + * ... + * CREDENTIAL_n + * EOF + * + * Where "CREDENTIAL_x" consists of the following fixed-length + * fields from the CREDENTIALS structure (see "krb.h"): + * + * char service[ANAME_SZ] + * char instance[INST_SZ] + * char realm[REALM_SZ] + * C_Block session + * int lifetime + * int kvno + * KTEXT_ST ticket_st + * u_int32_t issue_date + * + * Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * It tries to open the ticket file, checks the mode, and if everything + * is okay, locks the file. If it's opened for reading, the lock is + * shared. If it's opened for writing, the lock is exclusive. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + /* Unix implementation */ + int wflag; + struct stat stat_buf; + int i_retry; + + switch (rw) { + case R_TKT_FIL: + wflag = 0; + break; + case W_TKT_FIL: + wflag = 1; + break; + default: + if (krb_debug) + krb_warning("tf_init: illegal parameter\n"); + return TKT_FIL_ACC; + } + if (lstat(tf_name, &stat_buf) < 0) + switch (errno) { + case ENOENT: + return NO_TKT_FIL; + default: + return TKT_FIL_ACC; + } + /* The old code tried to guess when the calling program was + * running set-uid, this is now removed - the kerberos library + * does not (or shouldn't) know anything about user-ids. + + * All library functions now assume that the right userids are set + * upon entry, therefore there is no need to test permissions like + * before. If the file is openable, just open it. + */ + + if(!S_ISREG(stat_buf.st_mode)) + return TKT_FIL_ACC; + + + /* + * If "wflag" is set, open the ticket file in append-writeonly mode + * and lock the ticket file in exclusive mode. If unable to lock + * the file, sleep and try again. If we fail again, return with the + * proper error message. + */ + + curpos = sizeof(tfbfr); + + + if (wflag) { + fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of write lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + close (fd); + fd = -1; + return TKT_FIL_LCK; + } + /* + * Otherwise "wflag" is not set and the ticket file should be opened + * for read-only operations and locked for shared access. + */ + + fd = open(tf_name, O_RDONLY | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of read lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + /* failure */ + close(fd); + fd = -1; + return TKT_FIL_LCK; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + * + * New algoritm for creating ticket file: + * 1. try to erase contents of existing file. + * 2. try to remove old file. + * 3. try to open with O_CREAT and O_EXCL + * 4. if this fails, someone has created a file in between 1 and 2 and + * we should fail. Otherwise, all is wonderful. + */ + +int +tf_create(char *tf_name) +{ + struct stat statbuf; + char garbage[BUFSIZ]; + + fd = open(tf_name, O_RDWR | O_BINARY, 0); + if (fd >= 0) { + if (fstat (fd, &statbuf) == 0) { + int i; + + for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) + write (fd, garbage, sizeof(garbage)); + } + close (fd); + } + + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + + fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) + return TKT_FIL_ACC; + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + sleep(TF_LCK_RETRY); + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + close(fd); + fd = -1; + return TKT_FIL_LCK; + } + } + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pname called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ + { + if (krb_debug) + krb_warning ("tf_get_pname: pname < 2.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pname called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(p)+1; + if (write(fd,p,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pinst called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(inst, INST_SZ) < 1) + { + if (krb_debug) + krb_warning("tf_get_pinst: inst_sz < 1.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pinst called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(inst)+1; + if (write(fd,inst,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + KTEXT ticket = &c->ticket_st; /* pointer to ticket */ + int k_errno; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_get_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning("tf_get_cred: too big service cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning("tf_get_cred: null service cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big instance cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big realm cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: null realm cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ( + tf_read((c->session), DES_KEY_SZ) < 1 || + tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || + tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || + tf_read(&(ticket->length), sizeof(ticket->length)) + < 1 || + /* don't try to read a silly amount into ticket->dat */ + ticket->length > MAX_KTXT_LEN || + tf_read((ticket->dat), ticket->length) < 1 || + tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 + ) { + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: failed tf_read.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + * + * The return value is not defined. + */ + +void +tf_close(void) +{ + if (!(fd < 0)) { + k_flock(fd, K_LOCK_UN); + close(fd); + fd = -1; /* see declaration of fd above */ + } + memset(tfbfr, 0, sizeof(tfbfr)); +} + +/* + * tf_gets() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until either it has read "n" characters, + * or until it reads a null byte. When finished, what has been read exists + * in "s". If it encounters EOF or an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read (including null terminator) + * when all goes well + * + * 0 end of file or read error + * + * TOO_BIG if "count" characters are read and no null is + * encountered. This is an indication that the ticket + * file is seriously ill. + */ + +static int +tf_gets(char *s, int n) +{ + int count; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_gets called before tf_init.\n"); + return TKT_FIL_INI; + } + for (count = n - 1; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s = tfbfr[curpos++]; + if (*s++ == '\0') + return (n - count); + } + tf_close(); + return TOO_BIG; +} + +/* + * tf_read() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until "n" bytes have been read. When + * finished, what has been read exists in "s". If it encounters EOF or + * an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read when all goes well + * + * 0 on end of file or read error + */ + +static int +tf_read(void *v, int n) +{ + char *s = (char *)v; + int count; + + for (count = n; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s++ = tfbfr[curpos++]; + } + return n; +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + int count; /* count for write */ + + if (fd < 0) { /* fd is ticket file as set by tf_init */ + if (krb_debug) + krb_warning ("tf_save_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + /* Find the end of the ticket file */ + lseek(fd, 0L, SEEK_END); + + /* Write the ticket and associated data */ + /* Service */ + count = strlen(service) + 1; + if (write(fd, service, count) != count) + goto bad; + /* Instance */ + count = strlen(instance) + 1; + if (write(fd, instance, count) != count) + goto bad; + /* Realm */ + count = strlen(realm) + 1; + if (write(fd, realm, count) != count) + goto bad; + /* Session key */ + if (write(fd, session, 8) != 8) + goto bad; + /* Lifetime */ + if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) + goto bad; + /* Key vno */ + if (write(fd, &kvno, sizeof(int)) != sizeof(int)) + goto bad; + /* Tkt length */ + if (write(fd, &(ticket->length), sizeof(int)) != + sizeof(int)) + goto bad; + /* Ticket */ + count = ticket->length; + if (write(fd, ticket->dat, count) != count) + goto bad; + /* Issue date */ + if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) + goto bad; + + return (KSUCCESS); +bad: + return (KFAILURE); +} + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} + +int +in_tkt(char *pname, char *pinst) +{ + int ret; + + ret = tf_create (tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + tf_close(); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c new file mode 100644 index 0000000..04e20b6 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.c @@ -0,0 +1,438 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.c - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +#define WIN32_LEAN_AND_MEAN +#include +#include "krb_locl.h" +#include "ticket_memory.h" + +RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $"); + +void msg(char *text, int error); + +/* Global variables for memory mapping. */ +HANDLE SharedMemoryHandle; +tktmem *SharedMemory; + +static int CredIndex = -1; + +int +newTktMem(const char *tf_name) +{ + if(!SharedMemory) + { + unsigned int MemorySize = sizeof(tktmem); + unsigned int MemorySizeHi = sizeof(tktmem)>>16; + unsigned int MemorySizeLo = MemorySize&0xFFFF; + SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0, + PAGE_READWRITE, + MemorySizeHi, MemorySizeLo, + "krb_memory"); + + if(!SharedMemoryHandle) + { + msg("Could not create shared memory.", GetLastError()); + return KFAILURE; + } + + SharedMemory = MapViewOfFile(SharedMemoryHandle, + FILE_MAP_WRITE, 0, 0, 0); + if(!SharedMemory) + { + msg("Unable to alloc shared memory.", GetLastError()); + return KFAILURE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + if(tf_name) + strcpy(SharedMemory->tmname, tf_name); + SharedMemory->last_cred_no = 0; + } + } + + CredIndex = 0; + return KSUCCESS; +} + +int +freeTktMem(const char *tf_name) +{ + if(SharedMemory) + { + UnmapViewOfFile(SharedMemory); + CloseHandle(SharedMemoryHandle); + } + return KSUCCESS; +} + + + +tktmem * +getTktMem(const char *tf_name) +{ + return SharedMemory; +} + +void +firstCred(void) +{ + if(getTktMem(0)->last_cred_no > 0) + CredIndex = 0; + else + CredIndex = -1; +} + +int +nextCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last ) + return CredIndex++; + else + return CredIndex = -1; +} + +int +currCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last) + return CredIndex; + else + return CredIndex = -1; +} + +int +nextFreeIndex(void) +{ + tktmem *mem = getTktMem(0); + if(mem->last_cred_no > CRED_VEC_SZ) + return -1; + else + return mem->last_cred_no++; +} + +/* + * in_tkt() is used to initialize the ticket store. It creates the + * file to contain the tickets and writes the given user's name "pname" + * and instance "pinst" in the file. in_tkt() returns KSUCCESS on + * success, or KFAILURE if something goes wrong. + */ + +int +in_tkt(char *pname, char *pinst) +{ + /* Here goes code to initialize shared memory, to store tickets in. */ + /* Implemented somewhere else. */ + return KFAILURE; +} + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + /* Here goes code to destroy tickets in shared memory. */ + /* Not implemented yet. */ + return KFAILURE; +} + +/* Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + if(!getTktMem(tf_name)) + return NO_TKT_FIL; + firstCred(); + return KSUCCESS; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + */ + +int +tf_create(char *tf_name) +{ + if(newTktMem(tf_name) != KSUCCESS) + return NO_TKT_FIL; + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(p, TktStore->pname); + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(TktStore->pname, p); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(inst, TktStore->pinst); + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(TktStore->pinst, inst); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + int index; + CREDENTIALS *cred; + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if((index = nextCredIndex()) == -1) + return EOF; + if(!(cred = TktStore->cred_vec+index)) + return KFAILURE; + if(!c) + return KFAILURE; + memcpy(c, cred, sizeof(*c)); + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + */ + +void +tf_close(void) +{ +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + CREDENTIALS *cred; + tktmem *mem = getTktMem(0); + int last = nextFreeIndex(); + + if(last == -1) + return KFAILURE; + cred = mem->cred_vec+last; + strcpy(cred->service, service); + strcpy(cred->instance, instance); + strcpy(cred->realm, realm); + strcpy(cred->session, session); + cred->lifetime = lifetime; + cred->kvno = kvno; + memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); + cred->issue_date = issue_date; + strcpy(cred->pname, mem->pname); + strcpy(cred->pinst, mem->pinst); + return KSUCCESS; +} + + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h new file mode 100644 index 0000000..e85e1a4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.h - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */ + +#ifndef TICKET_MEMORY_H +#define TICKET_MEMORY_H + +#include "krb_locl.h" + +#define CRED_VEC_SZ 20 + +typedef struct _tktmem +{ + char tmname[64]; + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ + int last_cred_no; + CREDENTIALS cred_vec[CRED_VEC_SZ]; +} tktmem; + +int newTktMem(const char *tf_name); +int freeTktMem(const char *tf_name); +tktmem *getTktMem(const char *tf_name); +void firstCred(void); +int nextCredIndex(void); +int currCredIndex(void); +int nextFreeIndex(void); + +#endif /* TICKET_MEMORY_H */ diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c new file mode 100644 index 0000000..2914abb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tkt_string.c @@ -0,0 +1,85 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $"); + +/* + * This routine is used to generate the name of the file that holds + * the user's cache of server tickets and associated session keys. + * + * If it is set, krb_ticket_string contains the ticket file name. + * Otherwise, the filename is constructed as follows: + * + * If it is set, the environment variable "KRBTKFILE" will be used as + * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and + * the user's uid are concatenated to produce the ticket file name + * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket + * file name is returned. + */ + +static char krb_ticket_string[MaxPathLen] = ""; + +#ifndef HAVE_GETUID +int getuid(void) +{ + return 27; +} +#endif + +char *tkt_string(void) +{ + char *env; + + if (!*krb_ticket_string) { + if ((env = getenv("KRBTKFILE"))) { + strncpy(krb_ticket_string, env, + sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + } else { + snprintf(krb_ticket_string, sizeof(krb_ticket_string), + "%s%u",TKT_ROOT,(unsigned)getuid()); + } + } + return krb_ticket_string; +} + +/* + * This routine is used to set the name of the file that holds the user's + * cache of server tickets and associated session keys. + * + * The value passed in is copied into local storage. + * + * NOTE: This routine should be called during initialization, before other + * Kerberos routines are called; otherwise tkt_string() above may be called + * and return an undesired ticket file name until this routine is called. + */ + +void +krb_set_tkt_string(char *val) +{ + + strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + + return; +} diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c new file mode 100644 index 0000000..ddb938f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/unparse_name.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $"); + +static void +quote_string(char *quote, char *from, char *to) +{ + while(*from){ + if(strchr(quote, *from)) + *to++ = '\\'; + *to++ = *from++; + } + *to = 0; +} + +/* To be compatible with old functions, we quote differently in each + part of the principal*/ + +char * +krb_unparse_name_r(krb_principal *pr, char *fullname) +{ + quote_string("'@\\", pr->name, fullname); + if(pr->instance[0]){ + strcat(fullname, "."); + quote_string("@\\", pr->instance, fullname + strlen(fullname)); + } + if(pr->realm[0]){ + strcat(fullname, "@"); + quote_string("\\", pr->realm, fullname + strlen(fullname)); + } + return fullname; +} + +char * +krb_unparse_name_long_r(char *name, char *instance, char *realm, + char *fullname) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name_r(&pr, fullname); +} + +char * +krb_unparse_name(krb_principal *pr) +{ + static char principal[MAX_K_NAME_SZ]; + krb_unparse_name_r(pr, principal); + return principal; +} + +char * +krb_unparse_name_long(char *name, char *instance, char *realm) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name(&pr); +} diff --git a/crypto/kerberosIV/lib/krb/util.c b/crypto/kerberosIV/lib/krb/util.c new file mode 100644 index 0000000..7b77bb8 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/util.c @@ -0,0 +1,64 @@ +/* + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * Miscellaneous debug printing utilities + */ + +#include "krb_locl.h" + +RCSID("$Id: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $"); + +/* + * Print some of the contents of the given authenticator structure + * (AUTH_DAT defined in "krb.h"). Fields printed are: + * + * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session + */ + +void +ad_print(AUTH_DAT *x) +{ + /* + * Print the contents of an auth_dat struct. + */ + struct in_addr address; + address.s_addr = x->address; + printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key", + x->pname, x->pinst, x->prealm, + inet_ntoa(address), x->k_flags, + x->checksum, x->time_sec); + printf("[8] ="); +#ifdef NOENCRYPTION + placebo_cblock_print(x->session); +#else + des_cblock_print_file(&x->session,stdout); +#endif + /* skip reply for now */ +} + +/* + * Print in hex the 8 bytes of the given session key. + * + * Printed format is: " 0x { x, x, x, x, x, x, x, x }" + */ + +#ifdef NOENCRYPTION +placebo_cblock_print(x) + des_cblock x; +{ + unsigned char *y = (unsigned char *) x; + int i = 0; + + printf(" 0x { "); + + while (i++ <8) { + printf("%x",*y++); + if (i<8) printf(", "); + } + printf(" }"); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c new file mode 100644 index 0000000..ce22b59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $"); + +/* Verify user with password. If secure, also verify against local + * service key, this can (usually) only be done by root. + * + * As a side effect, fresh tickets are obtained. + * + * Returns zero if ok, a positive kerberos error or -1 for system + * errors. + */ + +int +krb_verify_user(char *name, char *instance, char *realm, char *password, + int secure, char *linstance) +{ + int ret; + ret = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, + DEFAULT_TKT_LIFE, password); + if(ret != KSUCCESS) + return ret; + + if(secure){ + struct hostent *hp; + int32_t addr; + + KTEXT_ST ticket; + AUTH_DAT auth; + + char lrealm[REALM_SZ]; + char hostname[MaxHostNameLen]; + char *phost; + + if (k_gethostname(hostname, sizeof(hostname)) == -1) { + dest_tkt(); + return -1; + } + + hp = gethostbyname(hostname); + if(hp == NULL){ + dest_tkt(); + return -1; + } + memcpy(&addr, hp->h_addr, sizeof(addr)); + + ret = krb_get_lrealm(lrealm, 1); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + phost = krb_get_phost(hostname); + + if (linstance == NULL) + linstance = "rcmd"; + + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, ""); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + } + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in new file mode 100644 index 0000000..26f3142 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/Makefile.in @@ -0,0 +1,94 @@ +# +# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +CPP = @CPP@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)roken +#LIBEXT = @LIBEXT@ Always build archive library and don't install! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = \ + chown.c daemon.c err.c errx.c fchown.c get_window_size.c \ + getcwd.c getdtablesize.c getopt.c getusershell.c \ + hstrerror.c inaddr2str.c inet_aton.c \ + initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \ + memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \ + setenv.c seteuid.c signal.c snprintf.c \ + strcasecmp.c strdup.c strerror.c strftime.c \ + strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \ + unsetenv.c verify.c verr.c verrx.c vwarn.c \ + vwarnx.c warn.c warnerr.c warnx.c + +OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \ + verify.o inaddr2str.o mini_inetd.o get_window_size.o \ + warnerr.o snprintf.o @LIBOBJS@ + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + +uninstall: + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/roken/chown.c b/crypto/kerberosIV/lib/roken/chown.c new file mode 100644 index 0000000..28550d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/chown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: chown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +chown(const char *path, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c new file mode 100644 index 0000000..ffab298 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/daemon.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $"); + +#ifndef HAVE_DAEMON + +#ifdef HAVE_FCNTL_H +#include +#endif +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "roken.h" + +int +daemon(nochdir, noclose) + int nochdir, noclose; +{ + int fd; + + switch (fork()) { + case -1: + return (-1); + case 0: + break; + default: + _exit(0); + } + + if (setsid() == -1) + return (-1); + + if (!nochdir) + (void)chdir("/"); + + if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) + (void)close (fd); + } + return (0); +} + +#endif /* HAVE_DAEMON */ diff --git a/crypto/kerberosIV/lib/roken/err.c b/crypto/kerberosIV/lib/roken/err.c new file mode 100644 index 0000000..029faa9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: err.c,v 1.5 1997/03/30 08:05:37 joda Exp $"); +#endif + +#include "err.h" + +void +err(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verr(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h new file mode 100644 index 0000000..6f25435 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */ + +#ifndef __ERR_H__ +#define __ERR_H__ + +#include +#include +#include +#include +#include + +extern const char *__progname; + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) + __attribute__ ((format (printf, 4, 0))); + +void verr(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void err(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void verrx(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void errx(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void vwarn(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warn(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void vwarnx(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warnx(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +#endif /* __ERR_H__ */ diff --git a/crypto/kerberosIV/lib/roken/errx.c b/crypto/kerberosIV/lib/roken/errx.c new file mode 100644 index 0000000..18969d5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/errx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: errx.c,v 1.5 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +errx(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verrx(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/fchown.c b/crypto/kerberosIV/lib/roken/fchown.c new file mode 100644 index 0000000..2a94e3a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/fchown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: fchown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +fchown(int fd, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c new file mode 100644 index 0000000..d31d18d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/get_window_size.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $"); +#endif + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#if 0 /* Where were those needed? /confused */ +#ifdef HAVE_SYS_PROC_H +#include +#endif + +#ifdef HAVE_SYS_TTY_H +#include +#endif +#endif + +#ifdef HAVE_TERMIOS_H +#include +#endif + +#include + +int +get_window_size(int fd, struct winsize *wp) +{ +#if defined(TIOCGWINSZ) + return ioctl(fd, TIOCGWINSZ, wp); +#elif defined(TIOCGSIZE) + struct ttysize ts; + int error; + + if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0) + return (error); + wp->ws_row = ts.ts_lines; + wp->ws_col = ts.ts_cols; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#elif defined(HAVE__SCRSIZE) + int dst[2]; + + _scrsize(dst); + wp->ws_row = dst[1]; + wp->ws_col = dst[0]; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#else + return -1; +#endif +} diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c new file mode 100644 index 0000000..a27451f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getcwd.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $"); +#endif + +#include +#include + +#include "protos.h" +#include "roken.h" + +char* +getcwd(char *path, size_t size) +{ + char xxx[MaxPathLen]; + char *ret; + ret = getwd(xxx); + if(ret) + strncpy(path, xxx, size); + return ret; +} diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c new file mode 100644 index 0000000..afd47d2b --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getdtablesize.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $"); +#endif + +#include "roken.h" + +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#include + +#ifdef HAVE_SYS_RESOURCE_H +#include +#endif + +#ifdef HAVE_SYS_SYSCTL_H +#include +#endif + +int getdtablesize(void) +{ + int files = -1; +#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX) + files = sysconf(_SC_OPEN_MAX); +#else /* !defined(HAVE_SYSCONF) */ +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) + struct rlimit res; + if (getrlimit(RLIMIT_NOFILE, &res) == 0) + files = res.rlim_cur; +#else /* !definded(HAVE_GETRLIMIT) */ +#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES) + int mib[2]; + size_t len; + + mib[0] = CTL_KERN; + mib[1] = KERN_MAXFILES; + len = sizeof(files); + sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0); +#endif /* defined(HAVE_SYSCTL) */ +#endif /* !definded(HAVE_GETRLIMIT) */ +#endif /* !defined(HAVE_SYSCONF) */ + +#ifdef OPEN_MAX + if (files < 0) + files = OPEN_MAX; +#endif + +#ifdef NOFILE + if (files < 0) + files = NOFILE; +#endif + + return files; +} diff --git a/crypto/kerberosIV/lib/roken/getopt.c b/crypto/kerberosIV/lib/roken/getopt.c new file mode 100644 index 0000000..fea4635 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getopt.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifndef __STDC__ +#define const +#endif +#include +#include +#include + +/* + * get option letter from argument vector + */ +int opterr = 1, /* if error message should be printed */ + optind = 1, /* index into parent argv vector */ + optopt, /* character checked for validity */ + optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ + +#define BADCH (int)'?' +#define BADARG (int)':' +#define EMSG "" + +int +getopt(nargc, nargv, ostr) + int nargc; + char * const *nargv; + const char *ostr; +{ + static char *place = EMSG; /* option letter processing */ + char *oli; /* option letter list index */ + char *p; + + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc || *(place = nargv[optind]) != '-') { + place = EMSG; + return(EOF); + } + if (place[1] && *++place == '-') { /* found "--" */ + ++optind; + place = EMSG; + return(EOF); + } + } /* option letter okay? */ + if ((optopt = (int)*place++) == (int)':' || + !(oli = strchr(ostr, optopt))) { + /* + * if the user didn't specify '-' as an option, + * assume it means EOF. + */ + if (optopt == (int)'-') + return(EOF); + if (!*place) + ++optind; + if (opterr && *ostr != ':') { + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + fprintf(stderr, "%s: illegal option -- %c\n", + p, optopt); + } + return(BADCH); + } + if (*++oli != ':') { /* don't need argument */ + optarg = NULL; + if (!*place) + ++optind; + } + else { /* need an argument */ + if (*place) /* no white space */ + optarg = place; + else if (nargc <= ++optind) { /* no arg */ + place = EMSG; + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + if (*ostr == ':') + return(BADARG); + if (opterr) + fprintf(stderr, + "%s: option requires an argument -- %c\n", + p, optopt); + return(BADCH); + } + else /* white space */ + optarg = nargv[optind]; + place = EMSG; + ++optind; + } + return(optopt); /* dump back option letter */ +} diff --git a/crypto/kerberosIV/lib/roken/getusershell.c b/crypto/kerberosIV/lib/roken/getusershell.c new file mode 100644 index 0000000..87a48ec --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getusershell.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 1985, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +RCSID("$Id: getusershell.c,v 1.8 1997/04/20 06:18:03 assar Exp $"); + +#ifndef HAVE_GETUSERSHELL + +#include +#include +#ifdef HAVE_PATHS_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +#ifndef _PATH_SHELLS +#define _PATH_SHELLS "/etc/shells" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif + +/* + * Local shells should NOT be added here. They should be added in + * /etc/shells. + */ + +static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL }; +static char **curshell, **shells, *strings; +static char **initshells (void); + +/* + * Get a list of shells from _PATH_SHELLS, if it exists. + */ +char * +getusershell() +{ + char *ret; + + if (curshell == NULL) + curshell = initshells(); + ret = *curshell; + if (ret != NULL) + curshell++; + return (ret); +} + +void +endusershell() +{ + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + curshell = NULL; +} + +void +setusershell() +{ + + curshell = initshells(); +} + +static char ** +initshells() +{ + char **sp, *cp; + FILE *fp; + struct stat statb; + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + if ((fp = fopen(_PATH_SHELLS, "r")) == NULL) + return (okshells); + if (fstat(fileno(fp), &statb) == -1) { + fclose(fp); + return (okshells); + } + if ((strings = malloc((u_int)statb.st_size)) == NULL) { + fclose(fp); + return (okshells); + } + shells = calloc((unsigned)statb.st_size / 3, sizeof (char *)); + if (shells == NULL) { + fclose(fp); + free(strings); + strings = NULL; + return (okshells); + } + sp = shells; + cp = strings; + while (fgets(cp, MaxPathLen + 1, fp) != NULL) { + while (*cp != '#' && *cp != '/' && *cp != '\0') + cp++; + if (*cp == '#' || *cp == '\0') + continue; + *sp++ = cp; + while (!isspace(*cp) && *cp != '#' && *cp != '\0') + cp++; + *cp++ = '\0'; + } + *sp = NULL; + fclose(fp); + return (shells); +} +#endif /* HAVE_GETUSERSHELL */ diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c new file mode 100644 index 0000000..9e47cb5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/hstrerror.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE_HSTRERROR + +#include +#include + +#ifndef HAVE_H_ERRNO +int h_errno = -17; /* Some magic number */ +#endif + +#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR)) +static const char *const h_errlist[] = { + "Resolver Error 0 (no error)", + "Unknown host", /* 1 HOST_NOT_FOUND */ + "Host name lookup failure", /* 2 TRY_AGAIN */ + "Unknown server error", /* 3 NO_RECOVERY */ + "No address associated with name", /* 4 NO_ADDRESS */ +}; + +static +const +int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; +#else + +#ifndef HAVE_H_ERRLIST_DECLARATION +extern const char *h_errlist[]; +extern int h_nerr; +#endif + +#endif + +char * +hstrerror(int herr) +{ + if (0 <= herr && herr < h_nerr) + return (char *) h_errlist[herr]; + else if(herr == -17) + return "unknown error"; + else + return "Error number out of range (hstrerror)"; +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c new file mode 100644 index 0000000..af158aa --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inaddr2str.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $"); +#endif + +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#include "roken.h" + +/* + * Get a verified name for `addr'. + * If unable to find it in the DNS, return x.y.z.a + */ + +void +inaddr2str(struct in_addr addr, char *s, size_t len) +{ + struct hostent *h; + char *p; + + h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET); + if (h) { + h = gethostbyname (h->h_name); + if(h) + while ((p = *(h->h_addr_list)++)) + if (memcmp (p, &addr, sizeof(addr)) == 0) { + strncpy (s, h->h_name, len); + s[len - 1] = '\0'; + return; + } + } + strncpy (s, inet_ntoa (addr), len); + s[len - 1] = '\0'; + return; +} diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c new file mode 100644 index 0000000..c97ef74 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inet_aton.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $"); +#endif + +#include "roken.h" + +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +/* Minimal implementation of inet_aton. + * Cannot distinguish between failure and a local broadcast address. */ + +int +inet_aton(const char *cp, struct in_addr *addr) +{ + addr->s_addr = inet_addr(cp); + return (addr->s_addr == INADDR_NONE) ? 0 : 1; +} diff --git a/crypto/kerberosIV/lib/roken/initgroups.c b/crypto/kerberosIV/lib/roken/initgroups.c new file mode 100644 index 0000000..a68aa63 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/initgroups.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: initgroups.c,v 1.2 1997/04/01 08:19:03 joda Exp $"); +#endif + +#include "roken.h" + +int +initgroups(const char *name, gid_t basegid) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c new file mode 100644 index 0000000..580b1a2 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include +#endif + +struct passwd * +k_getpwnam (char *user) +{ + struct passwd *p; + + p = getpwnam (user); +#ifdef HAVE_GETSPNAM + if(p) + { + struct spwd *spwd; + + spwd = getspnam (user); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c new file mode 100644 index 0000000..a3a8f04 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include +#endif + +struct passwd * +k_getpwuid (uid_t uid) +{ + struct passwd *p; + + p = getpwuid (uid); +#ifdef HAVE_GETSPUID + if (p) + { + struct spwd *spwd; + + spwd = getspuid (uid); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/lstat.c b/crypto/kerberosIV/lib/roken/lstat.c new file mode 100644 index 0000000..881ad9a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/lstat.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: lstat.c,v 1.3 1997/04/01 08:19:04 joda Exp $"); +#endif + +#include "roken.h" + +int +lstat(const char *path, struct stat *buf) +{ + return stat(path, buf); +} diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c new file mode 100644 index 0000000..315ff05 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/memmove.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $"); +#endif + +/* + * memmove for systems that doesn't have it + */ + +#include + +void* memmove(void *s1, const void *s2, size_t n) +{ + char *s=(char*)s2, *d=(char*)s1; + + if(d > s){ + s+=n-1; + d+=n-1; + while(n){ + *d--=*s--; + n--; + } + }else if(d < s) + while(n){ + *d++=*s++; + n--; + } + return s1; +} diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c new file mode 100644 index 0000000..ccfcfe7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mini_inetd.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $"); +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#include + +void +mini_inetd (int port) +{ + struct sockaddr_in sa; + int s = socket(AF_INET, SOCK_STREAM, 0); + int s2; + int one = 1; + if(s < 0){ + perror("socket"); + exit(1); + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)) < 0){ + perror("setsockopt"); + exit(1); + } +#endif + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = port; + sa.sin_addr.s_addr = INADDR_ANY; + if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){ + perror("bind"); + exit(1); + } + if(listen(s, SOMAXCONN) < 0){ + perror("listen"); + exit(1); + } + s2 = accept(s, NULL, 0); + if(s2 < 0){ + perror("accept"); + exit(1); + } + close(s); + dup2(s2, STDIN_FILENO); + dup2(s2, STDOUT_FILENO); + /* dup2(s2, STDERR_FILENO); */ + close(s2); +} diff --git a/crypto/kerberosIV/lib/roken/mkstemp.c b/crypto/kerberosIV/lib/roken/mkstemp.c new file mode 100644 index 0000000..e55398a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mkstemp.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include + +RCSID("$Id: mkstemp.c,v 1.2 1997/05/25 02:36:43 joda Exp $"); + +#ifndef HAVE_MKSTEMP + +int +mkstemp(char *template) +{ + int start, i; + pid_t val; + val = getpid(); + start = strlen(template) - 1; + while(template[start] == 'X') { + template[start] = '0' + val % 10; + val /= 10; + start--; + } + + do{ + int fd; + fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); + if(fd >= 0 || errno != EEXIST) + return fd; + i = start + 1; + do{ + if(template[i] == 0) + return -1; + template[i]++; + if(template[i] == '9' + 1) + template[i] = 'a'; + if(template[i] <= 'z') + break; + template[i] = 'a'; + i++; + }while(1); + }while(1); +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/putenv.c b/crypto/kerberosIV/lib/roken/putenv.c new file mode 100644 index 0000000..20d5a10 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/putenv.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: putenv.c,v 1.5 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include + +extern char **environ; + +/* + * putenv -- + * String points to a string of the form name=value. + * + * Makes the value of the environment variable name equal to + * value by altering an existing variable or creating a new one. + */ +int putenv(const char *string) +{ + int i; + int len; + + len = string - strchr(string, '=') + 1; + + if(environ == NULL){ + environ = malloc(sizeof(char*)); + if(environ == NULL) + return 1; + environ[0] = NULL; + } + + for(i = 0; environ[i]; i++) + if(strncmp(string, environ[i], len)){ + environ[len] = string; + return 0; + } + environ = realloc(environ, sizeof(char*) * (i + 1)); + if(environ == NULL) + return 1; + environ[i] = string; + environ[i+1] = NULL; + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/rcmd.c b/crypto/kerberosIV/lib/roken/rcmd.c new file mode 100644 index 0000000..6064d50 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/rcmd.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: rcmd.c,v 1.2 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include "roken.h" +#include + +int +rcmd(char **ahost, + unsigned short inport, + const char *locuser, + const char *remuser, + const char *cmd, + int *fd2p) +{ + fprintf(stderr, "Only kerberized services are implemented\n"); + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def new file mode 100644 index 0000000..13e3572 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.def @@ -0,0 +1,4 @@ +LIBRARY roken +EXPORTS + gettimeofday + strcasecmp diff --git a/crypto/kerberosIV/lib/roken/roken.h b/crypto/kerberosIV/lib/roken/roken.h new file mode 100644 index 0000000..1204e3e --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.h @@ -0,0 +1,338 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken.h,v 1.63 1997/05/28 05:38:09 assar Exp $ */ + +#ifndef __ROKEN_H__ +#define __ROKEN_H__ + +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_GRP_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_TERMIOS_H +#include +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif + +#include "protos.h" + +#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) +#define setsid _setsid +#endif + +#ifndef HAVE_PUTENV +int putenv(const char *string); +#endif + +#ifndef HAVE_SETENV +int setenv(const char *var, const char *val, int rewrite); +#endif + +#ifndef HAVE_UNSETENV +void unsetenv(const char *name); +#endif + +#ifndef HAVE_GETUSERSHELL +char *getusershell(void); +#endif + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HAVE_SNPRINTF +int snprintf (char *str, size_t sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VSNPRINTF +int vsnprintf (char *str, size_t sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_ASPRINTF +int asprintf (char **ret, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#ifndef HAVE_VASPRINTF +int vasprintf (char **ret, const char *format, va_list ap) + __attribute__((format (printf, 2, 0))); +#endif + +#ifndef HAVE_ASNPRINTF +int asnprintf (char **ret, size_t max_sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VASNPRINTF +int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_STRDUP +char * strdup(const char *old); +#endif + +#ifndef HAVE_STRLWR +char * strlwr(char *); +#endif + +#ifndef HAVE_STRNLEN +int strnlen(char*, int); +#endif + +#ifndef HAVE_STRTOK_R +char *strtok_r(char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_STRUPR +char * strupr(char *); +#endif + +#ifndef HAVE_GETDTABLESIZE +int getdtablesize(void); +#endif + +#if IRIX != 4 /* fix for compiler bug */ +#ifdef RETSIGTYPE +typedef RETSIGTYPE (*SigAction)(/* int??? */); +SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ +#endif +#endif + +#ifndef SIG_ERR +#define SIG_ERR ((RETSIGTYPE (*)())-1) +#endif + +#if !defined(HAVE_STRERROR) && !defined(strerror) +char *strerror(int eno); +#endif + +#ifndef HAVE_HSTRERROR +char *hstrerror(int herr); +#endif + +#ifndef HAVE_H_ERRNO_DECLARATION +extern int h_errno; +#endif + +#ifndef HAVE_INET_ATON +/* Minimal implementation of inet_aton. Doesn't handle hex numbers. */ +int inet_aton(const char *cp, struct in_addr *adr); +#endif + +#if !defined(HAVE_GETCWD) +char* getcwd(char *path, size_t size); +#endif + +#ifndef HAVE_GETENT +int getent(char *cp, char *name); +#endif + +#ifdef HAVE_PWD_H +#include +struct passwd *k_getpwnam (char *user); +struct passwd *k_getpwuid (uid_t uid); +#endif + +#ifndef HAVE_SETEUID +int seteuid(int euid); +#endif + +#ifndef HAVE_SETEGID +int setegid(int egid); +#endif + +#ifndef HAVE_LSTAT +int lstat(const char *path, struct stat *buf); +#endif + +#ifndef HAVE_MKSTEMP +int mkstemp(char *); +#endif + +#ifndef HAVE_INITGROUPS +int initgroups(const char *name, gid_t basegid); +#endif + +#ifndef HAVE_FCHOWN +int fchown(int fd, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_CHOWN +int chown(const char *path, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_RCMD +int rcmd(char **ahost, unsigned short inport, const char *locuser, + const char *remuser, const char *cmd, int *fd2p); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +time_t tm2time (struct tm tm, int local); + +int unix_verify_user(char *user, char *password); + +void inaddr2str(struct in_addr addr, char *s, size_t len); + +void mini_inetd (int port); + +#ifndef HAVE_STRUCT_WINSIZE +struct winsize { + unsigned short ws_row, ws_col; + unsigned short ws_xpixel, ws_ypixel; +}; +#endif + +int get_window_size(int fd, struct winsize *); + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef min +#define min(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifdef HAVE_SYSLOG_H +#include +/* Misc definitions for old syslogs */ + +#ifndef LOG_DAEMON +#define openlog(id,option,facility) openlog((id),(option)) +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#ifndef LOG_NDELAY +#define LOG_NDELAY 0x08 +#endif +#ifndef LOG_CONS +#define LOG_CONS 0 +#endif +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif +#endif + +#ifndef HAVE_OPTARG_DECLARATION +extern char *optarg; +#endif +#ifndef HAVE_OPTIND_DECLARATION +extern int optind; +#endif +#ifndef HAVE_OPTERR_DECLARATION +extern int opterr; +#endif + +#ifndef HAVE___PROGNAME_DECLARATION +extern const char *__progname; +#endif + +void set_progname(char *argv0); + +#ifdef HAVE_PATHS_H +#include +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#endif /* __ROKEN_H__ */ diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak new file mode 100644 index 0000000..d0c4a6f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.mak @@ -0,0 +1,278 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=roken - Win32 Debug +!MESSAGE No configuration specified. Defaulting to roken - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "roken - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "roken - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\roken.dll" + +CLEAN : + -@erase ".\Release\gettimeofday.obj" + -@erase ".\Release\roken.dll" + -@erase ".\Release\roken.exp" + -@erase ".\Release\roken.lib" + -@erase ".\Release\strcasecmp.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\ + "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\ + "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\ + /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Release\gettimeofday.obj" \ + ".\Release\strcasecmp.obj" + +".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\roken.dll" + +CLEAN : + -@erase ".\Debug\gettimeofday.obj" + -@erase ".\Debug\roken.dll" + -@erase ".\Debug\roken.exp" + -@erase ".\Debug\roken.ilk" + -@erase ".\Debug\roken.lib" + -@erase ".\Debug\roken.pdb" + -@erase ".\Debug\strcasecmp.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\ + "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\ + /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Debug\gettimeofday.obj" \ + ".\Debug\strcasecmp.obj" + +".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "roken - Win32 Release" +# Name "roken - Win32 Debug" + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c +DEP_CPP_GETTI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\krb\krb.h"\ + "..\krb\krb_locl.h"\ + "..\krb\prot.h"\ + "..\krb\resolve.h"\ + ".\roken.h"\ + {$(INCLUDE)}"\sys\stat.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\roken.def + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\strcasecmp.c +DEP_CPP_STRCA=\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c new file mode 100644 index 0000000..b79bdd5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setegid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $"); +#endif + +#include + +#include "roken.h" + +int +setegid(int egid) +{ +#ifdef HAVE_SETREGID + return setregid(-1, egid); +#endif + +#ifdef HAVE_SETRESGID + return setresgid(-1, egid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/setenv.c b/crypto/kerberosIV/lib/roken/setenv.c new file mode 100644 index 0000000..c83591f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setenv.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: setenv.c,v 1.8 1997/05/02 14:29:32 assar Exp $"); +#endif + +#include "roken.h" + +#include +#include + +/* + * This is the easy way out, use putenv to implement setenv. We might + * leak some memory but that is ok since we are usally about to exec + * anyway. + */ + +int +setenv(const char *var, const char *val, int rewrite) +{ + char *t; + + if (!rewrite && getenv(var) != 0) + return 0; + + asprintf (&t, "%s=%s", var, val); + if (t == NULL) + return -1; + + if (putenv(t) == 0) + return 0; + else + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c new file mode 100644 index 0000000..b831318 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/seteuid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $"); +#endif + +#include + +#include "roken.h" + +int +seteuid(int euid) +{ +#ifdef HAVE_SETREUID + return setreuid(-1, euid); +#endif + +#ifdef HAVE_SETRESUID + return setresuid(-1, euid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c new file mode 100644 index 0000000..a39a194 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/signal.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: signal.c,v 1.8 1997/04/01 08:19:09 joda Exp $"); +#endif + +#include + +/* + * We would like to always use this signal but there is a link error + * on NEXTSTEP + */ +#ifndef NeXT +/* + * Bugs: + * + * Do we need any extra hacks for SIGCLD and/or SIGCHLD? + */ + +typedef RETSIGTYPE (*SigAction)(/* int??? */); + +SigAction +signal(int iSig, SigAction pAction) +{ + struct sigaction saNew, saOld; + + saNew.sa_handler = pAction; + sigemptyset(&saNew.sa_mask); + saNew.sa_flags = 0; + + if (iSig == SIGALRM) + { +#ifdef SA_INTERRUPT + saNew.sa_flags |= SA_INTERRUPT; +#endif + } + else + { +#ifdef SA_RESTART + saNew.sa_flags |= SA_RESTART; +#endif + } + + if (sigaction(iSig, &saNew, &saOld) < 0) + return(SIG_ERR); + + return(saOld.sa_handler); +} +#endif diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c new file mode 100644 index 0000000..b0757e5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/snprintf.c @@ -0,0 +1,520 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $"); +#endif +#include +#include +#include +#include +#include +#include + +/* + * Common state + */ + +struct state { + char *str; + char *s; + char *theend; + size_t sz; + size_t max_sz; + int (*append_char)(struct state *, char); + int (*reserve)(struct state *, size_t); + /* XXX - methods */ +}; + +static int +sn_reserve (struct state *state, size_t n) +{ + return state->s + n > state->theend; +} + +static int +sn_append_char (struct state *state, char c) +{ + if (sn_reserve (state, 1)) { + *state->s++ = '\0'; + return 1; + } else { + *state->s++ = c; + return 0; + } +} + +static int +as_reserve (struct state *state, size_t n) +{ + while (state->s + n > state->theend) { + int off = state->s - state->str; + char *tmp; + + if (state->max_sz && state->sz >= state->max_sz) + return 1; + + if (state->max_sz) + state->sz = min(state->max_sz, state->sz*2); + else + state->sz *= 2; + tmp = realloc (state->str, state->sz); + if (tmp == NULL) + return 1; + state->str = tmp; + state->s = state->str + off; + state->theend = state->str + state->sz - 1; + } + return 0; +} + +static int +as_append_char (struct state *state, char c) +{ + if(as_reserve (state, 1)) + return 1; + else { + *state->s++ = c; + return 0; + } +} + +static int +append_number (struct state *state, + unsigned long num, unsigned base, char *rep, + int width, int zerop, int minusp) +{ + int i, len; + + len = 0; + if (num == 0) { + ++len; + if((*state->append_char) (state, '0')) + return 1; + } + while (num > 0) { + ++len; + if ((*state->append_char) (state, rep[num % base])) + return 1; + num /= base; + } + if (minusp) { + ++len; + if ((*state->append_char) (state, '-')) + return 1; + } + + for (i = 0; i < len / 2; ++i) { + char c; + + c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + + if (width > len) { + if ((*state->reserve) (state, width - len)) + return 1; + +#ifdef HAVE_MEMMOVE + memmove (state->s + width - 2 * len, state->s - len, len); +#else + bcopy (state->s - len, state->s + width - 2 * len, len); +#endif + for (i = 0; i < width - len; ++i) + state->s[-len+i] = (zerop ? '0' : ' '); + state->s += width - len; + + } + return 0; +} + +static int +append_string (struct state *state, + char *arg, + int prec) +{ + if (prec) { + while (*arg && prec--) + if ((*state->append_char) (state, *arg++)) + return 1; + } else { + while (*arg) + if ((*state->append_char) (state, *arg++)) + return 1; + } + return 0; +} + +/* + * This can't be made into a function... + */ + +#define PARSE_INT_FORMAT(res, arg, unsig) \ +if (long_flag) \ + res = va_arg(arg, unsig long); \ +else if (short_flag) \ + res = va_arg(arg, unsig short); \ +else \ + res = va_arg(arg, unsig int) + +/* + * zyxprintf - return 0 or -1 + */ + +static int +xyzprintf (struct state *state, const char *format, va_list ap) +{ + char c; + + while((c = *format++)) { + if (c == '%') { + int zerop = 0; + int width = 0; + int prec = 0; + int long_flag = 0; + int short_flag = 0; + + c = *format++; + + /* flags */ + if (c == '0') { + zerop = 1; + c = *format++; + } + + /* width */ + if (isdigit(c)) + do { + width = width * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if(c == '*') { + width = va_arg(ap, int); + c = *format++; + } + + /* precision */ + if (c == '.') { + c = *format++; + if (isdigit(c)) + do { + prec = prec * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if (c == '*') { + prec = va_arg(ap, int); + c = *format++; + } + } + + /* size */ + + if (c == 'h') { + short_flag = 1; + c = *format++; + } else if (c == 'l') { + long_flag = 1; + c = *format++; + } + + switch (c) { + case 'c' : + if ((*state->append_char)(state, (unsigned char)va_arg(ap, int))) + return -1; + break; + case 's' : + if (append_string(state, + va_arg(ap, char*), + prec)) + return -1; + break; + case 'd' : + case 'i' : { + long arg; + unsigned long num; + int minusp = 0; + + PARSE_INT_FORMAT(arg, ap, ); + + if (arg < 0) { + minusp = 1; + num = -arg; + } else + num = arg; + + if (append_number (state, num, 10, "0123456789", + width, zerop, minusp)) + return -1; + break; + } + case 'u' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 10, "0123456789", + width, zerop, 0)) + return -1; + break; + } + case 'o' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 010, "01234567", + width, zerop, 0)) + return -1; + break; + } + case 'x' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789abcdef", + width, zerop, 0)) + return -1; + break; + } + case 'X' :{ + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case 'p' : { + unsigned long arg = (unsigned long)va_arg(ap, void*); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case '%' : + if ((*state->append_char)(state, c)) + return -1; + break; + default : + if ( (*state->append_char)(state, '%') + || (*state->append_char)(state, c)) + return -1; + break; + } + } else + if ((*state->append_char) (state, c)) + return -1; + } + return 0; +} + +#ifndef HAVE_SNPRINTF +int +snprintf (char *str, size_t sz, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = vsnprintf (str, sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + + tmp = malloc (sz); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (ret != ret2 || strcmp(str, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return ret; +} +#endif + +#ifndef HAVE_ASPRINTF +int +asprintf (char **ret, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasprintf (ret, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_ASNPRINTF +int +asnprintf (char **ret, size_t max_sz, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasnprintf (ret, max_sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_VASPRINTF +int +vasprintf (char **ret, const char *format, va_list args) +{ + return vasnprintf (ret, 0, format, args); +} +#endif + + +#ifndef HAVE_VASNPRINTF +int +vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) +{ + int st; + size_t len; + struct state state; + + state.max_sz = max_sz; + if (max_sz) + state.sz = min(1, max_sz); + else + state.sz = 1; + state.str = malloc(state.sz); + if (state.str == NULL) { + *ret = NULL; + return -1; + } + state.s = state.str; + state.theend = state.s + state.sz - 1; + state.append_char = as_append_char; + state.reserve = as_reserve; + + st = xyzprintf (&state, format, args); + if (st) { + free (state.str); + *ret = NULL; + return -1; + } else { + char *tmp; + + *state.s = '\0'; + len = state.s - state.str; + tmp = realloc (state.str, len+1); + if (state.str == NULL) { + free (state.str); + *ret = NULL; + return -1; + } + *ret = tmp; + return len; + } +} +#endif + +#ifndef HAVE_VSNPRINTF +int +vsnprintf (char *str, size_t sz, const char *format, va_list args) +{ + struct state state; + int ret; + + state.max_sz = 0; + state.sz = sz; + state.str = str; + state.s = str; + state.theend = str + sz - 1; + state.append_char = sn_append_char; + state.reserve = sn_reserve; + + ret = xyzprintf (&state, format, args); + *state.s = '\0'; + if (ret) + return sz; + else + return state.s - state.str; +} +#endif + diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c new file mode 100644 index 0000000..a268c29 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strcasecmp.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $"); +#endif + +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#include + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +/* + * This array is designed for mapping upper and lower case letter + * together for a case independent comparison. The mappings are + * based upon ascii character sequences. + */ +static const unsigned char charmap[] = { + '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', + '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', + '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', + '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', + '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', + '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', + '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', + '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', + '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', + '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', + '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', + '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', + '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', + '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', + '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', + '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', + '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', + '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', + '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307', + '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317', + '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327', + '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337', + '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', + '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', + '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', + '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', +}; + +int +strcasecmp(const char *s1, const char *s2) +{ + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + while (cm[*us1] == cm[*us2++]) + if (*us1++ == '\0') + return (0); + return (cm[*us1] - cm[*--us2]); +} + +int +strncasecmp(const char *s1, const char *s2, size_t n) +{ + if (n != 0) { + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + do { + if (cm[*us1] != cm[*us2++]) + return (cm[*us1] - cm[*--us2]); + if (*us1++ == '\0') + break; + } while (--n != 0); + } + return (0); +} diff --git a/crypto/kerberosIV/lib/roken/strdup.c b/crypto/kerberosIV/lib/roken/strdup.c new file mode 100644 index 0000000..b16992f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strdup.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strdup.c,v 1.9 1997/04/01 08:19:10 joda Exp $"); +#endif +#include +#include + +#ifndef HAVE_STRDUP +char * +strdup(const char *old) +{ + char *t = malloc(strlen(old)+1); + if (t != 0) + strcpy(t, old); + return t; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c new file mode 100644 index 0000000..3d7b45c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strerror.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $"); +#endif + +#include +#include +#include + +extern int sys_nerr; +extern char *sys_errlist[]; + +char* +strerror(int eno) +{ + static char emsg[1024]; + + if(eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + strcpy(emsg, sys_errlist[eno]); + + return emsg; +} diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c new file mode 100644 index 0000000..3473778 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strftime.c @@ -0,0 +1,299 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#define TM_YEAR_BASE 1900 /* from */ +#include + +static char *afmt[] = { + "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", +}; +static char *Afmt[] = { + "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", + "Saturday", +}; +static char *bfmt[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", + "Oct", "Nov", "Dec", +}; +static char *Bfmt[] = { + "January", "February", "March", "April", "May", "June", "July", + "August", "September", "October", "November", "December", +}; + +static size_t gsize; +static char *pt; + +static int _add (char *); +static int _conv (int, int, int); +#ifdef HAVE_MKTIME +static int _secs (const struct tm *); +#endif /* HAVE_MKTIME */ +static size_t _fmt (const char *, const struct tm *); + +size_t +strftime(char *s, size_t maxsize, const char *format, const struct tm *t) +{ + + pt = s; + if ((gsize = maxsize) < 1) + return(0); + if (_fmt(format, t)) { + *pt = '\0'; + return(maxsize - gsize); + } + return(0); +} + +static size_t +_fmt(const char *format, const struct tm *t) +{ + for (; *format; ++format) { + if (*format == '%') + switch(*++format) { + case '\0': + --format; + break; + case 'A': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(Afmt[t->tm_wday])) + return(0); + continue; + case 'a': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(afmt[t->tm_wday])) + return(0); + continue; + case 'B': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(Bfmt[t->tm_mon])) + return(0); + continue; + case 'b': + case 'h': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(bfmt[t->tm_mon])) + return(0); + continue; + case 'C': + if (!_fmt("%a %b %e %H:%M:%S %Y", t)) + return(0); + continue; + case 'c': + if (!_fmt("%m/%d/%y %H:%M:%S", t)) + return(0); + continue; + case 'D': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'd': + if (!_conv(t->tm_mday, 2, '0')) + return(0); + continue; + case 'e': + if (!_conv(t->tm_mday, 2, ' ')) + return(0); + continue; + case 'H': + if (!_conv(t->tm_hour, 2, '0')) + return(0); + continue; + case 'I': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, '0')) + return(0); + continue; + case 'j': + if (!_conv(t->tm_yday + 1, 3, '0')) + return(0); + continue; + case 'k': + if (!_conv(t->tm_hour, 2, ' ')) + return(0); + continue; + case 'l': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, ' ')) + return(0); + continue; + case 'M': + if (!_conv(t->tm_min, 2, '0')) + return(0); + continue; + case 'm': + if (!_conv(t->tm_mon + 1, 2, '0')) + return(0); + continue; + case 'n': + if (!_add("\n")) + return(0); + continue; + case 'p': + if (!_add(t->tm_hour >= 12 ? "PM" : "AM")) + return(0); + continue; + case 'R': + if (!_fmt("%H:%M", t)) + return(0); + continue; + case 'r': + if (!_fmt("%I:%M:%S %p", t)) + return(0); + continue; + case 'S': + if (!_conv(t->tm_sec, 2, '0')) + return(0); + continue; +#ifdef HAVE_MKTIME + case 's': + if (!_secs(t)) + return(0); + continue; +#endif /* HAVE_MKTIME */ + case 'T': + case 'X': + if (!_fmt("%H:%M:%S", t)) + return(0); + continue; + case 't': + if (!_add("\t")) + return(0); + continue; + case 'U': + if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7, + 2, '0')) + return(0); + continue; + case 'W': + if (!_conv((t->tm_yday + 7 - + (t->tm_wday ? (t->tm_wday - 1) : 6)) + / 7, 2, '0')) + return(0); + continue; + case 'w': + if (!_conv(t->tm_wday, 1, '0')) + return(0); + continue; + case 'x': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'y': + if (!_conv((t->tm_year + TM_YEAR_BASE) + % 100, 2, '0')) + return(0); + continue; + case 'Y': + if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0')) + return(0); + continue; +#ifdef notdef + case 'Z': + if (!t->tm_zone || !_add(t->tm_zone)) + return(0); + continue; +#endif + case '%': + /* + * X311J/88-090 (4.12.3.5): if conversion char is + * undefined, behavior is undefined. Print out the + * character itself as printf(3) does. + */ + default: + break; + } + if (!gsize--) + return(0); + *pt++ = *format; + } + return(gsize); +} + +#ifdef HAVE_MKTIME +static int +_secs(const struct tm *t) +{ + static char buf[15]; + time_t s; + char *p; + struct tm tmp; + + /* Make a copy, mktime(3) modifies the tm struct. */ + tmp = *t; + s = mktime(&tmp); + for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10) + *p-- = s % 10 + '0'; + return(_add(++p)); +} +#endif /* HAVE_MKTIME */ + +static int +_conv(int n, int digits, int pad) +{ + static char buf[10]; + char *p; + + for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits) + *p-- = n % 10 + '0'; + while (p > buf && digits-- > 0) + *p-- = pad; + return(_add(++p)); +} + +static int +_add(str) + char *str; +{ + for (;; ++pt, --gsize) { + if (!gsize) + return(0); + if (!(*pt = *str++)) + return(1); + } +} diff --git a/crypto/kerberosIV/lib/roken/strlwr.c b/crypto/kerberosIV/lib/roken/strlwr.c new file mode 100644 index 0000000..0222d8c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strlwr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strlwr.c,v 1.3 1997/04/01 08:19:11 joda Exp $"); +#endif +#include +#include + +#include + +#ifndef HAVE_STRLWR +char * +strlwr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = tolower(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c new file mode 100644 index 0000000..51588f6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strnlen.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $"); +#endif + +#include "roken.h" + +int +strnlen(char *s, int len) +{ + int i; + for(i = 0; i < len && s[i]; i++) + ; + return i; +} diff --git a/crypto/kerberosIV/lib/roken/strtok_r.c b/crypto/kerberosIV/lib/roken/strtok_r.c new file mode 100644 index 0000000..49164d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strtok_r.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $"); +#endif + +#include + +#include "roken.h" + +#ifndef HAVE_STRTOK_R + +char * +strtok_r(char *s1, const char *s2, char **lasts) +{ + char *ret; + + if (s1 == NULL) + s1 = *lasts; + while(*s1 && strchr(s2, *s1)) + ++s1; + if(*s1 == '\0') + return NULL; + ret = s1; + while(*s1 && !strchr(s2, *s1)) + ++s1; + if(*s1) + *s1++ = '\0'; + *lasts = s1; + return ret; +} + +#endif /* HAVE_STRTOK_R */ diff --git a/crypto/kerberosIV/lib/roken/strupr.c b/crypto/kerberosIV/lib/roken/strupr.c new file mode 100644 index 0000000..c5674f7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strupr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: strupr.c,v 1.3 1997/04/01 08:19:13 joda Exp $"); +#endif +#include +#include + +#include + +#ifndef HAVE_STRUPR +char * +strupr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = toupper(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/tm2time.c b/crypto/kerberosIV/lib/roken/tm2time.c new file mode 100644 index 0000000..f4423ff --- /dev/null +++ b/crypto/kerberosIV/lib/roken/tm2time.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: tm2time.c,v 1.6 1997/04/20 05:51:30 assar Exp $"); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif +#include "roken.h" + +time_t +tm2time (struct tm tm, int local) +{ + time_t t; + + tm.tm_isdst = -1; + + t = mktime (&tm); + + if (!local) + t += t - mktime (gmtime (&t)); + return t; +} diff --git a/crypto/kerberosIV/lib/roken/unsetenv.c b/crypto/kerberosIV/lib/roken/unsetenv.c new file mode 100644 index 0000000..67fb750 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/unsetenv.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: unsetenv.c,v 1.6 1997/04/01 08:19:14 joda Exp $"); +#endif + +#include +#include + +#include "roken.h" + +extern char **environ; + +/* + * unsetenv -- + */ +void +unsetenv(const char *name) +{ + int len; + const char *np; + char **p; + + if (name == 0 || environ == 0) + return; + + for (np = name; *np && *np != '='; np++) + /* nop */; + len = np - name; + + for (p = environ; *p != 0; p++) + if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') + break; + + for (; *p != 0; p++) + *p = *(p + 1); +} + diff --git a/crypto/kerberosIV/lib/roken/verify.c b/crypto/kerberosIV/lib/roken/verify.c new file mode 100644 index 0000000..65eafcc --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verify.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: verify.c,v 1.12 1997/04/01 08:19:15 joda Exp $"); +#endif + +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_CRYPT_H +#include +#endif +#include "roken.h" + +int +unix_verify_user(char *user, char *password) +{ + struct passwd *pw; + + pw = k_getpwnam(user); + if(pw == NULL) + return -1; + if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0) + return 0; + if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0) + return 0; + return -1; +} + diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c new file mode 100644 index 0000000..f5d8f25 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verr.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +verr(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c new file mode 100644 index 0000000..bc25aa0 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verrx.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +verrx(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 0, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c new file mode 100644 index 0000000..144dd08 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarn.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +vwarn(const char *fmt, va_list ap) +{ + warnerr(0, 0, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c new file mode 100644 index 0000000..540c2a6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarnx.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +vwarnx(const char *fmt, va_list ap) +{ + warnerr(0, 0, 0, fmt, ap); +} + diff --git a/crypto/kerberosIV/lib/roken/warn.c b/crypto/kerberosIV/lib/roken/warn.c new file mode 100644 index 0000000..5af5d8d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warn.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: warn.c,v 1.5 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +warn(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarn(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c new file mode 100644 index 0000000..61fa26a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnerr.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $"); +#endif + +#include "roken.h" +#include "err.h" + +#ifndef HAVE___PROGNAME +const char *__progname; +#endif + +void +set_progname(char *argv0) +{ +#ifndef HAVE___PROGNAME + char *p; + if(argv0 == NULL) + return; + p = strrchr(argv0, '/'); + if(p == NULL) + p = argv0; + else + p++; + __progname = p; +#endif +} + +void +warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) +{ + int sverrno = errno; + if(__progname != NULL){ + fprintf(stderr, "%s", __progname); + if(fmt != NULL || doerrno) + fprintf(stderr, ": "); + } + if (fmt != NULL){ + vfprintf(stderr, fmt, ap); + if(doerrno) + fprintf(stderr, ": "); + } + if(doerrno) + fprintf(stderr, "%s", strerror(sverrno)); + fprintf(stderr, "\n"); + if(doexit) + exit(eval); +} diff --git a/crypto/kerberosIV/lib/roken/warnx.c b/crypto/kerberosIV/lib/roken/warnx.c new file mode 100644 index 0000000..bf7b076 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: warnx.c,v 1.5 1997/03/30 08:05:41 joda Exp $"); +#endif + +#include "err.h" + +void +warnx(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarnx(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h new file mode 100644 index 0000000..c3e4781 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/xdbm.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */ + +/* Generic *dbm include file */ + +#ifndef __XDBM_H__ +#define __XDBM_H__ + +#ifdef HAVE_NDBM_H +#include +#elif defined(HAVE_DBM_H) +#include +#elif defined(HAVE_RPCSVC_DBM_H) +#include +#endif + +/* Macros to convert ndbm names to dbm names. + * Note that dbm_nextkey() cannot be simply converted using a macro, since + * it is invoked giving the database, and nextkey() needs the previous key. + * + * Instead, all routines call "dbm_next" instead. + */ + +#ifndef NDBM +typedef char DBM; + +#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) +#define dbm_fetch(db, key) fetch(key) +#define dbm_store(db, key, content, flag) store(key, content) +#define dbm_delete(db, key) delete(key) +#define dbm_firstkey(db) firstkey() +#define dbm_next(db,key) nextkey(key) +#define dbm_close(db) dbmclose() +#else +#define dbm_next(db,key) dbm_nextkey(db) +#endif + +#endif /* __XDBM_H__ */ diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in new file mode 100644 index 0000000..b89799b --- /dev/null +++ b/crypto/kerberosIV/lib/sl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)sl +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) +PROGS = + +LIB_SOURCES = sl.c + +SOURCES = $(LIB_SOURCES) + +LIB_OBJECTS = sl.o + +OBJECTS = $(LIB_OBJECTS) + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) $(PROGS) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *~ + +realclean: distclean + rm -f TAGS + +$(LIBNAME).a: $(LIB_OBJECTS) + rm -f $@ + $(AR) cr $@ $(LIB_OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(LIB_OBJECTS) + +$(OBJECTS): ../../include/config.h + +.PHONY: all install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c new file mode 100644 index 0000000..adf71f5 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include +RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $"); +#endif + +#include "sl_locl.h" + +static SL_cmd * +sl_match (SL_cmd *cmds, char *cmd, int exactp) +{ + SL_cmd *c, *current = NULL, *partial_cmd = NULL; + int partial_match = 0; + + for (c = cmds; c->name; ++c) { + if (c->func) + current = c; + if (strcmp (cmd, c->name) == 0) + return current; + else if (strncmp (cmd, c->name, strlen(cmd)) == 0 && + partial_cmd != current) { + ++partial_match; + partial_cmd = current; + } + } + if (partial_match == 1 && !exactp) + return partial_cmd; + else + return NULL; +} + +void +sl_help (SL_cmd *cmds, int argc, char **argv) +{ + SL_cmd *c, *prev_c; + + if (argc == 1) { + prev_c = NULL; + for (c = cmds; c->name; ++c) { + if (c->func) { + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + prev_c = c; + printf ("%s", c->name); + } else + printf (", %s", c->name); + } + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + } else { + c = sl_match (cmds, argv[1], 0); + if (c == NULL) + printf ("No such command: %s. Try \"help\" for a list of all commands\n", + argv[1]); + else { + printf ("%s\t%s", c->name, c->usage); + if((++c)->name && c->func == NULL) { + printf ("\nSynonyms:"); + while (c->name && c->func == NULL) + printf ("\t%s", (c++)->name); + } + printf ("\n"); + } + } +} + +#ifdef HAVE_READLINE + +char *readline(char *prompt); +void add_history(char *p); + +#else + +static char * +readline(char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + return strdup(buf); +} + +static void +add_history(char *p) +{ +} + +#endif + +int +sl_loop (SL_cmd *cmds, char *prompt) +{ + unsigned max_count; + char **ptr; + + max_count = 17; + ptr = malloc(max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u bytes of memory\n", + (int) max_count * sizeof(*ptr)); + return -1; + } + + for (;;) { + char *buf; + unsigned count; + SL_cmd *c; + + buf = readline(prompt); + if(buf == NULL) + break; + + if(*buf) + add_history(buf); + count = 0; + { + char *foo = NULL; + char *p; + + for(p = strtok_r (buf, " \t", &foo); + p; + p = strtok_r (NULL, " \t", &foo)) { + if(count == max_count) { + max_count *= 2; + ptr = realloc (ptr, max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u " + "bytes of memory\n", + (unsigned) max_count * sizeof(*ptr)); + return -1; + } + } + ptr[count++] = p; + } + } + if (count > 0) { + c = sl_match (cmds, ptr[0], 0); + if (c) + (*c->func)(count, ptr); + else + printf ("Unrecognized command: %s\n", ptr[0]); + } + free(buf); + } + free (ptr); + return 0; +} diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h new file mode 100644 index 0000000..158e590 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */ + +#ifndef _SL_H +#define _SL_H + +typedef void (*cmd_func)(int, char **); + +struct sl_cmd { + char *name; + cmd_func func; + char *usage; + char *help; +}; + +typedef struct sl_cmd SL_cmd; + +void sl_help (SL_cmd *, int argc, char **argv); +int sl_loop (SL_cmd *, char *prompt); + +#endif /* _SL_H */ diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h new file mode 100644 index 0000000..ddf25bb --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl_locl.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */ + +#include +#include +#include + +#include +#include + +#include diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in new file mode 100644 index 0000000..a1b6e74 --- /dev/null +++ b/crypto/kerberosIV/man/Makefile.in @@ -0,0 +1,95 @@ +# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +mandir = @mandir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +MANRX = .*\.\([0-9]\) +CATRX = \(.*\)\.cat\([0-9]\) +CATSUFFIX=@CATSUFFIX@ + +MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \ + login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \ + rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \ + des.1 movemail.1 \ + otp.1 otpprint.1 + +CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \ + pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \ + rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \ + otp.cat1 otpprint.cat1 + +MAN3 = acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \ + krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \ + tf_util.3 + +CAT3 = getusershell.cat3 kafs.cat3 + +MAN5 = krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5 + +CAT5 = login.access.cat5 krb.equiv.cat5 ftpusers.cat5 + +MAN8 = ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \ + kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \ + popper.8 kxd.8 kerberos.8 + +CAT8 = ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \ + kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8 + +all: + +cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8) + +%.cat1: %.1 + `grog -Tascii $<` > $@ +%.cat3: %.3 + `grog -Tascii $<` > $@ +%.cat5: %.5 + `grog -Tascii $<` > $@ +%.cat8: %.8 + `grog -Tascii $<` > $@ + + +Wall: + +install: all + for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \ + $(MKINSTALLDIRS) $(mandir)/$$x; done + (cd $(srcdir); \ + for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ + s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ + $(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\ + for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ + b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ + $(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\ + done ) + +uninstall: + for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ + s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ + rm -f $(mandir)/man$$s/$$x; done + for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ + b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ + rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done + +clean: + +mostlyclean: clean + +distclean: + rm -f Makefile *~ + +realclean: + diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3 new file mode 100644 index 0000000..53bb7c8 --- /dev/null +++ b/crypto/kerberosIV/man/acl_check.3 @@ -0,0 +1,182 @@ +.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, +acl_delete, acl_initialize \- Access control list routines +.SH SYNOPSIS +.nf +.nj +.ft B +cc \-lacl \-lkrb +.PP +.ft B +#include +.PP +.ft B +acl_canonicalize_principal(principal, buf) +char *principal; +char *buf; +.PP +.ft B +acl_check(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_exact_match(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_add(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_delete(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_initialize(acl_file, mode) +char *acl_file; +int mode; +.fi +.ft R +.SH DESCRIPTION +.SS Introduction +.PP +An access control list (ACL) is a list of principals, where each +principal is represented by a text string which cannot contain +whitespace. The library allows application programs to refer to named +access control lists to test membership and to atomically add and +delete principals using a natural and intuitive interface. At +present, the names of access control lists are required to be Unix +filenames, and refer to human-readable Unix files; in the future, when +a networked ACL server is implemented, the names may refer to a +different namespace specific to the ACL service. +.PP +.SS Principal Names +.PP +Principal names have the form +.nf +.in +5n +[.][@] +.in -5n +e.g.: +.in +5n +asp +asp.root +asp@ATHENA.MIT.EDU +asp.@ATHENA.MIT.EDU +asp.root@ATHENA.MIT.EDU +.in -5n +.fi +It is possible for principals to be underspecified. If an instance is +missing, it is assumed to be "". If realm is missing, it is assumed +to be the local realm as determined by +.IR krb_get_lrealm (3). +The canonical form contains all of name, instance, +and realm; the acl_add and acl_delete routines will always +leave the file in that form. Note that the canonical form of +asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. +.SS Routines +.PP +.I acl_canonicalize_principal +stores the canonical form of +.I principal +in +.IR buf . +.I Buf +must contain enough +space to store a principal, given the limits on the sizes of name, +instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, +respectively, in +.IR /usr/include/krb.h . +.PP +.I acl_check +returns nonzero if +.I principal +appears in +.IR acl . +Returns 0 if principal +does not appear in acl, or if an error occurs. Canonicalizes +principal before checking, and allows the ACL to contain wildcards. The +only supported wildcards are entries of the form +name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the +its component field. For example, "jtkohl.*@*" would match principal +jtkohl, with any instance and any realm. +.PP +.I acl_exact_match +performs like +.IR acl_check , +but does no canonicalization or wildcard matching. +.PP +.I acl_add +atomically adds +.I principal +to +.IR acl . +Returns 0 if successful, nonzero otherwise. It is considered a failure +if +.I principal +is already in +.IR acl . +This routine will canonicalize +.IR principal , +but will treat wildcards literally. +.PP +.I acl_delete +atomically deletes +.I principal +from +.IR acl . +Returns 0 if successful, +nonzero otherwise. It is considered a failure if +.I principal +is not +already in +.IR acl . +This routine will canonicalize +.IR principal , +but will treat wildcards literally. +.PP +.I acl_initialize +initializes +.IR acl_file . +If the file +.I acl_file +does not exist, +.I acl_initialize +creates it with mode +.IR mode . +If the file +.I acl_file +exists, +.I acl_initialize +removes all members. Returns 0 if successful, +nonzero otherwise. WARNING: Mode argument is likely to change with +the eventual introduction of an ACL service. +.SH NOTES +In the presence of concurrency, there is a very small chance that +.I acl_add +or +.I acl_delete +could report success even though it would have +had no effect. This is a necessary side effect of using lock files +for concurrency control rather than flock(2), which is not supported +by NFS. +.PP +The current implementation caches ACLs in memory in a hash-table +format for increased efficiency in checking membership; one effect of +the caching scheme is that one file descriptor will be kept open for +each ACL cached, up to a maximum of 8. +.SH SEE ALSO +kerberos(3), krb_get_lrealm(3) +.SH AUTHOR +James Aspnes (MIT Project Athena) diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8 new file mode 100644 index 0000000..4f2c120 --- /dev/null +++ b/crypto/kerberosIV/man/ext_srvtab.8 @@ -0,0 +1,62 @@ +.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ext_srvtab \- extract service key files from Kerberos key distribution center database +.SH SYNOPSIS +ext_srvtab [ +.B \-n +] [ +.B \-r realm +] [ +.B hostname ... +] +.SH DESCRIPTION +.I ext_srvtab +extracts service key files from the Kerberos key distribution center +(KDC) database. +.PP +Upon execution, it prompts the user to enter the master key string for +the database. If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +For each +.I hostname +specified on the command line, +.I ext_srvtab +creates the service key file +.IR hostname -new-srvtab, +containing all the entries in the database with an instance field of +.I hostname. +This new file contains all the keys registered for Kerberos-mediated +service providing programs which use the +.IR krb_get_phost (3) +principal and instance conventions to run on the host +.IR hostname . +If the +.B \-r +option is specified, the realm fields in the extracted file will +match the given realm rather than the local realm. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +.IR hostname -new-srvtab +Service key file generated for +.I hostname +.TP +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. +.SH SEE ALSO +read_service_key(3), krb_get_phost(3) diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3 new file mode 100644 index 0000000..84dc3ad --- /dev/null +++ b/crypto/kerberosIV/man/getusershell.3 @@ -0,0 +1,99 @@ +.\" $NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)getusershell.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd June 4, 1993 +.Dt GETUSERSHELL 3 +.Os BSD 4.3 +.Sh NAME +.Nm getusershell , +.Nm setusershell , +.Nm endusershell +.Nd get legal user shells +.Sh SYNOPSIS +.Ft char * +.Fn getusershell void +.Ft void +.Fn setusershell void +.Ft void +.Fn endusershell void +.Sh DESCRIPTION +The +.Fn getusershell +function +returns a pointer to a legal user shell as defined by the +system manager in the file +.Pa /etc/shells . +If +.Pa /etc/shells +is unreadable or does not exist, +.Fn getusershell +behaves as if +.Pa /bin/sh +and +.Pa /bin/csh +were listed in the file. +.Pp +The +.Fn getusershell +function +reads the next +line (opening the file if necessary); +.Fn setusershell +rewinds the file; +.Fn endusershell +closes it. +.Sh FILES +.Bl -tag -width /etc/shells -compact +.It Pa /etc/shells +.El +.Sh DIAGNOSTICS +The routine +.Fn getusershell +returns a null pointer (0) on +.Dv EOF . +.Sh SEE ALSO +.Xr shells 5 +.Sh HISTORY +The +.Fn getusershell +function appeared in +.Bx 4.3 . +.Sh BUGS +The +.Fn getusershell +function leaves its result in an internal static object and returns +a pointer to that object. Subsequent calls to +.Fn getusershell +will modify the same object. diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8 new file mode 100644 index 0000000..3139b25 --- /dev/null +++ b/crypto/kerberosIV/man/kadmin.8 @@ -0,0 +1,176 @@ +.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kadmin \- network utility for Kerberos database administration +.SH SYNOPSIS +.B kadmin [-u user] [-r default_realm] [-m] [-t] +.SH DESCRIPTION +This utility provides a unified administration interface to +the +Kerberos +master database. +Kerberos +administrators +use +.I kadmin +to register new users and services to the master database, +and to change information about existing database entries. +For instance, an administrator can use +.I kadmin +to change a user's +Kerberos +password. +A Kerberos administrator is a user with an ``admin'' instance +whose name appears on one of the Kerberos administration access control +lists. If the \-u option is used, +.I user +will be used as the administrator instead of the local user. +If the \-r option is used, +.I default_realm +will be used as the default realm for transactions. Otherwise, +the local realm will be used by default. +If the \-m option is used, multiple requests will be permitted +on only one entry of the admin password. Some sites won't +support this option. The \-t option is used to tell kadmin to use the +existing ticket file instead of creating a new one. + +The +.I kadmin +program communicates over the network with the +.I kadmind +program, which runs on the machine housing the Kerberos master +database. +The +.I kadmind +creates new entries and makes modifications to the database. + +When you enter the +.I kadmin +command, +the program displays a message that welcomes you and explains +how to ask for help. +Then +.I kadmin +waits for you to enter commands (which are described below). +It then asks you for your +.I admin +password before accessing the database. + +All commands can be abbreviated as long as they are unique. Some +short versions of the commands are also recognized for backwards +compatibility. + +Use the +.I add_new_key +(or +.I ank +for short) +command to register a new principal +with the master database. +The command requires one argument, +the principal's name. The name +given can be fully qualified using +the standard +.I name.instance@realm +convention. +You are asked to enter your +.I admin +password, +then prompted twice to enter the principal's +new password. If no realm is specified, +the local realm is used unless another was +given on the commandline with the \-r flag. +If no instance is +specified, a null instance is used. If +a realm other than the default realm is specified, +you will need to supply your admin password for +the other realm. + +Use the +.I change_password (cpw) +to change a principal's +Kerberos +password. +The command requires one argument, +the principal's +name. +You are asked to enter your +.I admin +password, +then prompted twice to enter the principal's new password. +The name +given can be fully qualified using +the standard +.I name.instance@realm +convention. + +Use the +.I change_key (ckey) +if you have a need to change the raw key of a particular principal. +In other words, if you do not want to input a DES key instead of a +password that will get converted into a DES key. + +Use the +.I change_admin_password (cap) +to change your +.I admin +instance password. +This command requires no arguments. +It prompts you for your old +.I admin +password, then prompts you twice to enter the new +.I admin +password. If this is your first command, +the default realm is used. Otherwise, the realm +used in the last command is used. + +Use the +.I del_entry (del) +to remove an entry from the kerberos database. + +Use the +.I mod_entry (mod) +to modify a particular entry, for example to change the expire date. + +Use the +.I destroy_tickets (dest) +command to destroy your admin tickets explicitly. + +Use the +.I list_requests (lr) +command to get a list of possible commands. + +Use the +.I help +command to display +.IR kadmin's +various help messages. +If entered without an argument, +.I help +displays a general help message. +You can get detailed information on specific +.I kadmin +commands +by entering +.I help +.IR command_name . + +To quit the program, type +.IR quit . + +.SH BUGS +The user interface is primitive, and the command names could be better. + +.SH "SEE ALSO" +kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) +.br +``A Subsystem Utilities Package for UNIX'' by Ken Raeburn +.SH AUTHORS +Jeffrey I. Schiller, MIT Project Athena +.br +Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8 new file mode 100644 index 0000000..477511b --- /dev/null +++ b/crypto/kerberosIV/man/kadmind.8 @@ -0,0 +1,125 @@ +.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kadmind \- network daemon for Kerberos database administration +.SH SYNOPSIS +.B kadmind +[ +.B \-n +] [ +.B \-m +] [ +.B \-h +] [ +.B \-r realm +] [ +.B \-f filename +] [ +.B \-d dbname +] [ +.B \-a acldir +] +.SH DESCRIPTION +.I kadmind +is the network database server for the Kerberos password-changing and +administration tools. +.PP +Upon execution, it fetches the master key from the key cache file. +.PP +If the +.B \-m +option is specified, it instead prompts the user to enter the master +key string for the database. +.PP +The +.B \-n +option is a no-op and is left for compatibility reasons. +.PP +If the +.B \-r +.I realm +option is specified, the admin server will pretend that its +local realm is +.I realm +instead of the actual local realm of the host it is running on. +This makes it possible to run a server for a foreign kerberos +realm. +.PP +If the +.B \-f +.I filename +option is specified, then that file is used to hold the log information +instead of the default. +.PP +If the +.B \-d +.I dbname +option is specified, then that file is used as the database name instead +of the default. +.PP +If the +.B \-a +.I acldir +option is specified, then +.I acldir +is used as the directory in which to search for access control lists +instead of the default. +.PP +If the +.B \-h +option is specified, +.I kadmind +prints out a short summary of the permissible control arguments, and +then exits. +.PP +When performing requests on behalf of clients, +.I kadmind +checks access control lists (ACLs) to determine the authorization of the client +to perform the requested action. +Currently four distinct access types are supported: +.TP 1i +Addition +(.add ACL file). If a principal is on this list, it may add new +principals to the database. +.TP +Retrieval +(.get ACL file). If a principal is on this list, it may retrieve +database entries. NOTE: A principal's private key is never returned by +the get functions. +.TP +Modification +(.mod ACL file). If a principal is on this list, it may modify entries +in the database. +.TP +Deletions +(.del ACL file). If a principal is on this list, if may delete +entries from the database. +.PP +A principal is always granted authorization to change its own password. +.SH FILES +.TP 20n +/kerberos/admin_server.syslog +Default log file. +.TP +/kerberos +Default access control list directory. +.TP +admin_acl.{add,get,mod} +Access control list files (within the directory) +.TP +/kerberos/principal.pag, /kerberos/principal.dir +Default DBM files containing database +.TP +/.k +Master key cache file. +.SH "SEE ALSO" +kerberos(1), kpasswd(1), kadmin(8), acl_check(3) +.SH AUTHORS +Douglas A. Church, MIT Project Athena +.br +John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3 new file mode 100644 index 0000000..041fd23 --- /dev/null +++ b/crypto/kerberosIV/man/kafs.3 @@ -0,0 +1,122 @@ +.\" $Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $ +.\" +.Dd May 7, 1997 +.Os KTH-KRB +.Dt KAFS 3 +.Sh NAME +.Nm k_hasafs , +.Nm k_afsklog , +.Nm k_afsklog_uid , +.Nm k_pioctl , +.Nm k_unlog , +.Nm k_setpag , +.Nm k_afs_cell_of_file +.Nd AFS library +.Sh SYNOPSIS +.Fd #include +.Ft int +.Fn k_afsklog "char *cell" "char *realm" +.Ft int +.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid" +.Ft int +.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" +.Ft int +.Fn k_hasafs +.Ft int +.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" +.Ft int +.Fn k_setpag +.Ft int +.Fn k_unlog +.Sh DESCRIPTION +.Fn k_hasafs +initializes some library internal structures, and tests for the +presense of AFS in the kernel, none of the other functions should be +called before +.Fn k_hasafs +is called, or if it fails. + +.Fn k_afsklog , +and +.Fn k_afsklog_uid +obtains new tokens (and possibly tickets) for the specified +.Fa cell +and +.Fa realm . +If +.Fa cell +is +.Dv NULL , +the local cell is used. If +.Fa realm +is +.Dv NULL , +the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass +.Dv NULL . +.Fn k_afsklog +will use the real user-id for the +.Dv ViceId +field in the token, +.Fn k_afsklog_uid +will use +.Fa uid . + +.Fn k_afs_cell_of_file +will in +.Fa cell +return the cell of a specified file, no more than +.Fa len +characters is put in +.Fa cell . + +.Fn k_pioctl +does a +.Fn pioctl +syscall with the specified arguments. This function is equivalent to +.Fn lpioctl . + +.Fn k_setpag +initializes a new PAG. + +.Fn k_unlog +removes destroys all tokens in the current PAG. + +.Sh RETURN VALUES +.Fn k_hasafs +returns 1 if AFS is present in the kernel, 0 otherwise. +.Fn k_afsklog +and +.Fn k_afsklog_uid +returns 0 on success, or a kerberos error number on failure. +.Fn k_afs_cell_of_file , +.Fn k_pioctl , +.Fn k_setpag , +and +.Fn k_unlog +all return the value of the underlaying system call, 0 on success. +.Sh EXAMPLES +The following code from +.Nm login +will obtain a new PAG and tokens for the local cell and the cell of +the users home directory. +.Bd -literal +if (k_hasafs()) { + char cell[64]; + k_setpag(); + if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); +} +.Ed +.Sh ERRORS +If any of these functions (appart from +.Fn k_hasafs ) +is called without AFS beeing present in the kernel, the process will +usually (depending on the operating system) receive a SIGSYS signal. +.Sh SEE ALSO +.Rs +.%A Transarc Corporation +.%J AFS-3 Programmer's Reference +.%T File Server/Cache Manager Interface +.%D 1991 +.Re \ No newline at end of file diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1 new file mode 100644 index 0000000..cc71b29 --- /dev/null +++ b/crypto/kerberosIV/man/kauth.1 @@ -0,0 +1,65 @@ +.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $ +.\" +.Dd May 4, 1996 +.Dt KAUTH 1 +.Os KTH-KRB +.Sh NAME +.Nm kauth +.Nd +overworked Kerberos login program +.Sh SYNOPSIS +.Nm +.Op Fl n Ar name +.Op Fl r Ar remote user +.Op Fl t Pa remote ticket file +.Op Fl h Ar hosts... +.Op Fl l Ar lifetime +.Op Fl f Pa srvtab +.Op Fl c Ar cell +.Op Ar command ... +.Sh DESCRIPTION +The +.Nm +command obtains ticket granting tickets as well as AFS ticket and +tokens. It also does a whole lot of other stuff. +.Pp +The following flags are supported: +.Bl -tag -width xxxx +.It Fl n +Principal to get tickets for. If no other arguments are present this +can be given without the +.Fl n +flag. +.It Fl h +Remote hosts to obtain tickets for. This works similar to the MIT +Athena Kerberos 4 patchlevel 10 command +.Xr rkinit 1 , +however not in a compatible way. It requires that the remote host runs +the +.Xr kauthd 8 , +server. The +.Fl r +and +.Fl t +flags are useful only with this option. +.It Fl r +User on the remote host that should own the ticket file. +.It Fl t +Ticket file on remote host. +.It Fl l +Lifetime of tickets i minutes +.It Fl f +Srvtab to get service keys from. Default is +.Pa /etc/srvtab . +This is mainly used with batch services that need to run +authenticated. If any command is given, it will be executed in an +authenticated fashion and when the program exits the tickets are +destroyed. For long running jobs the tickets will be renewed. +.It Fl c +AFS cell to get tokens for, default is your local cell. +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr kauthd 8 +.Sh BUGS +There is no help-switch. diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8 new file mode 100644 index 0000000..4978ff2 --- /dev/null +++ b/crypto/kerberosIV/man/kauthd.8 @@ -0,0 +1,27 @@ +.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt KAUTHD 8 +.Os KTH-KRB +.Sh NAME +.Nm kauthd +.Nd +remote Kerberos login daemon +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +Daemon for the +.Xr kauth 1 +command. +.Pp +Options supported by +.Nm kauthd : +.Bl -tag -width Ds +.It Fl i +Interactive. Do not expect to be started by +.Nm inetd, +but allocate and listen to the socket yourself. Handy for testing +and debugging. +.El +.Sh SEE ALSO +.Xr kauth 1 diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8 new file mode 100644 index 0000000..c6e4739 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_destroy.8 @@ -0,0 +1,32 @@ +.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_destroy \- destroy Kerberos key distribution center database +.SH SYNOPSIS +kdb_destroy +.SH DESCRIPTION +.I kdb_destroy +deletes a Kerberos key distribution center database. +.PP +The user is prompted to verify that the database should be destroyed. A +response beginning with `y' or `Y' confirms deletion. +Any other response aborts deletion. +.SH DIAGNOSTICS +.TP 20n +"Database cannot be deleted at /var/kerberos/principal" +The attempt to delete the database failed (probably due to a system or +access permission error). +.TP +"Database not deleted." +The user aborted the deletion. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.SH SEE ALSO +kdb_init(8) diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8 new file mode 100644 index 0000000..14f7e92 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_edit.8 @@ -0,0 +1,54 @@ +.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_edit \- Kerberos key distribution center database editing utility +.SH SYNOPSIS +kdb_edit [ +.B \-n +] +.SH DESCRIPTION +.I kdb_edit +is used to create or change principals stored in the Kerberos key +distribution center (KDC) database. +.PP +When executed, +.I kdb_edit +prompts for the master key string and verifies that it matches the +master key stored in the database. +If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +Once the master key has been verified, +.I kdb_edit +begins a prompt loop. The user is prompted for the principal and +instance to be modified. If the entry is not found the user may create +it. +Once an entry is found or created, the user may set the password, +expiration date, maximum ticket lifetime, and attributes. +Default expiration dates, maximum ticket lifetimes, and attributes are +presented in brackets; if the user presses return the default is selected. +There is no default password. +The password RANDOM is interpreted specially, and if entered +the user may have the program select a random DES key for the +principal. +.PP +Upon successfully creating or changing the entry, ``Edit O.K.'' is +printed. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8 new file mode 100644 index 0000000..f019dd4 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_init.8 @@ -0,0 +1,37 @@ +.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_init \- Initialize Kerberos key distribution center database +.SH SYNOPSIS +kdb_init [ +.B realm +] +.SH DESCRIPTION +.I kdb_init +initializes a Kerberos key distribution center database, creating the +necessary principals. +.PP +If the optional +.I realm +argument is not present, +.I kdb_init +prompts for a realm name. +After determining the realm to be created, it prompts for +a master key password. The master key password is used to encrypt +every encryption key stored in the database. +.SH DIAGNOSTICS +.TP 20n +"/var/kerberos/principal: File exists" +An attempt was made to create a database on a machine which already had +an existing database. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.SH SEE ALSO +kdb_destroy(8) diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8 new file mode 100644 index 0000000..0e3c201 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_util.8 @@ -0,0 +1,68 @@ +.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_util \- Kerberos key distribution center database utility +.SH SYNOPSIS +kdb_util +.B operation filename +.SH DESCRIPTION +.I kdb_util +allows the Kerberos key distribution center (KDC) database administrator to +perform utility functions on the database. +.PP +.I Operation +must be one of the following: +.TP 10n +.I load +initializes the KDC database with the records described by the +text contained in the file +.IR filename . +Any existing database is overwritten. +.TP +.I dump +dumps the KDC database into a text representation in the file +.IR filename . +.TP +.I slave_dump +performs a database dump like the +.I dump +operation, and additionally creates a semaphore file signalling the +propagation software that an update is available for distribution to +slave KDC databases. +.TP +.I merge +merges in the entries from +.IR filename +into the database. +.TP +.I new_master_key +prompts for the old and new master key strings, and then dumps the KDC +database into a text representation in the file +.IR filename . +The keys in the text representation are encrypted in the new master key. +.TP +.I convert_old_db +prompts for the master key string, and then dumps the KDC database into +a text representation in the file +.IR filename . +The existing database is assumed to be encrypted using the old format +(encrypted by the key schedule of the master key); the dumped database +is encrypted using the new format (encrypted directly with master key). +.PP +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +/kerberos/principal.pag, /kerberos/principal.dir +DBM files containing database +.TP +.IR filename .ok +semaphore file created by +.IR slave_dump. diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1 new file mode 100644 index 0000000..66ffd39 --- /dev/null +++ b/crypto/kerberosIV/man/kdestroy.1 @@ -0,0 +1,88 @@ +.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdestroy \- destroy Kerberos tickets +.SH SYNOPSIS +.B kdestroy +[ +.B \-f +] +[ +.B \-q +] +[ +.B \-t +] +.SH DESCRIPTION +The +.I kdestroy +utility destroys the user's active +Kerberos +authorization tickets by writing zeros to the file that contains them. +If the ticket file does not exist, +.I kdestroy +displays a message to that effect. +.PP +After overwriting the file, +.I kdestroy +removes the file from the system. +The utility +displays a message indicating the success or failure of the +operation. +If +.I kdestroy +is unable to destroy the ticket file, +the utility will warn you by making your terminal beep. +.PP +In the Athena workstation environment, +the +.I toehold +service automatically destroys your tickets when you +end a workstation session. +If your site does not provide a similar ticket-destroying mechanism, +you can place the +.I kdestroy +command in your +.I .logout +file so that your tickets are destroyed automatically +when you logout. +.PP +The options to +.I kdestroy +are as follows: +.TP 7 +.B \-f +.I kdestroy +runs without displaying the status message. +.TP +.B \-q +.I kdestroy +will not make your terminal beep if it fails to destroy the tickets. +.TP +.B \-t +.I kdestroy +will not remove any afs-tokens. Without this flag the tokens +associated with the current PAG is destroyed. +.SH FILES +KRBTKFILE environment variable if set, otherwise +.br +/tmp/tkt[uid] +.SH SEE ALSO +kerberos(1), kinit(1), klist(1) +.SH BUGS +.PP +Only the tickets in the user's current ticket file are destroyed. +Separate ticket files are used to hold root instance and password +changing tickets. These files should probably be destroyed too, or +all of a user's tickets kept in a single ticket file. +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena +.br +Bill Sommerfeld, MIT Project Athena diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1 new file mode 100644 index 0000000..aced5a5 --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.1 @@ -0,0 +1,258 @@ +.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kerberos \- introduction to the Kerberos system + +.SH DESCRIPTION +The +Kerberos +system authenticates +individual users in a network environment. +After authenticating yourself to +Kerberos, +you can use network utilities such as +.IR rlogin , +.IR rcp , +and +.IR rsh +without +having to present passwords to remote hosts and without having to bother +with +.I \.rhosts +files. +Note that these utilities will work without passwords only if +the remote machines you deal with +support the +Kerberos +system. +All Athena timesharing machines and public workstations support +Kerberos. +.PP +Before you can use +Kerberos, +you must register as an Athena user, +and you must make sure you have been added to +the +Kerberos +database. +You can use the +.I kinit +command to find out. +This command +tries to log you into the +Kerberos +system. +.I kinit +will prompt you for a username and password. +Enter your username and password. +If the utility lets you login without giving you a message, +you have already been registered. +.PP +If you enter your username and +.I kinit +responds with this message: +.nf + +Principal unknown (kerberos) + +.fi +you haven't been registered as a +Kerberos +user. +See your system administrator. +.PP +A Kerberos name contains three parts. +The first is the +.I principal name, +which is usually a user's or service's name. +The second is the +.I instance, +which in the case of a user is usually null. +Some users may have privileged instances, however, +such as ``root'' or ``admin''. +In the case of a service, the instance is the +name of the machine on which it runs; i.e. there +can be an +.I rlogin +service running on the machine ABC, which +is different from the rlogin service running on +the machine XYZ. +The third part of a Kerberos name +is the +.I realm. +The realm corresponds to the Kerberos service providing +authentication for the principal. +For example, at MIT there is a Kerberos running at the +Laboratory for Computer Science and one running at +Project Athena. +.PP +When writing a Kerberos name, the principal name is +separated from the instance (if not null) by a period, +and the realm (if not the local realm) follows, preceded by +an ``@'' sign. +The following are examples of valid Kerberos names: +.sp +.nf +.in +8 +billb +jis.admin +srz@lcs.mit.edu +treese.root@athena.mit.edu +.in -8 +.fi +.PP +When you authenticate yourself with +Kerberos, +through either the workstation +.I toehold +system or the +.I kinit +command, +Kerberos +gives you an initial +Kerberos +.IR ticket . +(A +Kerberos +ticket +is an encrypted protocol message that provides authentication.) +Kerberos +uses this ticket for network utilities +such as +.I rlogin +and +.IR rcp . +The ticket transactions are done transparently, +so you don't have to worry about their management. +.PP +Note, however, that tickets expire. +Privileged tickets, such as root instance tickets, +expire in a few minutes, while tickets that carry more ordinary +privileges may be good for several hours or a day, depending on the +installation's policy. +If your login session extends beyond the time limit, +you will have to re-authenticate yourself to +Kerberos +to get new tickets. +Use the +.IR kinit +command to re-authenticate yourself. +.PP +If you use the +.I kinit +command to get your tickets, +make sure you use the +.I kdestroy +command +to destroy your tickets before you end your login session. +You should probably put the +.I kdestroy +command in your +.I \.logout +file so that your tickets will be destroyed automatically when you logout. +For more information about the +.I kinit +and +.I kdestroy +commands, +see the +.I kinit(1) +and +.I kdestroy(1) +manual pages. +.PP +Currently, +Kerberos +supports the following network services: +.IR rlogin , +.IR rsh , +and +.IR rcp . +Other services are being worked on, +such as the +.IR pop +mail system and NFS (network file system), +but are not yet available. + +.SH "SEE ALSO" +kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), +kadmin(8) +.SH BUGS +Kerberos +will not do authentication forwarding. +In other words, +if you use +.I rlogin +to login to a remote host, +you cannot use +Kerberos +services from that host +until you authenticate yourself explicitly on that host. +Although you may need to authenticate yourself on the remote +host, +be aware that when you do so, +.I rlogin +sends your password across the network in clear text. + +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena + +The following people helped out on various aspects of the system: + +Jeff Schiller designed and wrote the administration server and its +user interface, kadmin. +He also wrote the dbm version of the database management system. + +Mark Colan developed the +Kerberos +versions of +.IR rlogin , +.IR rsh , +and +.IR rcp , +as well as contributing work on the servers. + +John Ostlund developed the +Kerberos +versions of +.I passwd +and +.IR userreg . + +Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), +and made many contributions based on that experience. + +Many people contributed code and/or useful ideas, including +Jim Aspnes, +Bob Baldwin, +John Barba, +Richard Basch, +Jim Bloom, +Bill Bryant, +Rob French, +Dan Geer, +David Jedlinsky, +John Kohl, +John Kubiatowicz, +Bob McKie, +Brian Murphy, +Ken Raeburn, +Chris Reed, +Jon Rochlis, +Mike Shanzer, +Bill Sommerfeld, +Jennifer Steiner, +Ted Ts'o, +and +Win Treese. + +.SH RESTRICTIONS + +COPYRIGHT 1985,1986 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3 new file mode 100644 index 0000000..71da54d --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.3 @@ -0,0 +1,460 @@ +.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, +krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, +krb_rd_err, krb_ck_repl \- Kerberos authentication library +.SH SYNOPSIS +.nf +.nj +.ft B +#include +#include +.PP +.ft B +extern char *krb_err_txt[]; +.PP +.ft B +int krb_mk_req(authent,service,instance,realm,checksum) +KTEXT authent; +char *service; +char *instance; +char *realm; +u_long checksum; +.PP +.ft B +int krb_rd_req(authent,service,instance,from_addr,ad,fn) +KTEXT authent; +char *service; +char *instance; +u_long from_addr; +AUTH_DAT *ad; +char *fn; +.PP +.ft B +int krb_kntoln(ad,lname) +AUTH_DAT *ad; +char *lname; +.PP +.ft B +int krb_set_key(key,cvt) +char *key; +int cvt; +.PP +.ft B +int krb_get_cred(service,instance,realm,c) +char *service; +char *instance; +char *realm; +CREDENTIALS *c; +.PP +.ft B +long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) +u_char *in; +u_char *out; +u_long in_length; +des_cblock key; +des_key_schedule schedule; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +.PP +.ft B +long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) +u_char *in; +u_long in_length; +Key_schedule schedule; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +MSG_DAT *msg_data; +.PP +.ft B +long krb_mk_safe(in,out,in_length,key,sender,receiver) +u_char *in; +u_char *out; +u_long in_length; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +.PP +.ft B +long krb_rd_safe(in,length,key,sender,receiver,msg_data) +u_char *in; +u_long length; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +MSG_DAT *msg_data; +.PP +.ft B +long krb_mk_err(out,code,string) +u_char *out; +long code; +char *string; +.PP +.ft B +long krb_rd_err(in,length,code,msg_data) +u_char *in; +u_long length; +long code; +MSG_DAT *msg_data; +.fi +.ft R +.SH DESCRIPTION +This library supports network authentication and various related +operations. The library contains many routines beyond those described +in this man page, but they are not intended to be used directly. +Instead, they are called by the routines that are described, the +authentication server and the login program. +.PP +.I krb_err_txt[] +contains text string descriptions of various Kerberos error codes returned +by some of the routines below. +.PP +.I krb_mk_req +takes a pointer to a text structure in which an authenticator is to be +built. It also takes the name, instance, and realm of the service to be +used and an optional checksum. It is up to the application to decide +how to generate the checksum. +.I krb_mk_req +then retrieves a ticket for the desired service and creates an +authenticator. The authenticator is built in +.I authent +and is accessible +to the calling procedure. +.PP +It is up to the application to get the authenticator to the service +where it will be read by +.I krb_rd_req. +Unless an attacker posesses the session key contained in the ticket, it +will be unable to modify the authenticator. Thus, the checksum can be +used to verify the authenticity of the other data that will pass through +a connection. +.PP +.I krb_rd_req +takes an authenticator of type +.B KTEXT, +a service name, an instance, the address of the +host originating the request, and a pointer to a structure of type +.B AUTH_DAT +which is filled in with information obtained from the authenticator. +It also optionally takes the name of the file in which it will find the +secret key(s) for the service. +If the supplied +.I instance +contains "*", then the first service key with the same service name +found in the service key file will be used, and the +.I instance +argument will be filled in with the chosen instance. This means that +the caller must provide space for such an instance name. +.PP +It is used to find out information about the principal when a request +has been made to a service. It is up to the application protocol to get +the authenticator from the client to the service. The authenticator is +then passed to +.I krb_rd_req +to extract the desired information. +.PP +.I krb_rd_req +returns zero (RD_AP_OK) upon successful authentication. If a packet was +forged, modified, or replayed, authentication will fail. If the +authentication fails, a non-zero value is returned indicating the +particular problem encountered. See +.I krb.h +for the list of error codes. +.PP +If the last argument is the null string (""), krb_rd_req will use the +file /etc/srvtab to find its keys. If the last argument is NULL, it +will assume that the key has been set by +.I krb_set_key +and will not bother looking further. +.PP +.I krb_kntoln +converts a Kerberos name to a local name. It takes a structure +of type AUTH_DAT and uses the name and instance to look in the database +/etc/aname to find the corresponding local name. The local name is +returned and can be used by an application to change uids, directories, +or other parameters. It is not an integral part of Kerberos, but is +instead provided to support the use of Kerberos in existing utilities. +.PP +.I krb_set_key +takes as an argument a des key. It then creates +a key schedule from it and saves the original key to be used as an +initialization vector. +It is used to set the server's key which +must be used to decrypt tickets. +.PP +If called with a non-zero second argument, +.I krb_set_key +will first convert the input from a string of arbitrary length to a DES +key by encrypting it with a one-way function. +.PP +In most cases it should not be necessary to call +.I krb_set_key. +The necessary keys will usually be obtained and set inside +.I krb_rd_req. krb_set_key +is provided for those applications that do not wish to place the +application keys on disk. +.PP +.I krb_get_cred +searches the caller's ticket file for a ticket for the given service, instance, +and realm; and, if a ticket is found, fills in the given CREDENTIALS structure +with the ticket information. +.PP +If the ticket was found, +.I krb_get_cred +returns GC_OK. +If the ticket file can't be found, can't be read, doesn't belong to +the user (other than root), isn't a regular file, or is in the wrong +mode, the error GC_TKFIL is returned. +.PP +.I krb_mk_priv +creates an encrypted, authenticated +message from any arbitrary application data, pointed to by +.I in +and +.I in_length +bytes long. +The private session key, pointed to by +.I key +and the key schedule, +.I schedule, +are used to encrypt the data and some header information using +.I pcbc_encrypt. +.I sender +and +.I receiver +point to the Internet address of the two parties. +In addition to providing privacy, this protocol message protects +against modifications, insertions or replays. The encapsulated message and +header are placed in the area pointed to by +.I out +and the routine returns the length of the output, or -1 indicating +an error. +.PP +.I krb_rd_priv +decrypts and authenticates a received +.I krb_mk_priv +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +The private session key, pointed to by +.I key, +and the key schedule, +.I schedule, +are used to decrypt and verify the received message. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h. +The routine fills in the +.I app_data +field with a pointer to the decrypted application data, +.I app_length +with the length of the +.I app_data +field, +.I time_sec +and +.I time_5ms +with the timestamps in the message, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. (The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). The +.I hash +field returns a value useful as input to the +.I krb_ck_repl +routine. + +The routine returns zero if ok, or a Kerberos error code. Modified messages +and old messages cause errors, but it is up to the caller to +check the time sequence of messages, and to check against recently replayed +messages using +.I krb_ck_repl +if so desired. +.PP +.I krb_mk_safe +creates an authenticated, but unencrypted message from any arbitrary +application data, +pointed to by +.I in +and +.I in_length +bytes long. +The private session key, pointed to by +.I key, +is used to seed the +.I quad_cksum() +checksum algorithm used as part of the authentication. +.I sender +and +.I receiver +point to the Internet address of the two parties. +This message does not provide privacy, but does protect (via detection) +against modifications, insertions or replays. The encapsulated message and +header are placed in the area pointed to by +.I out +and the routine returns the length of the output, or -1 indicating +an error. +The authentication provided by this routine is not as strong as that +provided by +.I krb_mk_priv +or by computing the checksum using +.I cbc_cksum +instead, both of which authenticate via DES. +.PP + +.I krb_rd_safe +authenticates a received +.I krb_mk_safe +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +The private session key, pointed to by +.I key, +is used to seed the quad_cksum() routine as part of the authentication. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h . +The routine fills in these +.I MSG_DAT +fields: +the +.I app_data +field with a pointer to the application data, +.I app_length +with the length of the +.I app_data +field, +.I time_sec +and +.I time_5ms +with the timestamps in the message, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. +(The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). The +.I hash +field returns a value useful as input to the +.I krb_ck_repl +routine. + +The routine returns zero if ok, or a Kerberos error code. Modified messages +and old messages cause errors, but it is up to the caller to +check the time sequence of messages, and to check against recently replayed +messages using +.I krb_ck_repl +if so desired. +.PP +.I krb_mk_err +constructs an application level error message that may be used along +with +.I krb_mk_priv +or +.I krb_mk_safe. +.I out +is a pointer to the output buffer, +.I code +is an application specific error code, and +.I string +is an application specific error string. + +.PP +.I krb_rd_err +unpacks a received +.I krb_mk_err +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +.I code +is a pointer to a value to be filled in with the error +value provided by the application. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h . +The routine fills in these +.I MSG_DAT +fields: the +.I app_data +field with a pointer to the application error text, +.I app_length +with the length of the +.I app_data +field, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. (The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). + +The routine returns zero if the error message has been successfully received, +or a Kerberos error code. +.PP +The +.I KTEXT +structure is used to pass around text of varying lengths. It consists +of a buffer for the data, and a length. krb_rd_req takes an argument of this +type containing the authenticator, and krb_mk_req returns the +authenticator in a structure of this type. KTEXT itself is really a +pointer to the structure. The actual structure is of type KTEXT_ST. +.PP +The +.I AUTH_DAT +structure is filled in by krb_rd_req. It must be allocated before +calling krb_rd_req, and a pointer to it is passed. The structure is +filled in with data obtained from Kerberos. +.I MSG_DAT +structure is filled in by either krb_rd_priv, krb_rd_safe, or +krb_rd_err. It must be allocated before the call and a pointer to it +is passed. The structure is +filled in with data obtained from Kerberos. +.PP +.SH FILES +/usr/include/krb.h +.br +/usr/lib/libkrb.a +.br +/usr/include/des.h +.br +/usr/lib/libdes.a +.br +/etc/aname +.br +/etc/srvtab +.br +/tmp/tkt[uid] +.SH "SEE ALSO" +kerberos(1), des_crypt(3) +.SH DIAGNOSTICS +.SH BUGS +The caller of +.I krb_rd_req, krb_rd_priv, and krb_rd_safe +must check time order and for replay attempts. +.I krb_ck_repl +is not implemented yet. +.SH AUTHORS +Clifford Neuman, MIT Project Athena +.br +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.SH RESTRICTIONS +COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 new file mode 100644 index 0000000..6a64c57 --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.8 @@ -0,0 +1,44 @@ +.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $ +.\" +.Dd November 14, 1996 +.Dt KERBEROS 8 +.Os KTH-KRB +.Sh NAME +.Nm kerberos +.Nd The kerberos daemon +.Sh SYNPOSIS +.Nm +.Op Fl snm +.Op Fl p Ar pause +.Op Fl a Ar max age +.Op Fl l Ar log +.Op Fl r Ar realm +.Ar database +.Sh DESCRIPTION +This is the +.Nm +daemon. +.Pp +Options: +.Bl -tag -width -ident +.It Fl s +Set slave parameters. This will enable check to see if data is +getting too stale relative to the master. +.It Fl n +Do not check max age. +.It Fl m +Run manually and prompt for master key. +.It Fl p +Pause for +.Ar pause +before dying. +.It Fl a +Set the +.Ar max age +before the database is considered stale. +.It Fl l +Write the log to +.Ar log +.It Fl r +Run as a server for realm +.Ar realm diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1 new file mode 100644 index 0000000..b70ce4b --- /dev/null +++ b/crypto/kerberosIV/man/kinit.1 @@ -0,0 +1,136 @@ +.\" $Id: kinit.1,v 1.3 1997/04/02 21:09:55 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kinit \- Kerberos login utility +.SH SYNOPSIS +.B kinit +[ +.B \-irvlp +] +.SH DESCRIPTION +The +.I kinit +command is used to login to the +Kerberos +authentication and authorization system. +Note that only registered +Kerberos +users can use the +Kerberos +system. +For information about registering as a +Kerberos +user, +see the +.I kerberos(1) +manual page. +.PP +If you are logged in to a workstation that is running the +.I toehold +service, +you do not have to use +.I kinit. +The +.I toehold +login procedure will log you into +Kerberos +automatically. +You will need to use +.I kinit +only in those situations in which +your original tickets have expired. +(Tickets expire in about a day.) +Note as well that +.I toehold +will automatically destroy your tickets when you logout from the workstation. +.PP +When you use +.I kinit +without options, +the utility +prompts for your username and Kerberos password, +and tries to authenticate your login with the local +Kerberos +server. +.PP +If +Kerberos +authenticates the login attempt, +.I kinit +retrieves your initial ticket and puts it in the ticket file specified by +your KRBTKFILE environment variable. +If this variable is undefined, +your ticket will be stored in the +.IR /tmp +directory, +in the file +.I tktuid , +where +.I uid +specifies your user identification number. +.PP +If you have logged in to +Kerberos +without the benefit of the workstation +.I toehold +system, +make sure you use the +.I kdestroy +command to destroy any active tickets before you end your login session. +You may want to put the +.I kdestroy +command in your +.I \.logout +file so that your tickets will be destroyed automatically when you logout. +.PP +The options to +.I kinit +are as follows: +.TP 7 +.B \-i +.I kinit +prompts you for a +Kerberos +instance. +.TP +.B \-r +.I kinit +prompts you for a +Kerberos +realm. +This option lets you authenticate yourself with a remote +Kerberos +server. +.TP +.B \-v +Verbose mode. +.I kinit +prints the name of the ticket file used, and +a status message indicating the success or failure of +your login attempt. +.TP +.B \-l +.I kinit +prompts you for a ticket lifetime in minutes. Due to protocol +restrictions in Kerberos Version 4, this value must be between 5 and +1275 minutes. +.TP +.B \-p +.I kinit +will acquires a ticket for chpass.kerberos. +.SH SEE ALSO +.PP +kerberos(1), kdestroy(1), klist(1), toehold(1) +.SH BUGS +The +.B \-r +option has not been fully implemented. +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1 new file mode 100644 index 0000000..76dec02 --- /dev/null +++ b/crypto/kerberosIV/man/klist.1 @@ -0,0 +1,83 @@ +.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +klist \- list currently held Kerberos tickets +.SH SYNOPSIS +.B klist +[ +\fB\-s \fR|\fB \-t\fR +] [ +.B \-file +name ] [ +.B \-srvtab +] +.br +.SH DESCRIPTION +.I klist +prints the name of the tickets file and the +identity of the principal the tickets are for (as listed in the +tickets file), and +lists the principal names of all Kerberos tickets currently held by +the user, along with the issue and expire time for each authenticator. +Principal names are listed in the form +.I name.instance@realm, +with the '.' omitted if the instance is null, +and the '@' omitted if the realm is null. + +If given the +.B \-s +option, +.I klist +does not print the issue and expire times, the name of the tickets file, +or the identity of the principal. + +If given the +.B \-t +option, +.B klist +checks for the existence of a non-expired ticket-granting-ticket in the +ticket file. If one is present, it exits with status 0, else it exits +with status 1. No output is generated when this option is specified. + +If given the +.B \-file +option, the following argument is used as the ticket file. +Otherwise, if the +.B KRBTKFILE +environment variable is set, it is used. +If this environment variable +is not set, the file +.B /tmp/tkt[uid] +is used, where +.B uid +is the current user-id of the user. + +If given the +.B \-srvtab +option, the file is treated as a service key file, and the names of the +keys contained therein are printed. If no file is +specified with a +.B \-file +option, the default is +.IR /etc/srvtab . +.SH FILES +.TP 2i +/etc/krb.conf +to get the name of the local realm +.TP +/tmp/tkt[uid] +as the default ticket file ([uid] is the decimal UID of the user). +.TP +/etc/srvtab +as the default service key file +.SH SEE ALSO +.PP +kerberos(1), kinit(1), kdestroy(1) +.SH BUGS +When reading a file as a service key file, very little sanity or error +checking is performed. diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8 new file mode 100644 index 0000000..376f715 --- /dev/null +++ b/crypto/kerberosIV/man/kprop.8 @@ -0,0 +1,58 @@ +.\" $Id: kprop.8,v 1.2 1996/06/15 17:03:22 assar Exp $ +.\" +.Dd June 7, 1996 +.Dt KPROP 8 +.Os KTH-KRB +.Sh NAME +.Nm kprop +.Nd +the kerberos slave server update client +.Sh SYNOPSIS +.Nm +.Op Fl force +.Op Fl realm Ar realm +.Op Ar dump-file +.Op Ar slave-file +.Sh DESCRIPTION +Changes to the database, such as changed passwords, are only made to +the master server through the +.Nm kadmind +service. To propagate these changes to the slave servers, +.Nm +should be run regularly on the master server. + +The following options are recognised. + +.Bl -tag -width -force +.It Fl force +Propagate even if there hasn't been an update to the dump file since +last time. +.It Fl realm +Realm if other than the default. +.It dump-file +is a file created with +.Ic kdb_util slave_dump , +default is +.Pa /var/kerberos/slave_dump . +.It slave-file +Contains the names of the slave servers. Default is +.Pa /var/kerberos/slaves . +.El + +.Nm +will use the principal +.Nm rcmd.kerberos +to authenticate to the master servers. This principal has to be added +to the database, and it should also be put into the service key file +on the master server. + +.Sh FILES +.Bl -tag -width indent -compact +.It Pa /var/kerberos/slave_dump +.It Pa /var/kerberos/slaves +.It Pa /etc/srvtab +.El +.Sh SEE ALSO +.Xr kpropd 8 , +.Xr kerberos 8 , +.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8 new file mode 100644 index 0000000..d1dbd16 --- /dev/null +++ b/crypto/kerberosIV/man/kpropd.8 @@ -0,0 +1,63 @@ +.\" $Id: kpropd.8,v 1.2 1997/02/07 22:04:55 assar Exp $ +.\" +.Dd June 7, 1996 +.Dt KPROPD 8 +.Os KTH-KRB +.Sh NAME +.Nm kpropd +.Nd +the kerberos slave server update facility +.Sh SYNOPSIS +.Nm +.Op Fl i +.Op Fl d Ar database +.Op Fl l Ar logfile +.Op Fl m +.Op Fl p Ar kdb_util +.Op Fl r Ar realm +.Op Fl s Ar srvtab +.Sh DESCRIPTION +The +.Nm +responds to database update requests from the +.Nm kprop +command. It can either be started from +.Nm inetd +or as an ordinary program. + +The following options are recognised: + +.Bl -tag -width xxxx +.It Fl i +Run stand-alone. If this flag is not given, it is assumed to have +been started by +.Nm inetd . +.It Fl d +What database file to use, default is +.Pa /var/kerberos/principal . +.It Fl l +Logfile to use, default is +.Pa /var/log/kpropd.log . +.It Fl m +Treat data as changes to the database rather than a complete database. +.It Fl p +The path to +.Nm kdb_util , +default is +.Pa /usr/athena/sbin/kdb_util . +.It Fl r +Realm if other than the default realm. +.It Fl s +Srvtab if other than +.Pa /etc/srvtab . +.El +.Sh FILES +.Bl -tag -width indent -compact +.It Pa /var/kerberos/principal.{db,dir,pag} +.It Pa /var/log/kpropd.log +.It Pa /etc/srvtab +.El +.Sh SEE ALSO +.Xr kprop 8 , +.Xr kerberos 8 , +.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5 new file mode 100644 index 0000000..b122b9c --- /dev/null +++ b/crypto/kerberosIV/man/krb.conf.5 @@ -0,0 +1,31 @@ +.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +/etc/krb.conf \- Kerberos configuration file +.SH DESCRIPTION +.I krb.conf +contains configuration information describing the Kerberos realm and the +Kerberos key distribution center (KDC) servers for known realms. +.PP +.I krb.conf +contains the name of the local realm in the first +line, followed by lines indicating realm/host +entries. The first token is a realm name, and the second is the hostname +of a host running a KDC for that realm. +The words "admin server" following the hostname indicate that +the host also provides an administrative database server. +For example: +.nf +.in +1i +ATHENA.MIT.EDU +ATHENA.MIT.EDU kerberos-1.mit.edu admin server +ATHENA.MIT.EDU kerberos-2.mit.edu +LCS.MIT.EDU kerberos.lcs.mit.edu admin server +.in -1i +.SH SEE ALSO +krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3) diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5 new file mode 100644 index 0000000..e38f94b --- /dev/null +++ b/crypto/kerberosIV/man/krb.equiv.5 @@ -0,0 +1,28 @@ +.\" $Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $ +.\" +.Dd June 18, 1996 +.Dt KRB.EQUIV 5 +.Os KTH-KRB +.Sh NAME +.Nm krb.equiv +.Nd +Kerberos equivalent hosts file +.Sh DESCRIPTION +.Nm +contains a list of IP addresses that is to be considered being the +same host for Kerberos purposes. Plain addresses match a single +host. Addresses followed by a slash (/) and a number is taken as a +sub-network that should be considered equal. +.Pp +Hash (#) starts a comment. Backslash (\\) is a continuation character. +.Sh EXAMPLES +.Bd -literal +# A machine with two interfaces. +130.237.232.113 130.237.221.42 # emma emma-ether +# A machine with *many* interfaces +193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps +.Ed +.Sh SEE ALSO +.Xr krb_equiv 3 , +.Xr krb.conf 5 , +.Xr krb.realms 5 diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5 new file mode 100644 index 0000000..427c455 --- /dev/null +++ b/crypto/kerberosIV/man/krb.realms.5 @@ -0,0 +1,38 @@ +.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +/etc/krb.realms \- host to Kerberos realm translation file +.SH DESCRIPTION +.I krb.realms +provides a translation from a hostname to the Kerberos realm name for +the services provided by that host. +.PP +Each line of the translation file is in one of the following forms +(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU): +.nf +.in +5n +host_name kerberos_realm +domain_name kerberos_realm +.in -5n +.fi +If a hostname exactly matches the +.I host_name +field in a line of the first +form, the corresponding realm is the realm of the host. +If a hostname does not match any +.I host_name +in the file, but its +domain exactly matches the +.I domain_name +field in a line of the second +form, the corresponding realm is the realm of the host. +.PP +If no translation entry applies, the host's realm is considered to be +the hostname's domain portion converted to upper case. +.SH SEE ALSO +krb_realmofhost(3) diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3 new file mode 100644 index 0000000..ddbda74 --- /dev/null +++ b/crypto/kerberosIV/man/krb_realmofhost.3 @@ -0,0 +1,160 @@ +.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, +krb_get_lrealm \- additional Kerberos utility routines +.SH SYNOPSIS +.nf +.nj +.ft B +#include +#include +#include +.PP +.ft B +char *krb_realmofhost(host) +char *host; +.PP +.ft B +char *krb_get_phost(alias) +char *alias; +.PP +.ft B +krb_get_krbhst(host,realm,n) +char *host; +char *realm; +int n; +.PP +.ft B +krb_get_admhst(host,realm,n) +char *host; +char *realm; +int n; +.PP +.ft B +krb_get_lrealm(realm,n) +char *realm; +int n; +.fi +.ft R +.SH DESCRIPTION +.I krb_realmofhost +returns the Kerberos realm of the host +.IR host , +as determined by the translation table +.IR /etc/krb.realms . +.I host +should be the fully-qualified domain-style primary host name of the host +in question. In order to prevent certain security attacks, this routine +must either have +.I a priori +knowledge of a host's realm, or obtain such information securely. +.PP +The format of the translation file is described by +.IR krb.realms (5). +If +.I host +exactly matches a host_name line, the corresponding realm +is returned. +Otherwise, if the domain portion of +.I host +matches a domain_name line, the corresponding realm +is returned. +If +.I host +contains a domain, but no translation is found, +.IR host 's +domain is converted to upper-case and returned. +If +.I host +contains no discernable domain, or an error occurs, +the local realm name, as supplied by +.IR krb_get_lrealm (3), +is returned. +.PP +.I krb_get_phost +converts the hostname +.I alias +(which can be either an official name or an alias) into the instance +name to be used in obtaining Kerberos tickets for most services, +including the Berkeley rcmd suite (rlogin, rcp, rsh). +.br +The current convention is to return the first segment of the official +domain-style name after conversion to lower case. +.PP +.I krb_get_krbhst +fills in +.I host +with the hostname of the +.IR n th +host running a Kerberos key distribution center (KDC) +for realm +.IR realm , +as specified in the configuration file (\fI/etc/krb.conf\fR). +The configuration file is described by +.IR krb.conf (5). +If the host is successfully filled in, the routine +returns KSUCCESS. +If the file cannot be opened, and +.I n +equals 1, then the value of KRB_HOST as defined in +.I +is filled in, and KSUCCESS is returned. If there are fewer than +.I n +hosts running a Kerberos KDC for the requested realm, or the +configuration file is malformed, the routine +returns KFAILURE. +.PP +.I krb_get_admhst +fills in +.I host +with the hostname of the +.IR n th +host running a Kerberos KDC database administration server +for realm +.IR realm , +as specified in the configuration file (\fI/etc/krb.conf\fR). +If the file cannot be opened or is malformed, or there are fewer than +.I n +hosts running a Kerberos KDC database administration server, +the routine returns KFAILURE. +.PP +The character arrays used as return values for +.IR krb_get_krbhst , +.IR krb_get_admhst , +should be large enough to +hold any hostname (MAXHOSTNAMELEN from ). +.PP +.I krb_get_lrealm +fills in +.I realm +with the +.IR n th +realm of the local host, as specified in the configuration file. +.I realm +should be at least REALM_SZ (from +.IR ) characters long. +.PP +.SH SEE ALSO +kerberos(3), krb.conf(5), krb.realms(5) +.SH FILES +.TP 20n +/etc/krb.realms +translation file for host-to-realm mapping. +.TP +/etc/krb.conf +local realm-name and realm/server configuration file. +.SH BUGS +The current convention for instance names is too limited; the full +domain name should be used. +.PP +.I krb_get_lrealm +currently only supports +.I n += 1. It should really consult the user's ticket cache to determine the +user's current realm, rather than consulting a file on the host. diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3 new file mode 100644 index 0000000..208b6bc --- /dev/null +++ b/crypto/kerberosIV/man/krb_sendauth.3 @@ -0,0 +1,347 @@ +.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $ +.\" Copyright 1988 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- +Kerberos routines for sending authentication via network stream sockets +.SH SYNOPSIS +.nf +.nj +.ft B +#include +#include +#include +.PP +.fi +.HP 1i +.ft B +int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, +msg_data, cred, schedule, laddr, faddr, version) +.nf +.RS 0 +.ft B +long options; +int fd; +KTEXT ktext; +char *service, *inst, *realm; +u_long checksum; +MSG_DAT *msg_data; +CREDENTIALS *cred; +Key_schedule schedule; +struct sockaddr_in *laddr, *faddr; +char *version; +.PP +.fi +.HP 1i +.ft B +int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, +auth_data, filename, schedule, version) +.nf +.RS 0 +.ft B +long options; +int fd; +KTEXT ktext; +char *service, *inst; +struct sockaddr_in *faddr, *laddr; +AUTH_DAT *auth_data; +char *filename; +Key_schedule schedule; +char *version; +.PP +.ft B +int krb_net_write(fd, buf, len) +int fd; +char *buf; +int len; +.PP +.ft B +int krb_net_read(fd, buf, len) +int fd; +char *buf; +int len; +.fi +.SH DESCRIPTION +.PP +These functions, +which are built on top of the core Kerberos library, +provide a convenient means for client and server +programs to send authentication messages +to one another through network connections. +The +.I krb_sendauth +function sends an authenticated ticket from the client program to +the server program by writing the ticket to a network socket. +The +.I krb_recvauth +function receives the ticket from the client by +reading from a network socket. + +.SH KRB_SENDAUTH +.PP +This function writes the ticket to +the network socket specified by the +file descriptor +.IR fd, +returning KSUCCESS if the write proceeds successfully, +and an error code if it does not. + +The +.I ktext +argument should point to an allocated KTEXT_ST structure. +The +.IR service, +.IR inst, +and +.IR realm +arguments specify the server program's Kerberos principal name, +instance, and realm. +If you are writing a client that uses the local realm exclusively, +you can set the +.I realm +argument to NULL. + +The +.I version +argument allows the client program to pass an application-specific +version string that the server program can then match against +its own version string. +The +.I version +string can be up to KSEND_VNO_LEN (see +.IR ) +characters in length. + +The +.I checksum +argument can be used to pass checksum information to the +server program. +The client program is responsible for specifying this information. +This checksum information is difficult to corrupt because +.I krb_sendauth +passes it over the network in encrypted form. +The +.I checksum +argument is passed as the checksum argument to +.IR krb_mk_req . + +You can set +.IR krb_sendauth's +other arguments to NULL unless you want the +client and server programs to mutually authenticate +themselves. +In the case of mutual authentication, +the client authenticates itself to the server program, +and demands that the server in turn authenticate itself to +the client. + +.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION +.PP +If you want mutual authentication, +make sure that you read all pending data from the local socket +before calling +.IR krb_sendauth. +Set +.IR krb_sendauth's +.I options +argument to +.BR KOPT_DO_MUTUAL +(this macro is defined in the +.IR krb.h +file); +make sure that the +.I laddr +argument points to +the address of the local socket, +and that +.I faddr +points to the foreign socket's network address. + +.I Krb_sendauth +fills in the other arguments-- +.IR msg_data , +.IR cred , +and +.IR schedule --before +sending the ticket to the server program. +You must, however, allocate space for these arguments +before calling the function. + +.I Krb_sendauth +supports two other options: +.BR KOPT_DONT_MK_REQ, +and +.BR KOPT_DONT_CANON. +If called with +.I options +set as KOPT_DONT_MK_REQ, +.I krb_sendauth +will not use the +.I krb_mk_req +function to retrieve the ticket from the Kerberos server. +The +.I ktext +argument must point to an existing ticket and authenticator (such as +would be created by +.IR krb_mk_req ), +and the +.IR service, +.IR inst, +and +.IR realm +arguments can be set to NULL. + +If called with +.I options +set as KOPT_DONT_CANON, +.I krb_sendauth +will not convert the service's instance to canonical form using +.IR krb_get_phost (3). + +If you want to call +.I krb_sendauth +with a multiple +.I options +specification, +construct +.I options +as a bitwise-OR of the options you want to specify. + +.SH KRB_RECVAUTH +.PP +The +.I krb_recvauth +function +reads a ticket/authenticator pair from the socket pointed to by the +.I fd +argument. +Set the +.I options +argument +as a bitwise-OR of the options desired. +Currently only KOPT_DO_MUTUAL is useful to the receiver. + +The +.I ktext +argument +should point to an allocated KTEXT_ST structure. +.I Krb_recvauth +fills +.I ktext +with the +ticket/authenticator pair read from +.IR fd , +then passes it to +.IR krb_rd_req . + +The +.I service +and +.I inst +arguments +specify the expected service and instance for which the ticket was +generated. They are also passed to +.IR krb_rd_req. +The +.I inst +argument may be set to "*" if the caller wishes +.I krb_mk_req +to fill in the instance used (note that there must be space in the +.I inst +argument to hold a full instance name, see +.IR krb_mk_req (3)). + +The +.I faddr +argument +should point to the address of the peer which is presenting the ticket. +It is also passed to +.IR krb_rd_req . + +If the client and server plan to mutually authenticate +one another, +the +.I laddr +argument +should point to the local address of the file descriptor. +Otherwise you can set this argument to NULL. + +The +.I auth_data +argument +should point to an allocated AUTH_DAT area. +It is passed to and filled in by +.IR krb_rd_req . +The checksum passed to the corresponding +.I krb_sendauth +is available as part of the filled-in AUTH_DAT area. + +The +.I filename +argument +specifies the filename +which the service program should use to obtain its service key. +.I Krb_recvauth +passes +.I filename +to the +.I krb_rd_req +function. +If you set this argument to "", +.I krb_rd_req +looks for the service key in the file +.IR /etc/srvtab. + +If the client and server are performing mutual authenication, +the +.I schedule +argument +should point to an allocated Key_schedule. +Otherwise it is ignored and may be NULL. + +The +.I version +argument should point to a character array of at least KSEND_VNO_LEN +characters. It is filled in with the version string passed by the client to +.IR krb_sendauth. +.PP +.SH KRB_NET_WRITE AND KRB_NET_READ +.PP +The +.I krb_net_write +function +emulates the write(2) system call, but guarantees that all data +specified is written to +.I fd +before returning, unless an error condition occurs. +.PP +The +.I krb_net_read +function +emulates the read(2) system call, but guarantees that the requested +amount of data is read from +.I fd +before returning, unless an error condition occurs. +.PP +.SH BUGS +.IR krb_sendauth, +.IR krb_recvauth, +.IR krb_net_write, +and +.IR krb_net_read +will not work properly on sockets set to non-blocking I/O mode. + +.SH SEE ALSO + +krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) + +.SH AUTHOR +John T. Kohl, MIT Project Athena +.SH RESTRICTIONS +Copyright 1988, Massachusetts Instititute of Technology. +For copying and distribution information, +please see the file . diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3 new file mode 100644 index 0000000..9d94143 --- /dev/null +++ b/crypto/kerberosIV/man/krb_set_tkt_string.3 @@ -0,0 +1,42 @@ +.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_set_tkt_string \- set Kerberos ticket cache file name +.SH SYNOPSIS +.nf +.nj +.ft B +#include +.PP +.ft B +void krb_set_tkt_string(filename) +char *filename; +.fi +.ft R +.SH DESCRIPTION +.I krb_set_tkt_string +sets the name of the file that holds the user's +cache of Kerberos server tickets and associated session keys. +.PP +The string +.I filename +passed in is copied into local storage. +Only MAXPATHLEN-1 (see ) characters of the filename are +copied in for use as the cache file name. +.PP +This routine should be called during initialization, before other +Kerberos routines are called; otherwise the routines which fetch the +ticket cache file name may be called and return an undesired ticket file +name until this routine is called. +.SH FILES +.TP 20n +/tmp/tkt[uid] +default ticket file name, unless the environment variable KRBTKFILE is set. +[uid] denotes the user's uid, in decimal. +.SH SEE ALSO +kerberos(3), setenv(3) diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1 new file mode 100644 index 0000000..ff8563c --- /dev/null +++ b/crypto/kerberosIV/man/ksrvtgt.1 @@ -0,0 +1,50 @@ +.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a +service key +.SH SYNOPSIS +.B ksrvtgt +name instance [[realm] srvtab] +.SH DESCRIPTION +.I ksrvtgt +retrieves a ticket-granting ticket with a lifetime of five (5) minutes +for the principal +.I name.instance@realm +(or +.I name.instance@localrealm +if +.I realm +is not supplied on the command line), decrypts the response using +the service key found in +.I srvtab +(or in +.B /etc/srvtab +if +.I srvtab +is not specified on the command line), and stores the ticket in the +standard ticket cache. +.PP +This command is intended primarily for use in shell scripts and other +batch-type facilities. +.SH DIAGNOSTICS +"Generic kerberos failure (kfailure)" can indicate a whole range of +problems, the most common of which is the inability to read the service +key file. +.SH FILES +.TP 2i +/etc/krb.conf +to get the name of the local realm. +.TP +/tmp/tkt[uid] +The default ticket file. +.TP +/etc/srvtab +The default service key file. +.SH SEE ALSO +kerberos(1), kinit(1), kdestroy(1) diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8 new file mode 100644 index 0000000..fdc99e6 --- /dev/null +++ b/crypto/kerberosIV/man/ksrvutil.8 @@ -0,0 +1,104 @@ +.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.Dd May 4, 1996 +.Dt KSRVUTIL 8 +.Os KTH-KRB + +.Sh NAME +.Nm ksrvutil +host kerberos keyfile (srvtab) manipulation utility +.Sh SYNOPSIS +.Nm +.Op Fl f Pa keyfile +.Op Fl i +.Op Fl k +.Op Fl p Ar principal +.Op Fl r Ar realm +.Ar operation + +.Sh DESCRIPTION +.Nm +allows a system manager to list or change keys currently in his +keyfile or to add new keys to the keyfile. +.Pp +Operation must be one of the following: +.Bl -tag -width indent +.It list +lists the keys in a keyfile showing version number and principal name. +If the +.Fl k +option is given, keys will also be shown. +.It change +changes all the keys in the keyfile by using the regular admin +protocol. If the +.Fl i +flag is given, +.Nm ksrvutil +will prompt for yes or no before changing each key. If the +.Fl k +option is used, the old and new keys will be displayed. +.It add +allows the user to add a key. +add +prompts for name, instance, realm, and key version number, asks +for confirmation, and then asks for a password. +.Nm +then converts the password to a key and appends the keyfile with the +new information. If the +.Fl k +option is used, the key is displayed. +.It get +gets a service from the Kerberos server, possibly creating the +principal. Names, instances and realms for the service keys to get are +prompted for. The default principal used in the kadmin transcation is +your root instance. This can be changed with the +.Fl p +option. +.El +.Pp +In all cases, the default file used is KEY_FILE as defined in krb.h +unless this is overridden by the +.Fl f +option. +.Pp +A good use for +.Nm +would be for adding keys to a keyfile. A system manager could +ask a kerberos administrator to create a new service key with +.Xr kadmin 8 +and could supply an initial password. Then, he could use +.Nm +to add the key to the keyfile and then to change the key so that it +will be random and unknown to either the system manager or the +kerberos administrator. + +.Nm +always makes a backup copy of the keyfile before making any changes. + +.Sh DIAGNOSTICS +If +.Nm +should exit on an error condition at any time during a change or add, +a copy of the original keyfile can be found in +.Pa filename Ns .old +where +.Pa filename +is the name of the keyfile, and a copy of the file with all new +keys changed or added so far can be found in +.Pa filename Ns .work. +The original keyfile is left unmodified until the program exits at +which point it is removed and replaced it with the workfile. +Appending the workfile to the backup copy and replacing the keyfile +with the result should always give a usable keyfile, although the +resulting keyfile will have some out of date keys in it. + +.Sh SEE ALSO +.Xr kadmin 8 , +.Xr ksrvtgt 1 + +.Sh AUTHOR +Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8 new file mode 100644 index 0000000..0197a3d --- /dev/null +++ b/crypto/kerberosIV/man/kstash.8 @@ -0,0 +1,40 @@ +.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kstash \- stash Kerberos key distribution center database master key +.SH SYNOPSIS +kstash +.SH DESCRIPTION +.I kstash +saves the Kerberos key distribution center (KDC) database master key in +the master key cache file. +.PP +The user is prompted to enter the key, to verify the authenticity of the +key and the authorization to store the key in the file. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.TP +"kstash: Unable to open master key file" +The attempt to open the cache file for writing failed (probably due to a +system or access permission error). +.TP +"kstash: Write I/O error on master key file" +The +.BR write (2) +system call returned an error while +.I kstash +was attempting to write the key to the file. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3 new file mode 100644 index 0000000..0987308 --- /dev/null +++ b/crypto/kerberosIV/man/kuserok.3 @@ -0,0 +1,66 @@ +.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kuserok \- Kerberos version of ruserok +.SH SYNOPSIS +.nf +.nj +.ft B +#include +.PP +.ft B +kuserok(kdata, localuser) +AUTH_DAT *auth_data; +char *localuser; +.fi +.ft R +.SH DESCRIPTION +.I kuserok +determines whether a Kerberos principal described by the structure +.I auth_data +is authorized to login as user +.I localuser +according to the authorization file +("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, +1 (one) if not authorized. +.PP +If there is no account for +.I localuser +on the local machine, authorization is not granted. +If there is no authorization file, and the Kerberos principal described +by +.I auth_data +translates to +.I localuser +(using +.IR krb_kntoln (3)), +authorization is granted. +If the authorization file +can't be accessed, or the file is not owned by +.IR localuser, +authorization is denied. Otherwise, the file is searched for +a matching principal name, instance, and realm. If a match is found, +authorization is granted, else authorization is denied. +.PP +The file entries are in the format: +.nf +.in +5n + name.instance@realm +.in -5n +.fi +with one entry per line. + +For convenience ~localuser@LOCALREALM is +always considered to be an entry in the file even when there is no +file or the file is unreadable. +.SH SEE ALSO +kerberos(3), ruserok(3), krb_kntoln(3) +.SH FILES +.TP 20n +~\fIlocaluser\fR/.klogin +authorization list diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3 new file mode 100644 index 0000000..3f98321 --- /dev/null +++ b/crypto/kerberosIV/man/tf_util.3 @@ -0,0 +1,150 @@ +.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file . +.\" +.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ +\- Routines for manipulating a Kerberos ticket file +.SH SYNOPSIS +.nf +.nj +.ft B +#include +.PP +.ft B +extern char *krb_err_txt[]; +.PP +.ft B +tf_init(tf_name, rw) +char *tf_name; +int rw; +.PP +.ft B +tf_get_pname(pname) +char *pname; +.PP +.ft B +tf_get_pinst(pinst) +char *pinst; +.PP +.ft B +tf_get_cred(c) +CREDENTIALS *c; +.PP +.ft B +tf_close() +.PP +.fi +.SH DESCRIPTION +This group of routines are provided to manipulate the Kerberos tickets +file. A ticket file has the following format: +.nf +.in +4 +.sp +principal's name (null-terminated string) +principal's instance (null-terminated string) +CREDENTIAL_1 +CREDENTIAL_2 + ... +CREDENTIAL_n +EOF +.sp +.in -4 +.LP +Where "CREDENTIAL_x" consists of the following fixed-length +fields from the CREDENTIALS structure (defined in ): +.nf +.sp +.in +4 + char service[ANAME_SZ] + char instance[INST_SZ] + char realm[REALM_SZ] + des_cblock session + int lifetime + int kvno + KTEXT_ST ticket_st + long issue_date +.in -4 +.sp +.fi +.PP +.I tf_init +must be called before the other ticket file +routines. +It takes the name of the ticket file to use, +and a read/write flag as arguments. +It tries to open the ticket file, checks the mode and if +everything is okay, locks the file. If it's opened for +reading, the lock is shared. If it's opened for writing, +the lock is exclusive. +KSUCCESS is returned if all went well, otherwise one of the +following: +.nf +.sp +NO_TKT_FIL - file wasn't there +TKT_FIL_ACC - file was in wrong mode, etc. +TKT_FIL_LCK - couldn't lock the file, even after a retry +.sp +.fi +.PP +The +.I tf_get_pname +reads the principal's name from a ticket file. +It should only be called after tf_init has been called. The +principal's name is filled into the +.I pname +parameter. If all goes +well, KSUCCESS is returned. +If tf_init wasn't called, TKT_FIL_INI +is returned. +If the principal's name was null, or EOF was encountered, or the +name was longer than ANAME_SZ, TKT_FIL_FMT is returned. +.PP +The +.I tf_get_pinst +reads the principal's instance from a ticket file. +It should only be called after tf_init and tf_get_pname +have been called. +The principal's instance is filled into the +.I pinst +parameter. +If all goes +well, KSUCCESS is returned. +If tf_init wasn't called, TKT_FIL_INI +is returned. +If EOF was encountered, or the +name was longer than INST_SZ, TKT_FIL_FMT is returned. +Note that, unlike the principal name, the instance name may be null. +.PP +The +.I tf_get_cred +routine reads a CREDENTIALS record from a ticket file and +fills in the given structure. +It should only be called after +tf_init, tf_get_pname, and tf_get_pinst have been called. +If all goes well, KSUCCESS is returned. Possible error codes +are: +.nf +.sp +TKT_FIL_INI - tf_init wasn't called first +TKT_FIL_FMT - bad format +EOF - end of file encountered +.sp +.fi +.PP +.I tf_close +closes the ticket file and releases the lock on it. +.SH "SEE ALSO" +krb(3) +.SH DIAGNOSTICS +.SH BUGS +The ticket file routines have to be called in a certain order. +.SH AUTHORS +Jennifer Steiner, MIT Project Athena +.br +Bill Bryant, MIT Project Athena +.SH RESTRICTIONS +Copyright 1987 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/mkinstalldirs b/crypto/kerberosIV/mkinstalldirs new file mode 100644 index 0000000..1c13a50 --- /dev/null +++ b/crypto/kerberosIV/mkinstalldirs @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.1 1996/06/27 01:12:51 joda Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here diff --git a/crypto/kerberosIV/server/Makefile.in b/crypto/kerberosIV/server/Makefile.in new file mode 100644 index 0000000..64e7eb1 --- /dev/null +++ b/crypto/kerberosIV/server/Makefile.in @@ -0,0 +1,79 @@ +# $Id: Makefile.in,v 1.24 1997/05/02 17:52:00 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kerberos$(EXECSUFFIX) + +SOURCES = kerberos.c + +OBJECTS = kerberos.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +kerberos$(EXECSUFFIX): kerberos.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c new file mode 100644 index 0000000..405e48d --- /dev/null +++ b/crypto/kerberosIV/server/kerberos.c @@ -0,0 +1,846 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * . + */ + +#include "config.h" +#include "protos.h" + +RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $"); + +#include +#include +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef TIME_WITH_SYS_TIME +#include +#include +#elif defined(HAVE_SYS_TIME_H) +#include +#else +#include +#endif + +#ifdef HAVE_SYS_SELECT_H +#include +#endif + +#include +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include +#endif +#ifdef HAVE_SYS_FILIO_H +#include +#endif /* HAVE_SYS_FILIO_H */ + +#ifdef HAVE_NETDB_H +#include +#endif +#include + +#ifdef SOCKS +#include +#endif + +#include + +#include +#include +#include +#include +#include + +#include + +static des_key_schedule master_key_schedule; +static des_cblock master_key; + +static struct timeval kerb_time; +static u_char master_key_version; +static char k_instance[INST_SZ]; +static char *lt; +static int more; + +static int mflag; /* Are we invoked manually? */ +static char *log_file; /* name of alt. log file */ +static int nflag; /* don't check max age */ +static int rflag; /* alternate realm specified */ + +/* fields within the received request packet */ +static char *req_name_ptr; +static char *req_inst_ptr; +static char *req_realm_ptr; +static u_int32_t req_time_ws; + +static char local_realm[REALM_SZ]; + +/* options */ +static int max_age = -1; +static int pause_int = -1; + +/* + * Print usage message and exit. + */ +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]" + " [-a max_age] [-l log_file] [-r realm] [database_pathname]\n", + __progname); + exit(1); +} + +/* + * kerb_err_reply creates an error reply packet and sends it to the + * client. + */ + +static void +kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string) +{ + static KTEXT_ST e_pkt_st; + KTEXT e_pkt = &e_pkt_st; + static char e_msg[128]; + + strcpy(e_msg, "\nKerberos error -- "); + strcat(e_msg, string); + cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, + req_time_ws, err, e_msg); + sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client, + sizeof(*client)); +} + +static void +hang(void) +{ + if (pause_int == -1) { + klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); + for (;;) + pause(); + } else { + char buf[256]; + snprintf(buf, sizeof(buf), + "Kerberos will wait %d seconds before dying so as not to loop init", + pause_int); + klog(L_KRB_PERR, buf); + sleep(pause_int); + klog(L_KRB_PERR, "Do svedania....\n"); + exit(1); + } +} + +static int +check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p) +{ + static int n; + static int more; + + n = kerb_get_principal(p_name, instance, p, 1, &more); + + if (n < 0) { + lt = klog(L_KRB_PERR, "Database unavailable!"); + hang(); + } + + /* + * if more than one p_name, pick one, randomly create a session key, + * compute maximum lifetime, lookup authorizations if applicable, + * and stuff into cipher. + */ + if (n == 0) { + /* service unknown, log error, skip to next request */ + lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + if (more) { + /* not unique, log error */ + lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance); + return KERB_ERR_PRINCIPAL_NOT_UNIQUE; + } + /* If the user's key is null, we want to return an error */ + if ((p->key_low == 0) && (p->key_high == 0)) { + /* User has a null key */ + lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance); + return KERB_ERR_NULL_KEY; + } + if (master_key_version != p->kdc_key_ver) { + /* log error reply */ + lt = klog(L_ERR_MKV, + "Incorrect master key version for %s.%s: %d (should be %d)", + p->name, p->instance, p->kdc_key_ver, master_key_version); + return KERB_ERR_NAME_MAST_KEY_VER; + } + /* make sure the service hasn't expired */ + if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) { + /* service did expire, log it */ + time_t t = p->exp_date; + lt = klog(L_ERR_SEXP, + "Principal %s.%s expired at %s", p->name, p->instance, + krb_stime(&t)); + return KERB_ERR_NAME_EXP; + } + /* ok is zero */ + return 0; +} + +static void +unseal(des_cblock *key) +{ + kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT); +} + + +/* Set the key for krb_rd_req so we can check tgt */ +static int +set_tgtkey(char *r) + /* Realm for desired key */ +{ + int n; + static char lastrealm[REALM_SZ]; + Principal p_st; + Principal *p = &p_st; + des_cblock key; + + if (!strcmp(lastrealm, r)) + return (KSUCCESS); + + klog(L_ALL_REQ, "Getting key for %s", r); + + n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more); + if (n == 0) + return (KFAILURE); + + /* unseal tgt key from master key */ + copy_to_key(&p->key_low, &p->key_high, key); + unseal(&key); + krb_set_key(key, 0); + strcpy(lastrealm, r); + return (KSUCCESS); +} + + +static int +kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt) +{ + int pvno; + int msg_type; + int lsb; + int life; + int flags = 0; + char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; + char service[SNAME_SZ], sinst[INST_SZ]; + u_int32_t req_time; + static KTEXT_ST ticket, cipher, adat; + KTEXT tk = &ticket, ciph = &cipher, auth = &adat; + AUTH_DAT ad; + des_cblock session, key; + int err; + Principal a_name, s_name; + + char *msg; + + + unsigned char *p = buf; + if(len < 2){ + strcpy((char*)rpkt->dat, "Packet too short"); + return KFAILURE; + } + + gettimeofday(&kerb_time, NULL); + + pvno = *p++; + if(pvno != KRB_PROT_VERSION){ + msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno); + strcpy((char*)rpkt->dat, msg); + return KERB_ERR_PKT_VER; + } + msg_type = *p++; + lsb = msg_type & 1; + msg_type &= ~1; + switch(msg_type){ + case AUTH_MSG_KDC_REQUEST: + /* XXX range check */ + p += krb_get_nir(p, name, inst, realm); + p += krb_get_int(p, &req_time, 4, lsb); + life = *p++; + p += krb_get_nir(p, service, sinst, NULL); + klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s", + name, inst, realm, service, sinst, inet_ntoa(client)); + if((err = check_princ(name, inst, 0, &a_name))){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + tk->length = 0; + if((err = check_princ(service, sinst, 0, &s_name))){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + life = min(life, s_name.max_life); + life = min(life, a_name.max_life); + + des_new_random_key(&session); + copy_to_key(&s_name.key_low, &s_name.key_high, key); + unseal(&key); + krb_create_ticket(tk, flags, a_name.name, a_name.instance, + local_realm, client.s_addr, session, + life, kerb_time.tv_sec, + s_name.name, s_name.instance, &key); + copy_to_key(&a_name.key_low, &a_name.key_high, key); + unseal(&key); + create_ciph(ciph, session, s_name.name, s_name.instance, + local_realm, life, s_name.key_version, tk, + kerb_time.tv_sec, &key); + memset(&session, 0, sizeof(session)); + memset(&key, 0, sizeof(key)); + { + KTEXT r; + r = create_auth_reply(name, inst, realm, req_time, 0, + a_name.exp_date, a_name.key_version, ciph); + memcpy(rpkt, r, sizeof(*rpkt)); + } + return 0; + case AUTH_MSG_APPL_REQUEST: + strcpy(realm, (char*)buf + 3); + if((err = set_tgtkey(realm))){ + msg = klog(L_ERR_UNK, "Unknown realm %s from %s", + realm, inet_ntoa(client)); + strcpy((char*)rpkt->dat, msg); + return err; + } + p = buf + strlen(realm) + 4; + p = p + p[0] + p[1] + 2; + auth->length = p - buf; + memcpy(auth->dat, buf, auth->length); + err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET, + realm, client.s_addr, &ad, 0); + if(err){ + msg = klog(L_ERR_UNK, "krb_rd_req from %s: %s", + inet_ntoa(client), krb_get_err_text(err)); + strcpy((char*)rpkt->dat, msg); + return err; + } + p += krb_get_int(p, &req_time, 4, lsb); + life = *p++; + p += krb_get_nir(p, service, sinst, NULL); + klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s", + ad.pname, ad.pinst, ad.prealm, + service, sinst, + inet_ntoa(client)); + if(strcmp(ad.prealm, realm)){ + msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s", + realm, ad.prealm); + strcpy((char*)rpkt->dat, msg); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + + if(!strcmp(service, "changepw")){ + strcpy((char*)rpkt->dat, + "Can't authorize password changed based on TGT"); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + + err = check_princ(service, sinst, life, &s_name); + if(err){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + life = min(life, + krb_time_to_life(kerb_time.tv_sec, + krb_life_to_time(ad.time_sec, + ad.life))); + life = min(life, s_name.max_life); + copy_to_key(&s_name.key_low, &s_name.key_high, key); + unseal(&key); + des_new_random_key(&session); + krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, + client.s_addr, &session, life, kerb_time.tv_sec, + s_name.name, s_name.instance, + &key); + + memset(&key, 0, sizeof(key)); + + create_ciph(ciph, session, service, sinst, local_realm, + life, s_name.key_version, tk, + kerb_time.tv_sec, &ad.session); + + memset(&session, 0, sizeof(session)); + memset(ad.session, 0, sizeof(ad.session)); + { + KTEXT r; + r =create_auth_reply(ad.pname, ad.pinst, ad.prealm, + req_time, 0, 0, 0, ciph); + memcpy(rpkt, r, sizeof(*rpkt)); + } + memset(&s_name, 0, sizeof(s_name)); + return 0; + + case AUTH_MSG_ERR_REPLY: + return -1; + default: + msg = klog(L_KRB_PERR, "Unknown message type: %d from %s", + msg_type, inet_ntoa(client)); + strcpy((char*)rpkt->dat, msg); + return KFAILURE; + } +} + + +static void +kerberos_wrap(int s, KTEXT data, struct sockaddr_in *client) +{ + KTEXT_ST pkt; + int err = kerberos(data->dat, data->length, client->sin_addr, &pkt); + if(err == -1) + return; + if(err){ + kerb_err_reply(s, client, err, (char*)pkt.dat); + return; + } + sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client, + sizeof(*client)); +} + + +/* + * setup_disc + * + * disconnect all descriptors, remove ourself from the process + * group that spawned us. + */ + +static void +setup_disc(void) +{ + int s; + + for (s = 0; s < 3; s++) { + close(s); + } + + open("/dev/null", 0); + dup2(0, 1); + dup2(0, 2); + + setsid(); + + chdir("/tmp"); + return; +} + +/* + * Make sure that database isn't stale. + * + * Exit if it is; we don't want to tell lies. + */ + +static void +check_db_age(void) +{ + long age; + + if (max_age != -1) { + /* Requires existance of kerb_get_db_age() */ + gettimeofday(&kerb_time, 0); + age = kerb_get_db_age(); + if (age == 0) { + klog(L_KRB_PERR, "Database currently being updated!"); + hang(); + } + if ((age + max_age) < kerb_time.tv_sec) { + klog(L_KRB_PERR, "Database out of date!"); + hang(); + /* NOTREACHED */ + } + } +} + +struct descr{ + int s; + KTEXT_ST buf; + int type; + int timeout; +}; + +static void +mksocket(struct descr *d, struct in_addr addr, int type, + const char *service, int port) +{ + struct sockaddr_in sina; + int on = 1; + int sock; + + memset(d, 0, sizeof(struct descr)); + if ((sock = socket(AF_INET, type, 0)) < 0) + err (1, "socket"); +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, + sizeof(on)) < 0) + warn ("setsockopt (SO_REUSEADDR)"); +#endif + memset(&sina, 0, sizeof(sina)); + sina.sin_family = AF_INET; + sina.sin_port = port; + sina.sin_addr = addr; + if (bind(sock, (struct sockaddr *)&sina, sizeof(sina)) < 0) + err (1, "bind '%s/%s' (%d)", + service, (type == SOCK_DGRAM) ? "udp" : "tcp", + ntohs(sina.sin_port)); + + if(type == SOCK_STREAM) + listen(sock, SOMAXCONN); + d->s = sock; + d->type = type; +} + + +static void loop(struct descr *fds, int maxfd); + +int +main(int argc, char **argv) +{ + int child; + int c; + struct descr *fds; + int nfds; + int i; + int n; + int kerror; + + umask(077); /* Create protected files */ + + set_progname (argv[0]); + + while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) { + switch(c) { + case 's': + /* + * Set parameters to slave server defaults. + */ + if (max_age == -1 && !nflag) + max_age = ONE_DAY; /* 24 hours */ + if (pause_int == -1) + pause_int = FIVE_MINUTES; /* 5 minutes */ +#if 0 + if (log_file == NULL) { + /* this is only silly */ + log_file = KRBSLAVELOG; + } +#endif + break; + case 'n': + max_age = -1; /* don't check max age. */ + nflag++; + break; + case 'm': + mflag++; /* running manually; prompt for master key */ + break; + case 'p': + /* Set pause interval. */ + if (!isdigit(optarg[0])) + usage(); + pause_int = atoi(optarg); + if ((pause_int < 5) || (pause_int > ONE_HOUR)) { + fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n"); + usage(); + } + break; + case 'a': + /* Set max age. */ + if (!isdigit(optarg[0])) + usage(); + max_age = atoi(optarg); + if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { + fprintf(stderr, "max_age must be between one hour and three days, in seconds\n"); + usage(); + } + break; + case 'l': + /* Set alternate log file */ + log_file = optarg; + break; + case 'r': + /* Set realm name */ + rflag++; + strcpy(local_realm, optarg); + break; + default: + usage(); + break; + } + } + + if(log_file == NULL) + log_file = KRBLOG; + + if (optind == (argc-1)) { + if (kerb_db_set_name(argv[optind]) != 0) { + fprintf(stderr, "Could not set alternate database name\n"); + exit(1); + } + optind++; + } + + if (optind != argc) + usage(); + + printf("Kerberos server starting\n"); + + if ((!nflag) && (max_age != -1)) + printf("\tMaximum database age: %d seconds\n", max_age); + if (pause_int != -1) + printf("\tSleep for %d seconds on error\n", pause_int); + else + printf("\tSleep forever on error\n"); + if (mflag) + printf("\tMaster key will be entered manually\n"); + + printf("\tLog file is %s\n", log_file); + + kset_logfile(log_file); + + /* find our hostname, and use it as the instance */ + if (k_gethostname(k_instance, INST_SZ)) + err (1, "gethostname"); + + /* + * Yes this looks backwards but it has to be this way to enable a + * smooth migration to the new port 88. + */ + { + int p1, p2; + struct in_addr *a; + + p1 = k_getportbyname ("kerberos-iv", "udp", htons(750)); + p2 = k_getportbyname ("kerberos-sec", "udp", htons(88)); + + if (p1 == p2) + { + fprintf(stderr, "Either define kerberos-iv/udp as 750\n"); + fprintf(stderr, " and kerberos-sec/udp as 88\n"); + fprintf(stderr, "or the other way around!"); + exit(1); + } + + nfds = k_get_all_addrs (&a); + if (nfds < 0) { + struct in_addr any; + + any.s_addr = INADDR_ANY; + + fprintf (stderr, "Could not get local addresses, " + "binding to INADDR_ANY\n"); + nfds = 1; + a = malloc(sizeof(*a) * nfds); + memcpy(a, &any, sizeof(struct in_addr)); + } + nfds *= 4; + fds = (struct descr*)malloc(nfds * sizeof(struct descr)); + for (i = 0; i < nfds/4; i++) { + mksocket(fds + 4 * i + 0, a[i], SOCK_DGRAM, "kerberos-iv", p1); + mksocket(fds + 4 * i + 1, a[i], SOCK_DGRAM, "kerberos-sec", p2); + mksocket(fds + 4 * i + 2, a[i], SOCK_STREAM, "kerberos-iv", p1); + mksocket(fds + 4 * i + 3, a[i], SOCK_STREAM, "kerberos-sec", p2); + } + free (a); + } + /* do all the database and cache inits */ + if ((n = kerb_init())) { + if (mflag) { + printf("Kerberos db and cache init "); + printf("failed = %d ...exiting\n", n); + exit (1); + } else { + klog(L_KRB_PERR, + "Kerberos db and cache init failed = %d ...exiting", n); + hang(); + } + } + + /* Make sure database isn't stale */ + check_db_age(); + + /* setup master key */ + if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) { + klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); + exit (1); + } + kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout); + if (kerror < 0) { + klog (L_KRB_PERR, "Can't verify master key."); + memset(master_key, 0, sizeof (master_key)); + memset (master_key_schedule, 0, sizeof (master_key_schedule)); + exit (1); + } + + master_key_version = (u_char) kerror; + + fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", + master_key_version); + des_init_random_number_generator(&master_key); + + if (!rflag) { + /* Look up our local realm */ + krb_get_lrealm(local_realm, 1); + } + fprintf(stdout, "Local realm: %s\n", local_realm); + fflush(stdout); + + if (set_tgtkey(local_realm)) { + /* Ticket granting service unknown */ + klog(L_KRB_PERR, "Ticket granting ticket service unknown"); + fprintf(stderr, "Ticket granting ticket service unknown\n"); + exit(1); + } + if (mflag) { + if ((child = fork()) != 0) { + printf("Kerberos started, PID=%d\n", child); + exit(0); + } + setup_disc(); + } + + klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)", + local_realm, master_key_version); + + /* receive loop */ + loop(fds, nfds); + exit(1); +} + + +static void +loop(struct descr *fds, int nfds) +{ + for (;;) { + int ret; + fd_set readfds; + struct timeval tv; + int maxfd = 0; + struct descr *n, *minfree; + + FD_ZERO(&readfds); + gettimeofday(&tv, NULL); + maxfd = 0; + minfree = NULL; + /* Remove expired TCP sockets, and add all other + to the set we are selecting on */ + for(n = fds; n < fds + nfds; n++){ + if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){ + kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout"); + close(n->s); + n->s = -1; + } + if(n->s < 0){ + if(minfree == NULL) minfree = n; + continue; + } + FD_SET(n->s, &readfds); + maxfd = max(maxfd, n->s); + } + /* add more space for sockets */ + if(minfree == NULL){ + int i = nfds; + struct descr *new; + nfds *=2; + new = realloc(fds, sizeof(struct descr) * nfds); + if(new){ + fds = new; + minfree = fds + i; + for(; i < nfds; i++) fds[i].s = -1; + } + } + ret = select(maxfd + 1, &readfds, 0, 0, 0); + for (n = fds; n < fds + nfds; n++){ + if(n->s < 0) continue; + if (FD_ISSET(n->s, &readfds)){ + if(n->type == SOCK_STREAM && n->timeout == 0){ + /* add accepted socket to list of sockets we are + selecting on */ + int s = accept(n->s, NULL, 0); + if(minfree == NULL){ + kerb_err_reply(s, NULL, KFAILURE, "Out of memory"); + close(s); + }else{ + minfree->s = s; + minfree->type = SOCK_STREAM; + gettimeofday(&tv, NULL); + minfree->timeout = tv.tv_sec + 4; /* XXX */ + } + }else{ + int b; + struct sockaddr_in from; + int fromlen = sizeof(from); + b = recvfrom(n->s, n->buf.dat + n->buf.length, + MAX_PKT_LEN - n->buf.length, 0, + (struct sockaddr *)&from, &fromlen); + if(b < 0){ + if(n->type == SOCK_STREAM){ + close(n->s); + n->s = -1; + } + n->buf.length = 0; + continue; + } + n->buf.length += b; + if(n->type == SOCK_STREAM){ + if(n->buf.length >= 4 && n->buf.dat[0] == 0){ + /* if this is a new type of packet (with + the length attached to the head of the + packet), and there is no more data to + be read, fake an old packet, so the + code below will work */ + u_int32_t len; + krb_get_int(n->buf.dat, &len, 4, 0); + if(n->buf.length == len + 4){ + memmove(n->buf.dat, n->buf.dat + 4, len); + b = 0; + } + } + if(b == 0){ + /* handle request if there are + no more bytes to read */ + fromlen = sizeof(from); + getpeername(n->s,(struct sockaddr*)&from, &fromlen); + kerberos_wrap(n->s, &n->buf, &from); + n->buf.length = 0; + close(n->s); + n->s = -1; + } + }else{ + /* udp packets are atomic */ + kerberos_wrap(n->s, &n->buf, &from); + n->buf.length = 0; + } + } + } + } + } +} diff --git a/crypto/kerberosIV/slave/Makefile.in b/crypto/kerberosIV/slave/Makefile.in new file mode 100644 index 0000000..ce35546 --- /dev/null +++ b/crypto/kerberosIV/slave/Makefile.in @@ -0,0 +1,82 @@ +# $Id: Makefile.in,v 1.27 1997/05/04 04:16:28 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\" +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kpropd$(EXECSUFFIX) \ + kprop$(EXECSUFFIX) + +SOURCES = kpropd.c kprop.c + +OBJECTS = kpropd.o kprop.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +kprop$(EXECSUFFIX): kprop.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + +kpropd$(EXECSUFFIX): kpropd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/slave/kprop.c b/crypto/kerberosIV/slave/kprop.c new file mode 100644 index 0000000..8901121 --- /dev/null +++ b/crypto/kerberosIV/slave/kprop.c @@ -0,0 +1,530 @@ +/* + +Copyright 1987, 1988 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + +*/ + +#include "slav_locl.h" + +RCSID("$Id: kprop.c,v 1.29 1997/05/25 02:43:54 joda Exp $"); + +#include "kprop.h" + +static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; + +int debug = 0; + +char my_realm[REALM_SZ]; +int princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char); +short transfer_mode, net_transfer_mode; +int force_flag; +static char ok[] = ".dump_ok"; + +struct slave_host { + u_int32_t net_addr; + char *name; + char *instance; + char *realm; + int not_time_yet; + int succeeded; + struct slave_host *next; +}; + +static +int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime) +{ + FILE *fin; + char namebuf[128], *inst; + char *pc; + struct hostent *host; + struct slave_host **th; + char path[256]; + char *ppath; + struct stat stbuf; + + if ((fin = fopen(file, "r")) == NULL) + err (1, "open(%s)", file); + strcpy(path, file); + if ((ppath = strrchr(path, '/'))) { + ppath += 1; + } else { + ppath = path; + } + th = psl; + while(fgets(namebuf, sizeof(namebuf), fin)){ + if ((pc = strchr(namebuf, '\n'))) { + *pc = '\0'; + } else { + if(strlen(namebuf) == sizeof(namebuf) - 1){ + warnx ("Hostname too long (>= %d chars) in '%s'.", + (int) sizeof(namebuf), file); + do{ + if(fgets(namebuf, sizeof(namebuf), fin) == NULL) + break; + }while(strchr(namebuf, '\n') == NULL); + continue; + } + } + if(namebuf[0] == 0 || namebuf[0] == '#') + continue; + host = gethostbyname(namebuf); + if (host == NULL) { + warnx ("Ignoring host '%s' in '%s': %s", + namebuf, file, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + continue; + } + (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); + if (!*th) + errx (1, "No memory reading host list from '%s'.", + file); + memset(*th, 0, sizeof(struct slave_host)); + (*th)->name = strdup(namebuf); + if ((*th)->name == NULL) + errx (1, "No memory reading host list from '%s'.", + file); + /* get kerberos cannonical instance name */ + inst = krb_get_phost ((*th)->name); + (*th)->instance = strdup(inst); + if ((*th)->instance == NULL) + errx (1, "No memory reading host list from '%s'.", + file); + /* what a concept, slave servers in different realms! */ + (*th)->realm = my_realm; + memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr)); + (*th)->not_time_yet = 0; + (*th)->succeeded = 0; + (*th)->next = NULL; + strcat(strcpy(ppath, (*th)->name), "-last-prop"); + if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { + (*th)->not_time_yet = 1; + (*th)->succeeded = 1; /* no change since last success */ + } + th = &(*th)->next; + } + fclose(fin); + return (1); +} + +/* The master -> slave protocol looks like this: + 1) 8 byte version string + 2) 2 bytes of "transfer mode" (net byte order of course) + 3) ticket/authentication send by sendauth + 4) 4 bytes of "block" length (u_int32_t) + 5) data + + 4 and 5 repeat til EOF ... +*/ + +static int +prop_to_slaves(struct slave_host *sl, int fd, char *fslv) +{ + u_char buf[KPROP_BUFSIZ]; + u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */ + struct sockaddr_in sin, my_sin; + int i, n, s; + struct slave_host *cs; /* current slave */ + char path[256], my_host_name[MaxHostNameLen], *p_my_host_name; + char kprop_service_instance[INST_SZ]; + char *pc; + u_int32_t cksum; + u_int32_t length, nlength; + long kerror; + KTEXT_ST ticket; + CREDENTIALS cred; + MSG_DAT msg_dat; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + + des_key_schedule session_sched; + + close(mkstemp(tkstring)); + krb_set_tkt_string(tkstring); + + memset(&sin, 0, sizeof sin); + sin.sin_family = AF_INET; + sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); + sin.sin_addr.s_addr = INADDR_ANY; + + strcpy(path, fslv); + if ((pc = strrchr(path, '/'))) { + pc += 1; + } else { + pc = path; + } + + for (i = 0; i < 5; i++) { /* try each slave five times max */ + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) { + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) + err (1, "socket"); + memcpy(&sin.sin_addr, &cs->net_addr, + sizeof cs->net_addr); + + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + warn ("connect(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + + /* for krb_mk_{priv, safe} */ + memset(&my_sin, 0, sizeof my_sin); + n = sizeof my_sin; + if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { + warn ("getsockname(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (n != sizeof (my_sin)) { + warnx ("can't get socketname %s length", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + /* Get ticket */ + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_int32_t) 0); + /* if ticket has expired try to get a new one, but + * first get a TGT ... + */ + if (kerror != MK_AP_OK) { + if (k_gethostname (my_host_name, sizeof(my_host_name)) != 0) { + warnx ("gethostname(%s): %s", + my_host_name, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + close (s); + break; /* next one can't work either! */ + } + /* get canonical kerberos service instance name */ + p_my_host_name = krb_get_phost (my_host_name); + /* copy it to make sure gethostbyname static doesn't + * screw us. */ + strcpy (kprop_service_instance, p_my_host_name); + kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, +#if 0 + kprop_service_instance, +#else + KRB_MASTER, +#endif + my_realm, + KRB_TICKET_GRANTING_TICKET, + my_realm, + 96, + KPROP_SRVTAB); + if (kerror != INTK_OK) { + warnx ("%s: %s. While getting initial ticket\n", + cs->name, krb_get_err_text(kerror)); + close (s); + goto punt; + } + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_int32_t) 0); + } + if (kerror != MK_AP_OK) { + warnx ("%s: krb_mk_req: %s", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + if (write(s, kprop_version, sizeof(kprop_version)) + != sizeof(kprop_version)) { + warn ("%s", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + net_transfer_mode = htons (transfer_mode); + if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) + != sizeof(net_transfer_mode)) { + warn ("write(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, + cs->realm, &cred); + if (kerror != KSUCCESS) { + warnx ("%s: %s. Getting session key.", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#ifdef NOENCRYPTION + memset(session_sched, 0, sizeof(session_sched)); +#else + if (des_key_sched (&cred.session, session_sched)) { + warnx ("%s: can't make key schedule.", + cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#endif + /* SAFE (quad_cksum) and CLEAR are just not good enough */ + cksum = 0; +#ifdef not_working_yet + if (transfer_mode != KPROP_TRANSFER_PRIVATE) { + cksum = get_data_checksum(fd, session_sched); + lseek(fd, 0L, 0); + } + else +#endif + { + struct stat st; + fstat (fd, &st); + cksum = st.st_size; + } + kerror = krb_sendauth(KOPT_DO_MUTUAL, + s, + &ticket, + KPROP_SERVICE_NAME, + cs->instance, + cs->realm, + cksum, + &msg_dat, + &cred, + session_sched, + &my_sin, + &sin, + KPROP_PROT_VERSION); + if (kerror != KSUCCESS) { + warnx ("%s: krb_sendauth: %s.", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */ + while ((n = read(fd, buf, sizeof buf))) { + if (n < 0) + err (1, "read"); + switch (transfer_mode) { + case KPROP_TRANSFER_PRIVATE: + case KPROP_TRANSFER_SAFE: + if (transfer_mode == KPROP_TRANSFER_PRIVATE) + length = krb_mk_priv (buf, obuf, n, + session_sched, &cred.session, + &my_sin, &sin); + else + length = krb_mk_safe (buf, obuf, n, + &cred.session, + &my_sin, &sin); + if (length == -1) { + warnx ("%s: %s failed.", + cs->name, + (transfer_mode == KPROP_TRANSFER_PRIVATE) + ? "krb_rd_priv" : "krb_rd_safe"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + nlength = htonl(length); + if (write(s, &nlength, sizeof nlength) + != sizeof nlength) { + warn ("write(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (write(s, obuf, length) != length) { + warn ("write(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + case KPROP_TRANSFER_CLEAR: + if (write(s, buf, n) != n) { + warn ("write(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + } + } + close(s); + cs->succeeded = 1; + fprintf(stderr, "%s: success.\n", cs->name); + strcat(strcpy(pc, cs->name), "-last-prop"); + unlink(path); + close(creat(path, 0600)); + } + } + } +punt: + + dest_tkt(); + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) + return (0); /* didn't get this slave */ + } + return (1); +} + +static void +usage() +{ + /* already got floc and fslv, what is this? */ + fprintf(stderr, + "\nUsage: kprop [-force] [-realm realm] [-private" +#ifdef not_safe_yet + "|-safe|-clear" +#endif + "] [data_file [slaves_file]]\n\n"); + exit(1); +} + + +int +main(int argc, char **argv) +{ + int fd, i; + char *floc, *floc_ok; + char *fslv; + struct stat stbuf, stbuf_ok; + time_t l_init, l_final; + char *pc; + int l_diff; + static struct slave_host *slave_host_list = NULL; + struct slave_host *sh; + + set_progname (argv[0]); + + transfer_mode = KPROP_TRANSFER_PRIVATE; + + time(&l_init); + pc = ctime(&l_init); + pc[strlen(pc) - 1] = '\0'; + printf("\nStart slave propagation: %s\n", pc); + + floc = NULL; + fslv = NULL; + + if (krb_get_lrealm(my_realm,1) != KSUCCESS) + errx (1, "Getting my kerberos realm. Check krb.conf"); + + for (i = 1; i < argc; i++) + switch (argv[i][0]) { + case '-': + if (strcmp (argv[i], "-private") == 0) + transfer_mode = KPROP_TRANSFER_PRIVATE; +#ifdef not_safe_yet + else if (strcmp (argv[i], "-safe") == 0) + transfer_mode = KPROP_TRANSFER_SAFE; + else if (strcmp (argv[i], "-clear") == 0) + transfer_mode = KPROP_TRANSFER_CLEAR; +#endif + else if (strcmp (argv[i], "-realm") == 0) { + i++; + if (i < argc) + strcpy(my_realm, argv[i]); + else + usage(); + } else if (strcmp (argv[i], "-force") == 0) + force_flag++; + else { + warnx("unknown control argument %s.", argv[i]); + usage (); + } + break; + default: + /* positional arguments are marginal at best ... */ + if (floc == NULL) + floc = argv[i]; + else { + if (fslv == NULL) + fslv = argv[i]; + else + usage(); + } + } + if(floc == NULL) + floc = DB_DIR "/slave_dump"; + if(fslv == NULL) + fslv = DB_DIR "/slaves"; + + asprintf (&floc_ok, "%s%s", floc, ok); + if (floc_ok == NULL) + errx (1, "out of memory in copying %s", floc); + + if ((fd = open(floc, O_RDONLY)) < 0) + err (1, "open(%s)", floc); + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB)) + err (1, "flock(%s)", floc); + if (stat(floc, &stbuf)) + err (1, "stat(%s)", floc); + if (stat(floc_ok, &stbuf_ok)) + err (1, "stat(%s)", floc_ok); + if (stbuf.st_mtime > stbuf_ok.st_mtime) + errx (1, "'%s' more recent than '%s'.", floc, floc_ok); + if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) + errx (1, "can't read slave host file '%s'.", fslv); +#ifdef KPROP_DBG + { + struct slave_host *sh; + int i; + fprintf(stderr, "\n\n"); + fflush(stderr); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "slave %d: %s, %s", i++, sh->name, + inet_ntoa(sh->net_addr)); + fflush(stderr); + } + } +#endif /* KPROP_DBG */ + + if (!prop_to_slaves(slave_host_list, fd, fslv)) + errx (1, "propagation failed."); + if (k_flock(fd, K_LOCK_UN)) + err (1, "flock(%s, LOCK_UN)", floc); + fprintf(stderr, "\n\n"); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "%s:\t\t%s\n", sh->name, + (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); + } + + time(&l_final); + l_diff = l_final - l_init; + printf("propagation finished, %d:%02d:%02d elapsed\n", + l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); + + exit(0); +} + +#ifdef doesnt_work_yet +u_long get_data_checksum(fd, key_sched) + int fd; + des_key_schedule key_sched; +{ + u_int32_t cksum = 0; + int n; + char buf[BUFSIZ]; + u_int32_t obuf[2]; + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) + err (1, "read"); + cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); + } + return cksum; +} +#endif diff --git a/crypto/kerberosIV/slave/kprop.h b/crypto/kerberosIV/slave/kprop.h new file mode 100644 index 0000000..d66f63f --- /dev/null +++ b/crypto/kerberosIV/slave/kprop.h @@ -0,0 +1,19 @@ +/* + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file . + * + * $Id: kprop.h,v 1.5 1997/02/07 21:39:52 assar Exp $ + * + */ + +#define KPROP_SERVICE_NAME "rcmd" +#define KPROP_SRVTAB "/etc/srvtab" +#define KPROP_PROT_VERSION_LEN 8 +#define KPROP_PROT_VERSION "kprop01" +#define KPROP_TRANSFER_PRIVATE 1 +#define KPROP_TRANSFER_SAFE 2 +#define KPROP_TRANSFER_CLEAR 3 +#define KPROP_BUFSIZ 32768 +#define KPROP_PORT 754 diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c new file mode 100644 index 0000000..e2b5f0a --- /dev/null +++ b/crypto/kerberosIV/slave/kpropd.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "slav_locl.h" + +#include "kprop.h" + +RCSID("$Id: kpropd.c,v 2.21 1997/05/02 17:52:13 assar Exp $"); + +#ifndef SBINDIR +#define SBINDIR "/usr/athena/sbin" +#endif + +struct sockaddr_in master, slave; + +char *database = DBM_FILE; + +char *lockfile = DB_DIR "/slave_propagation"; + +char *logfile = K_LOGFIL; + +char *kdb_util = SBINDIR "/kdb_util"; + +char *kdb_util_command = "load"; + +char *srvtab = ""; + +char realm[REALM_SZ]; + +static +int +copy_data(int from, int to, des_cblock *session, des_key_schedule schedule) +{ + unsigned char tmp[4]; + char buf[KPROP_BUFSIZ + 26]; + u_int32_t length; + int n; + + int kerr; + MSG_DAT m; + + while(1){ + n = krb_net_read(from, tmp, 4); + if(n == 0) + break; + if(n < 0){ + klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno)); + return -1; + } + if(n != 4){ + klog(L_KRB_PERR, "Premature end of data"); + return -1; + } + length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if(length > sizeof(buf)){ + klog(L_KRB_PERR, "Giant packet received: %d", length); + return -1; + } + if(krb_net_read(from, buf, length) != length){ + klog(L_KRB_PERR, "Premature end of data"); + return -1; + } + kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m); + if(kerr != KSUCCESS){ + klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); + return -1; + } + write(to, m.app_data, m.app_length); + } + return 0; +} + + +static +int +kprop(int s) +{ + char buf[128]; + int n; + KTEXT_ST ticket; + AUTH_DAT ad; + char sinst[INST_SZ]; + char command[1024]; + des_key_schedule schedule; + int mode; + int kerr; + int lock; + + n = sizeof(master); + if(getpeername(s, (struct sockaddr*)&master, &n) < 0){ + klog(L_KRB_PERR, "getpeername: %s", strerror(errno)); + return 1; + } + + n = sizeof(slave); + if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){ + klog(L_KRB_PERR, "getsockname: %s", strerror(errno)); + return 1; + } + + klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr)); + + n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2); + if(n < KPROP_PROT_VERSION_LEN + 2){ + klog(L_KRB_PERR, "Premature end of data"); + return 1; + } + if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){ + klog(L_KRB_PERR, "Bad protocol version string received"); + return 1; + } + mode = (buf[n-2] << 8) | buf[n-1]; + if(mode != KPROP_TRANSFER_PRIVATE){ + klog(L_KRB_PERR, "Bad transfer mode received: %d", mode); + return 1; + } + k_getsockinst(s, sinst, sizeof(sinst)); + kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket, + KPROP_SERVICE_NAME, sinst, + &master, &slave, + &ad, srvtab, schedule, + buf); + if(kerr != KSUCCESS){ + klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); + return 1; + } + des_set_key(&ad.session, schedule); + + lock = open(lockfile, O_WRONLY|O_CREAT, 0600); + if(lock < 0){ + klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno)); + return 1; + } + if(k_flock(lock, K_LOCK_EX | K_LOCK_NB)){ + close(lock); + klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); + return 1; + } + + if(ftruncate(lock, 0) < 0){ + close(lock); + klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); + return 1; + } + + if(copy_data(s, lock, &ad.session, schedule)){ + close(lock); + return 1; + } + close(lock); + snprintf(command, sizeof(command), + "%s %s %s %s", kdb_util, kdb_util_command, + lockfile, database); + if(system(command) == 0){ + klog(L_KRB_PERR, "Propagation finished successfully"); + return 0; + } + klog(L_KRB_PERR, "*** Propagation failed ***"); + return 1; +} + +static int +doit(void) +{ + return kprop(0); +} + +static int +doit_interactive(void) +{ + struct sockaddr_in sa; + int salen; + int s, s2; + int ret; + + s = socket(AF_INET, SOCK_STREAM, 0); + if(s < 0){ + klog(L_KRB_PERR, "socket: %s", strerror(errno)); + return 1; + } + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); + ret = bind(s, (struct sockaddr*)&sa, sizeof(sa)); + if (ret < 0) { + klog(L_KRB_PERR, "bind: %s", strerror(errno)); + return 1; + } + ret = listen(s, SOMAXCONN); + if (ret < 0) { + klog(L_KRB_PERR, "listen: %s", strerror(errno)); + return 1; + } + for(;;) { + salen = sizeof(sa); + s2 = accept(s, (struct sockaddr*)&sa, &salen); + switch(fork()){ + case -1: + klog(L_KRB_PERR, "fork: %s", strerror(errno)); + return 1; + case 0: + close(s); + kprop(s2); + return 1; + default: { + int status; + close(s2); + wait(&status); + } + } + } +} + +static void +usage (void) +{ + fprintf (stderr, + "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]" + " [-r realm] [-s srvtab]\n"); + exit (1); +} + +int +main(int argc, char **argv) +{ + int opt; + int interactive = 0; + + krb_get_lrealm(realm, 1); + + while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){ + switch(opt){ + case 'd': + database = optarg; + break; + case 'l': + logfile = optarg; + break; + case 'm': + kdb_util_command = "merge"; + break; + case 'p': + case 'P': + kdb_util = optarg; + break; + case 'r': + strcpy(realm, optarg); + break; + case 's': + srvtab = optarg; + break; + case 'i': + interactive = 1; + break; + default: + klog(L_KRB_PERR, "Bad option: -%c", optopt); + usage (); + exit(1); + } + } + kset_logfile(logfile); + if (interactive) + return doit_interactive (); + else + return doit (); +} diff --git a/crypto/kerberosIV/slave/slav_locl.h b/crypto/kerberosIV/slave/slav_locl.h new file mode 100644 index 0000000..760fb9d --- /dev/null +++ b/crypto/kerberosIV/slave/slav_locl.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: slav_locl.h,v 1.11 1997/05/20 18:40:47 bg Exp $ */ + +#ifndef __slav_locl_h +#define __slav_locl_h + +#include "config.h" +#include "protos.h" + +#include +#include +#include +#include +#include + +#include +#include + +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#ifdef HAVE_SYS_FILE_H +#include +#endif +#ifdef HAVE_SYS_WAIT_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#include + +#ifdef SOCKS +#include +#endif + +#include + +#include +#include +#include +#include +#include + +#include "kprop.h" + +#endif /* __slav_locl_h */ -- cgit v1.1