aboutsummaryrefslogtreecommitdiff
path: root/crypto/kerberosIV/appl
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/kerberosIV/appl')
-rw-r--r--crypto/kerberosIV/appl/Makefile.in4
-rw-r--r--crypto/kerberosIV/appl/afsutil/aklog.c34
-rw-r--r--crypto/kerberosIV/appl/bsd/bsd_locl.h6
-rw-r--r--crypto/kerberosIV/appl/bsd/kcmd.c10
-rw-r--r--crypto/kerberosIV/appl/bsd/login.c34
-rw-r--r--crypto/kerberosIV/appl/bsd/rcmd_util.c20
-rw-r--r--crypto/kerberosIV/appl/bsd/rcp.c8
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogin.c8
-rw-r--r--crypto/kerberosIV/appl/bsd/rlogind.c13
-rw-r--r--crypto/kerberosIV/appl/bsd/rsh.c16
-rw-r--r--crypto/kerberosIV/appl/bsd/rshd.c28
-rw-r--r--crypto/kerberosIV/appl/bsd/su.c57
-rw-r--r--crypto/kerberosIV/appl/ftp/ChangeLog8
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/cmds.c5
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/ftp.c27
-rw-r--r--crypto/kerberosIV/appl/ftp/ftp/main.c6
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y8
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ftpd.c116
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/ls.c11
-rw-r--r--crypto/kerberosIV/appl/ftp/ftpd/pathnames.h3
-rw-r--r--crypto/kerberosIV/appl/kauth/ChangeLog11
-rw-r--r--crypto/kerberosIV/appl/kauth/Makefile.in13
-rw-r--r--crypto/kerberosIV/appl/kauth/kauth.c5
-rw-r--r--crypto/kerberosIV/appl/kauth/kauthd.c10
-rw-r--r--crypto/kerberosIV/appl/kip/Makefile.in22
-rw-r--r--crypto/kerberosIV/appl/kip/common.c145
-rw-r--r--crypto/kerberosIV/appl/kip/kip-join-network.in53
-rw-r--r--crypto/kerberosIV/appl/kip/kip.c125
-rw-r--r--crypto/kerberosIV/appl/kip/kip.h26
-rw-r--r--crypto/kerberosIV/appl/kip/kipd-control.in54
-rw-r--r--crypto/kerberosIV/appl/kip/kipd.c129
-rw-r--r--crypto/kerberosIV/appl/push/push.85
-rw-r--r--crypto/kerberosIV/appl/push/push.cat84
-rw-r--r--crypto/kerberosIV/appl/sample/sample_server.c4
-rw-r--r--crypto/kerberosIV/appl/telnet/ChangeLog54
-rw-r--r--crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c16
-rw-r--r--crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c18
-rw-r--r--crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c16
-rw-r--r--crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c14
-rw-r--r--crypto/kerberosIV/appl/telnet/libtelnet/spx.c10
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/authenc.c4
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/commands.c16
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/main.c57
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/network.c4
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c9
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h9
-rw-r--r--crypto/kerberosIV/appl/telnet/telnet/utilities.c9
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/authenc.c5
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/ext.h6
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/sys_term.c72
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/telnetd.c104
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/telnetd.h12
-rw-r--r--crypto/kerberosIV/appl/telnet/telnetd/utility.c16
53 files changed, 1117 insertions, 362 deletions
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in
index 2cc839102df7..74a3b9a0d0bd 100644
--- a/crypto/kerberosIV/appl/Makefile.in
+++ b/crypto/kerberosIV/appl/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $
+# $Id: Makefile.in,v 1.31.6.1 2000/06/23 04:30:11 assar Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -8,7 +8,7 @@ SHELL = /bin/sh
@SET_MAKE@
SUBDIRS = sample kauth bsd movemail push afsutil \
- popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
+ popper xnlock kx kip @OTP_dir@ ftp telnet
all:
for i in $(SUBDIRS); \
diff --git a/crypto/kerberosIV/appl/afsutil/aklog.c b/crypto/kerberosIV/appl/afsutil/aklog.c
index 22dbfe7b2f85..b3370da48b85 100644
--- a/crypto/kerberosIV/appl/afsutil/aklog.c
+++ b/crypto/kerberosIV/appl/afsutil/aklog.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -66,7 +66,7 @@
#include <roken.h>
-RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $");
+RCSID("$Id: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $");
static int debug = 0;
@@ -89,15 +89,15 @@ DEBUG(const char *fmt, ...)
}
static char *
-expand_cell_name(char *cell)
+expand_1 (const char *cell, const char *filename)
{
FILE *f;
static char buf[128];
char *p;
- f = fopen(_PATH_CELLSERVDB, "r");
+ f = fopen(filename, "r");
if(f == NULL)
- return cell;
+ return NULL;
while(fgets(buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>') {
for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
@@ -111,11 +111,25 @@ expand_cell_name(char *cell)
buf[0] = 0;
}
fclose(f);
+ return NULL;
+}
+
+static const char *
+expand_cell_name(const char *cell)
+{
+ char *ret;
+
+ ret = expand_1(cell, _PATH_CELLSERVDB);
+ if (ret != NULL)
+ return ret;
+ ret = expand_1(cell, _PATH_ARLA_CELLSERVDB);
+ if (ret != NULL)
+ return ret;
return cell;
}
static int
-createuser (char *cell)
+createuser (const char *cell)
{
char cellbuf[64];
char name[ANAME_SZ];
@@ -129,9 +143,11 @@ createuser (char *cell)
f = fopen (_PATH_THISCELL, "r");
if (f == NULL)
- err (1, "open(%s)", _PATH_THISCELL);
+ f = fopen (_PATH_ARLA_THISCELL, "r");
+ if (f == NULL)
+ err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL);
if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
- err (1, "read cellname from %s", _PATH_THISCELL);
+ err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL);
fclose (f);
len = strlen(cellbuf);
if (cellbuf[len-1] == '\n')
@@ -156,7 +172,7 @@ main(int argc, char **argv)
int i;
int do_aklog = -1;
int do_createuser = -1;
- char *cell = NULL;
+ const char *cell = NULL;
char *realm = NULL;
char cellbuf[64];
diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h
index e39bc3686fc8..f742d63d83f1 100644
--- a/crypto/kerberosIV/appl/bsd/bsd_locl.h
+++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */
+/* $Id: bsd_locl.h,v 1.111.2.1 2000/06/23 02:34:20 assar Exp $ */
#define LOGALL
#define KERBEROS
@@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username,
#endif
int do_osfc2_magic(uid_t);
+
+void paranoid_setuid (uid_t uid);
diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c
index af2035749e64..93b2b7004952 100644
--- a/crypto/kerberosIV/appl/bsd/kcmd.c
+++ b/crypto/kerberosIV/appl/bsd/kcmd.c
@@ -33,7 +33,7 @@
#include "bsd_locl.h"
-RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $");
+RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $");
#define START_PORT 5120 /* arbitrary */
@@ -185,6 +185,14 @@ kcmd(int *sock,
{
fd_set fds;
FD_ZERO(&fds);
+ if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) {
+ warnx("file descriptor too large");
+ close(s);
+ close(s2);
+ status = -1;
+ goto bad;
+ }
+
FD_SET(s, &fds);
FD_SET(s2, &fds);
status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c
index 0d29ebee1b06..f2f08733df68 100644
--- a/crypto/kerberosIV/appl/bsd/login.c
+++ b/crypto/kerberosIV/appl/bsd/login.c
@@ -45,7 +45,7 @@
#include <sys/capability.h>
#endif
-RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $");
+RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $");
#ifdef OTP
#include <otp.h>
@@ -596,22 +596,28 @@ main(int argc, char **argv)
if (pwd->pw_change || pwd->pw_expire)
gettimeofday(&tp, (struct timezone *)NULL);
- if (pwd->pw_change)
+ if (pwd->pw_change) {
+ time_t t;
+
if (tp.tv_sec >= pwd->pw_change) {
printf("Sorry -- your password has expired.\n");
changepass=1;
} else if (pwd->pw_change - tp.tv_sec <
- 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
+ t = pwd->pw_change;
printf("Warning: your password expires on %s",
- ctime(&pwd->pw_change));
+ ctime(&t));
+ }
if (pwd->pw_expire)
if (tp.tv_sec >= pwd->pw_expire) {
printf("Sorry -- your account has expired.\n");
sleepexit(1);
} else if (pwd->pw_expire - tp.tv_sec <
- 2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
+ 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
+ t = pwd->pw_expire;
printf("Warning: your account expires on %s",
- ctime(&pwd->pw_expire));
+ ctime(&t));
+ }
#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
/* Nothing else left to fail -- really log in. */
@@ -788,6 +794,11 @@ main(int argc, char **argv)
if(!rootlogin)
exit(1);
}
+ if (uid != 0 && setuid(0) != -1) {
+ syslog(LOG_ALERT | LOG_AUTH,
+ "Failed to drop privileges for user %d", uid);
+ errx(1, "Sorry");
+ }
}
@@ -953,6 +964,7 @@ dolastlog(int quiet)
#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
struct lastlog ll;
int fd;
+ time_t t;
if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
@@ -966,8 +978,8 @@ dolastlog(int quiet)
sleepexit(1);
}
if (!quiet) {
- printf("Last login: %.*s ",
- 24-5, ctime(&ll.ll_time));
+ t = ll.ll_time;
+ printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0') {
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@@ -983,8 +995,8 @@ dolastlog(int quiet)
if (!quiet) {
if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
ll.ll_time != 0) {
- printf("Last login: %.*s ",
- 24-5, ctime(&ll.ll_time));
+ t = ll.ll_time;
+ printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0')
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@@ -998,7 +1010,7 @@ dolastlog(int quiet)
}
#endif /* SYSV_SHADOW */
memset(&ll, 0, sizeof(ll));
- time(&ll.ll_time);
+ ll.ll_time = time(NULL);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c
index 1dfb46dbb07a..cd431e3ebb48 100644
--- a/crypto/kerberosIV/appl/bsd/rcmd_util.c
+++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,7 @@
#include "bsd_locl.h"
-RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $");
+RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $");
int
get_login_port(int kerberos, int encryption)
@@ -245,3 +245,19 @@ warning(const char *fmt, ...)
}
va_end(args);
}
+
+/*
+ * setuid but work-around Linux 2.2.15 bug with setuid and capabilities
+ */
+
+void
+paranoid_setuid (uid_t uid)
+{
+ if (setuid (uid) < 0)
+ err (1, "setuid");
+ if (uid != 0 && setuid (0) == 0) {
+ syslog(LOG_ALERT | LOG_AUTH,
+ "Failed to drop privileges for uid %u", (unsigned)uid);
+ err (1, "setuid");
+ }
+}
diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c
index be8709755495..660be91933af 100644
--- a/crypto/kerberosIV/appl/bsd/rcp.c
+++ b/crypto/kerberosIV/appl/bsd/rcp.c
@@ -33,7 +33,7 @@
#include "bsd_locl.h"
-RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $");
+RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $");
/* Globals */
static char dst_realm_buf[REALM_SZ];
@@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user)
int sock = -1, err;
if (use_kerberos) {
- setuid(getuid());
+ paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv)
if (response() < 0)
exit(1);
free(bp);
- setuid(userid);
+ paranoid_setuid(userid);
}
source(1, argv+i);
}
@@ -1002,7 +1002,7 @@ main(int argc, char **argv)
response();
if(do_osfc2_magic(pwd->pw_uid))
exit(1);
- setuid(userid);
+ paranoid_setuid(userid);
if (k_hasafs()) {
/* Sometimes we will need cell specific tokens
* to be able to read and write files, thus,
diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c
index d057edea8276..60bed675051a 100644
--- a/crypto/kerberosIV/appl/bsd/rlogin.c
+++ b/crypto/kerberosIV/appl/bsd/rlogin.c
@@ -36,7 +36,7 @@
*/
#include "bsd_locl.h"
-RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $");
+RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@@ -241,6 +241,8 @@ reader(void)
rcvcnt = 0;
FD_ZERO (&readfds);
+ if (rem >= FD_SETSIZE)
+ errx (1, "fd too large");
FD_SET (rem, &readfds);
FD_ZERO (&exceptfds);
if (kludgep)
@@ -641,7 +643,7 @@ main(int argc, char **argv)
get_window_size(0, &winsize);
if (use_kerberos) {
- setuid(getuid());
+ paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@@ -703,7 +705,7 @@ main(int argc, char **argv)
#endif /* IP_TOS */
#endif /* HAVE_SETSOCKOPT */
- setuid(uid);
+ paranoid_setuid(uid);
doit();
return 0;
}
diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c
index 927ffc541d56..eae2dd6cdaf5 100644
--- a/crypto/kerberosIV/appl/bsd/rlogind.c
+++ b/crypto/kerberosIV/appl/bsd/rlogind.c
@@ -42,7 +42,7 @@
#include "bsd_locl.h"
-RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $");
+RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $");
extern int __check_rhosts_file;
@@ -257,7 +257,7 @@ rlogind_logout(const char *line)
ut.ut_exit.e_exit = 0;
#endif
#endif
- time(&ut.ut_time);
+ ut.ut_time = time(NULL);
fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
fwrite(&ut, sizeof(struct utmp), 1, fp);
fseek(fp, (long)0, SEEK_CUR);
@@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host)
else
ut.ut_type = DEAD_PROCESS;
#endif
- time(&ut.ut_time);
+ ut.ut_time = time(NULL);
if (write(fd, &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))
ftruncate(fd, buf.st_size);
@@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp)
execl(new_login, "login", "-p",
"-h", hostname, "-f", "--", lusername, 0);
+ } else if (use_kerberos) {
+ fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n",
+ krb_unparse_name_long(kdata->pname,
+ kdata->pinst,
+ kdata->prealm),
+ lusername);
+ exit(1);
} else
execl(new_login, "login", "-p",
"-h", hostname, "--", lusername, 0);
diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c
index 87fe1fe53369..a18f77550f9a 100644
--- a/crypto/kerberosIV/appl/bsd/rsh.c
+++ b/crypto/kerberosIV/appl/bsd/rsh.c
@@ -33,7 +33,7 @@
#include "bsd_locl.h"
-RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $");
+RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem)
goto done;
bp = buf;
- rewrite: FD_ZERO(&rembits);
+ rewrite:
+ FD_ZERO(&rembits);
+ if (rem >= FD_SETSIZE)
+ errx(1, "fd too large");
FD_SET(rem, &rembits);
if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
if (errno != EINTR)
@@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem)
if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
warn("sigprocmask");
FD_ZERO(&readfrom);
+ if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
+ errx(1, "fd too large");
FD_SET(rem, &readfrom);
FD_SET(rfd2, &readfrom);
do {
@@ -253,7 +258,7 @@ main(int argc, char **argv)
/* if no further arguments, must have been called as rlogin. */
if (!argv[optind]) {
*argv = "rlogin";
- setuid(getuid());
+ paranoid_setuid (getuid ());
execv(_PATH_RLOGIN, argv);
err(1, "can't exec %s", _PATH_RLOGIN);
}
@@ -282,7 +287,7 @@ main(int argc, char **argv)
sv_port = get_shell_port(use_kerberos, doencrypt);
if (use_kerberos) {
- setuid(getuid());
+ paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@@ -342,7 +347,7 @@ main(int argc, char **argv)
}
#endif
- setuid(uid);
+ paranoid_setuid(uid);
{
sigset_t sigmsk;
sigemptyset(&sigmsk);
@@ -358,6 +363,7 @@ main(int argc, char **argv)
signal(SIGQUIT, sendsig);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, sendsig);
+ signal(SIGPIPE, SIG_IGN);
if (!nfork) {
pid = fork();
diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c
index b750e72f3247..496fa881a7de 100644
--- a/crypto/kerberosIV/appl/bsd/rshd.c
+++ b/crypto/kerberosIV/appl/bsd/rshd.c
@@ -42,7 +42,7 @@
#include "bsd_locl.h"
-RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $");
+RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $");
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
extern int __check_rhosts_file;
@@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp)
char *cp, sig, buf[DES_RW_MAXWRITE];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MaxHostNameLen + 1];
+ uid_t uid;
+ char shell_path[MAXPATHLEN];
AUTH_DAT *kdata;
KTEXT ticket;
@@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp)
close(2);
close(pv[1]);
+ if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) {
+ error ("fd too large\n");
+ exit (1);
+ }
+
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
@@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp)
else
nfd = s;
if (doencrypt) {
+ if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) {
+ error ("fd too large\n");
+ exit (1);
+ }
+
FD_ZERO(&writeto);
FD_SET(pv2[1], &writeto);
FD_SET(pv1[0], &readfrom);
@@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp)
snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
strlcat(shell, pwd->pw_shell, sizeof(shell));
+ strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path));
strlcat(username, pwd->pw_name, sizeof(username));
+ uid = pwd->pw_uid;
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
endpwent();
- if (log_success || pwd->pw_uid == 0) {
+ if (log_success || uid == 0) {
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s on %s as %s, cmd='%.80s'",
@@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp)
remuser, remotehost, locuser, cmdbuf);
}
if (k_hasafs()) {
+ char cell[64];
+
if (new_pag)
k_setpag(); /* Put users process in an new pag */
- krb_afslog(0, 0);
+ if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0)
+ krb_afslog_uid_home (cell, NULL, uid, homedir);
+ krb_afslog_uid_home(NULL, NULL, uid, homedir);
}
- execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
- err(1, "%s", pwd->pw_shell);
+ execle(shell_path, cp, "-c", cmdbuf, 0, envinit);
+ err(1, "%s", shell_path);
}
/*
diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c
index cb24591c074e..7fc63ee91552 100644
--- a/crypto/kerberosIV/appl/bsd/su.c
+++ b/crypto/kerberosIV/appl/bsd/su.c
@@ -33,20 +33,20 @@
#include "bsd_locl.h"
-RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $");
+RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $");
#ifdef SYSV_SHADOW
#include "sysv_shadow.h"
#endif
-static int kerberos (char *username, char *user, int uid);
+static int kerberos (char *username, char *user, char *realm, int uid);
static int chshell (char *sh);
static char *ontty (void);
static int koktologin (char *name, char *realm, char *toname);
static int chshell (char *sh);
/* Handle '-' option after all the getopt options */
-#define ARGSTR "Kflmti:"
+#define ARGSTR "Kkflmti:r:"
int destroy_tickets = 0;
static int use_kerberos = 1;
@@ -63,15 +63,22 @@ main (int argc, char **argv)
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell, *avshell, *username, **np;
char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
+ char *realm = NULL;
set_progname (argv[0]);
+ if (getuid() == 0)
+ use_kerberos = 0;
+
asme = asthem = fastlogin = 0;
while ((ch = getopt (argc, argv, ARGSTR)) != -1)
switch ((char) ch) {
case 'K':
use_kerberos = 0;
break;
+ case 'k':
+ use_kerberos = 1;
+ break;
case 'f':
fastlogin = 1;
break;
@@ -89,10 +96,13 @@ main (int argc, char **argv)
case 'i':
root_inst = optarg;
break;
+ case 'r':
+ realm = optarg;
+ break;
case '?':
default:
fprintf (stderr,
- "usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
+ "usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n");
exit (1);
}
/* Don't handle '-' option with getopt */
@@ -150,7 +160,7 @@ main (int argc, char **argv)
syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
errx (1, "unknown login %s", user);
}
- if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
+ if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) {
#ifndef PASSWD_FALLBACK
errx (1, "won't use /etc/passwd authentication");
#endif
@@ -225,12 +235,22 @@ main (int argc, char **argv)
if (setgid (pwd->pw_gid) < 0)
err (1, "setgid");
- if (initgroups (user, pwd->pw_gid))
- errx (1, "initgroups failed.");
+ if (initgroups (user, pwd->pw_gid)) {
+ if (errno == E2BIG) /* Member of too many groups! */
+ warn("initgroups failed.");
+ else
+ errx(1, "initgroups failed.");
+ }
if (setuid (pwd->pw_uid) < 0)
err (1, "setuid");
+ if (pwd->pw_uid != 0 && setuid(0) != -1) {
+ syslog(LOG_ALERT | LOG_AUTH,
+ "Failed to drop privileges for user %s", pwd->pw_name);
+ errx(1, "Sorry");
+ }
+
if (!asme) {
if (asthem) {
char *k = getenv ("KRBTKFILE");
@@ -321,19 +341,26 @@ ontty (void)
}
static int
-kerberos (char *username, char *user, int uid)
+kerberos (char *username, char *user, char *lrealm, int uid)
{
KTEXT_ST ticket;
AUTH_DAT authdata;
struct hostent *hp;
int kerno;
u_long faddr;
- char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
+ char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen];
char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
+ int n;
+ int allowed = 0;
- if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
- return (1);
- if (koktologin (username, lrealm, user) && !uid) {
+ if (lrealm != NULL) {
+ allowed = koktologin (username, lrealm, user) == 0;
+ } else {
+ for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n)
+ allowed = koktologin (username, tmp_realm, user) == 0;
+ lrealm = tmp_realm;
+ }
+ if (!allowed && !uid) {
#ifndef PASSWD_FALLBACK
warnx ("not in %s's ACL.", user);
#endif
@@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid)
}
strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
- kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
+ for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) {
+ kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33);
+ if (kerno == 0)
+ break;
+ }
if (kerno == KDC_PR_UNKNOWN) {
warnx ("Warning: TGT not verified.");
diff --git a/crypto/kerberosIV/appl/ftp/ChangeLog b/crypto/kerberosIV/appl/ftp/ChangeLog
index e2e1bb5f4dfa..0136a4bace0e 100644
--- a/crypto/kerberosIV/appl/ftp/ChangeLog
+++ b/crypto/kerberosIV/appl/ftp/ChangeLog
@@ -1,3 +1,11 @@
+2000-03-26 Assar Westerlund <assar@sics.se>
+
+ * ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
+ time, ctime, and gmtime with `time_t's. there were some types
+ (like in lastlog) that we believed to always be time_t. this has
+ proven wrong on Solaris 8 in 64-bit mode, where they are stored as
+ 32-bit quantities but time_t has gone up to 64 bits
+
1999-11-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
index 7698313c252e..1b989320d544 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/cmds.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c
@@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
-RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $");
+RCSID("$Id: cmds.c,v 1.36.2.2 2000/06/23 02:43:49 assar Exp $");
typedef void (*sighand)(int);
@@ -647,6 +647,7 @@ getit(int argc, char **argv, int restartit, char *mode)
int cmdret;
int yy, mo, day, hour, min, sec;
struct tm *tm;
+ time_t mtime = stbuf.st_mtime;
overbose = verbose;
if (debug == 0)
@@ -665,7 +666,7 @@ getit(int argc, char **argv, int restartit, char *mode)
return (0);
}
- tm = gmtime(&stbuf.st_mtime);
+ tm = gmtime(&mtime);
tm->tm_mon++;
tm->tm_year += 1900;
diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
index 833fb085b2e9..848debd778e1 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/ftp.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c
@@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
-RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $");
+RCSID ("$Id: ftp.c,v 1.60.2.1 2000/06/23 02:45:40 assar Exp $");
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@@ -193,8 +193,9 @@ login (char *host)
printf ("Name (%s:%s): ", host, myname);
else
printf ("Name (%s): ", host);
- fgets (tmp, sizeof (tmp) - 1, stdin);
- tmp[strlen (tmp) - 1] = '\0';
+ *tmp = '\0';
+ if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
+ tmp[strlen (tmp) - 1] = '\0';
if (*tmp == '\0')
user = myname;
else
@@ -203,24 +204,26 @@ login (char *host)
strlcpy(username, user, sizeof(username));
n = command("USER %s", user);
if (n == CONTINUE) {
- if(sec_complete)
- pass = myname;
- else if (pass == NULL) {
+ if (pass == NULL) {
char prompt[128];
if(myname &&
- (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
+ (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
snprintf(defaultpass, sizeof(defaultpass),
"%s@%s", myname, mydomain);
snprintf(prompt, sizeof(prompt),
"Password (%s): ", defaultpass);
- }else{
+ } else if (sec_complete) {
+ pass = myname;
+ } else {
*defaultpass = '\0';
snprintf(prompt, sizeof(prompt), "Password: ");
}
- pass = defaultpass;
- des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
- if (tmp[0])
- pass = tmp;
+ if (pass == NULL) {
+ pass = defaultpass;
+ des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
+ if (tmp[0])
+ pass = tmp;
+ }
}
n = command ("PASS %s", pass);
}
diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c
index dfe9e882bc1f..929acac1da0b 100644
--- a/crypto/kerberosIV/appl/ftp/ftp/main.c
+++ b/crypto/kerberosIV/appl/ftp/ftp/main.c
@@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
-RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $");
+RCSID("$Id: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $");
int
main(int argc, char **argv)
@@ -244,8 +244,10 @@ cmdscanner(int top)
if (fromatty) {
char *p;
p = readline("ftp> ");
- if(p == NULL)
+ if(p == NULL) {
+ printf("\n");
quit(0, 0);
+ }
strlcpy(line, p, sizeof(line));
add_history(p);
free(p);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
index 07ff9a5b2d8d..c48202967926 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
@@ -43,7 +43,7 @@
%{
#include "ftpd_locl.h"
-RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $");
+RCSID("$Id: ftpcmd.y,v 1.56.2.2 2000/06/23 02:48:19 assar Exp $");
off_t restart_point;
@@ -577,7 +577,7 @@ cmd
}
| SYST CRLF
{
-#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
reply(215, "UNIX Type: L%d", NBBY);
#else
reply(215, "UNKNOWN Type: L%d", NBBY);
@@ -620,7 +620,9 @@ cmd
"%s: not a plain file.", $3);
} else {
struct tm *t;
- t = gmtime(&stbuf.st_mtime);
+ time_t mtime = stbuf.st_mtime;
+
+ t = gmtime(&mtime);
reply(213,
"%04d%02d%02d%02d%02d%02d",
t->tm_year + 1900,
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
index d3c9a6ac4598..51daa3fae0e5 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
@@ -38,7 +38,7 @@
#endif
#include "getarg.h"
-RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $");
+RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $");
static char version[] = "Version 6.00";
@@ -195,14 +195,13 @@ parse_auth_level(char *str)
* Print usage and die.
*/
-static int debug_flag;
static int interactive_flag;
static char *guest_umask_string;
static char *port_string;
static char *umask_string;
static char *auth_string;
-int use_builtin_ls;
+int use_builtin_ls = -1;
static int help_flag;
static int version_flag;
@@ -216,8 +215,8 @@ struct getargs args[] = {
{ NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
{ NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
{ NULL, 'u', arg_string, &umask_string, "umask for user logins" },
- { NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
- { NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
+ { NULL, 'd', arg_flag, &debug, "enable debugging" },
+ { NULL, 'v', arg_flag, &debug, "enable debugging" },
{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
@@ -232,6 +231,24 @@ usage (int code)
exit (code);
}
+/* output contents of a file */
+static int
+show_file(const char *file, int code)
+{
+ FILE *f;
+ char buf[128];
+
+ f = fopen(file, "r");
+ if(f == NULL)
+ return -1;
+ while(fgets(buf, sizeof(buf), f)){
+ buf[strcspn(buf, "\r\n")] = '\0';
+ lreply(code, "%s", buf);
+ }
+ fclose(f);
+ return 0;
+}
+
int
main(int argc, char **argv)
{
@@ -377,27 +394,12 @@ main(int argc, char **argv)
tmpline[0] = '\0';
/* If logins are disabled, print out the message. */
- if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
- while (fgets(line, sizeof(line), fd) != NULL) {
- if ((cp = strchr(line, '\n')) != NULL)
- *cp = '\0';
- lreply(530, "%s", line);
- }
- fflush(stdout);
- fclose(fd);
+ if(show_file(_PATH_NOLOGIN, 530) == 0) {
reply(530, "System not available.");
exit(0);
}
- if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
- while (fgets(line, sizeof(line), fd) != NULL) {
- if ((cp = strchr(line, '\n')) != NULL)
- *cp = '\0';
- lreply(220, "%s", line);
- }
- fflush(stdout);
- fclose(fd);
- /* reply(220,) must follow */
- }
+ show_file(_PATH_FTPWELCOME, 220);
+ /* reply(220,) must follow */
gethostname(hostname, sizeof(hostname));
reply(220, "%s FTP server (%s"
@@ -704,24 +706,6 @@ checkaccess(char *name)
#undef ALLOWED
#undef NOT_ALLOWED
-/* output contents of /etc/issue.net, or /etc/issue */
-static void
-show_issue(int code)
-{
- FILE *f;
- char buf[128];
-
- f = fopen("/etc/issue.net", "r");
- if(f == NULL)
- f = fopen("/etc/issue", "r");
- if(f){
- while(fgets(buf, sizeof(buf), f)){
- buf[strcspn(buf, "\r\n")] = '\0';
- lreply(code, "%s", buf);
- }
- fclose(f);
- }
-}
int do_login(int code, char *passwd)
{
@@ -765,28 +749,33 @@ int do_login(int code, char *passwd)
reply(550, "Can't set uid.");
return -1;
}
+
+ if(use_builtin_ls == -1) {
+ struct stat st;
+ /* if /bin/ls exist and is a regular file, use it, otherwise
+ use built-in ls */
+ if(stat("/bin/ls", &st) == 0 &&
+ S_ISREG(st.st_mode))
+ use_builtin_ls = 0;
+ else
+ use_builtin_ls = 1;
+ }
+
/*
* Display a login message, if it exists.
* N.B. reply(code,) must follow the message.
*/
- if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
- char *cp, line[LINE_MAX];
-
- while (fgets(line, sizeof(line), fd) != NULL) {
- if ((cp = strchr(line, '\n')) != NULL)
- *cp = '\0';
- lreply(code, "%s", line);
- }
- }
+ show_file(_PATH_FTPLOGINMESG, code);
+ if(show_file(_PATH_ISSUE_NET, code) != 0)
+ show_file(_PATH_ISSUE, code);
if (guest) {
- show_issue(code);
reply(code, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
snprintf (proctitle, sizeof(proctitle),
"%s: anonymous/%s",
remotehost,
passwd);
- setproctitle(proctitle);
+ setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@@ -803,11 +792,10 @@ int do_login(int code, char *passwd)
passwd);
}
} else {
- show_issue(code);
reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
- setproctitle(proctitle);
+ setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name)
{".tar", "/bin/gtar cPf - %s", NULL},
{".tar.gz", "/bin/gtar zcPf - %s", NULL},
{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
- {".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"},
- {".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"},
+ {".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
+ {".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
{NULL, NULL}
};
struct cmds *p;
@@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode)
*sizebuf = '\0';
if (pdata >= 0) {
struct sockaddr_storage from_ss;
- struct sockaddr *from = (struct sockaddr *)&from;
+ struct sockaddr *from = (struct sockaddr *)&from_ss;
int s;
int fromlen = sizeof(from_ss);
@@ -1501,7 +1489,7 @@ statfilecmd(char *filename)
int c;
char line[LINE_MAX];
- snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
+ snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
fin = ftpd_popen(line, "r", 1, 0);
lreply(211, "status of %s:", filename);
while ((c = getc(fin)) != EOF) {
@@ -1782,7 +1770,7 @@ dolog(struct sockaddr *sa)
inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
- setproctitle(proctitle);
+ setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
@@ -2093,9 +2081,9 @@ list_file(char *file)
pdata = -1;
} else {
#ifdef HAVE_LS_A
- const char *cmd = "/bin/ls -lA %s";
+ const char *cmd = "/bin/ls -lA -- %s";
#else
- const char *cmd = "/bin/ls -la %s";
+ const char *cmd = "/bin/ls -la -- %s";
#endif
retrieve(cmd, file);
}
@@ -2146,8 +2134,8 @@ send_file_list(char *whichf)
*/
if (dirname[0] == '-' && *dirlist == NULL &&
transflag == 0) {
- retrieve("/bin/ls %s", dirname);
- goto out;
+ list_file(dirname);
+ goto out;
}
perror_reply(550, whichf);
if (dout != NULL) {
@@ -2241,7 +2229,7 @@ find(char *pattern)
FILE *f;
snprintf(line, sizeof(line),
- "/bin/locate -d %s %s",
+ "/bin/locate -d %s -- %s",
ftp_rooted("/etc/locatedb"),
pattern);
f = ftpd_popen(line, "r", 1, 1);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ls.c b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
index 97eb77ed906d..6e2c9a188cae 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/ls.c
+++ b/crypto/kerberosIV/appl/ftp/ftpd/ls.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -32,7 +32,7 @@
#include "ftpd_locl.h"
-RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $");
+RCSID("$Id: ls.c,v 1.13.2.2 2000/06/23 02:51:09 assar Exp $");
struct fileinfo {
struct stat st;
@@ -164,9 +164,10 @@ make_fileinfo(const char *filename, struct fileinfo *file, int flags)
{
time_t t = time(NULL);
- struct tm *tm = localtime(&st->st_mtime);
- if((t - st->st_mtime > 6*30*24*60*60) ||
- (st->st_mtime - t > 6*30*24*60*60))
+ time_t mtime = st->st_mtime;
+ struct tm *tm = localtime(&mtime);
+ if((t - mtime > 6*30*24*60*60) ||
+ (mtime - t > 6*30*24*60*60))
strftime(buf, sizeof(buf), "%b %e %Y", tm);
else
strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
index 1bd2be1a1efa..ff2041bb6c79 100644
--- a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
+++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
@@ -53,3 +53,6 @@
#define _PATH_FTPCHROOT "/etc/ftpchroot"
#define _PATH_FTPWELCOME "/etc/ftpwelcome"
#define _PATH_FTPLOGINMESG "/etc/motd"
+
+#define _PATH_ISSUE "/etc/issue"
+#define _PATH_ISSUE_NET "/etc/issue.net"
diff --git a/crypto/kerberosIV/appl/kauth/ChangeLog b/crypto/kerberosIV/appl/kauth/ChangeLog
index a770682f713b..7ce281cd53cc 100644
--- a/crypto/kerberosIV/appl/kauth/ChangeLog
+++ b/crypto/kerberosIV/appl/kauth/ChangeLog
@@ -1,3 +1,14 @@
+2000-02-28 Assar Westerlund <assar@sics.se>
+
+ * kauth.c (main): don't enable aflag with `-d'. this breaks with
+ kaservers that don't let you get a ticket for a user and besides,
+ adding debugging should not change the functionality
+
+1999-12-06 Assar Westerlund <assar@sics.se>
+
+ * rkinit.c (doit_host): NAT work-around
+ * kauthd.c (doit): type correctness
+
1999-08-31 Johan Danielsson <joda@pdc.kth.se>
* kauth.c: cleanup usage string; handle `kauth -h' gracefully
diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in
index 278facc21cc4..1e8a4c1ebc84 100644
--- a/crypto/kerberosIV/appl/kauth/Makefile.in
+++ b/crypto/kerberosIV/appl/kauth/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
+# $Id: Makefile.in,v 1.40.16.1 2000/06/23 02:52:31 assar Exp $
SHELL = /bin/sh
@@ -17,6 +17,7 @@ WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@@ -28,9 +29,10 @@ bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
-PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt
+PROG_BIN = kauth$(EXECSUFFIX)
+SCRIPT_BIN = ksrvtgt
PROG_LIBEXEC = kauthd$(EXECSUFFIX)
-PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+PROGS = $(PROG_BIN) $(SCRIPT_BIN) $(PROG_LIBEXEC)
SOURCES_KAUTH = kauth.c rkinit.c
SOURCES_KAUTHD = kauthd.c
@@ -58,6 +60,9 @@ install: all
for x in $(PROG_BIN); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
+ for x in $(SCRIPT_BIN); do \
+ $(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
+ done
if test -f $(DESTDIR)$(bindir)/zrefresh -o -r $(DESTDIR)$(bindir)/zrefresh; then \
true; \
else \
@@ -68,7 +73,7 @@ install: all
done
uninstall:
- for x in $(PROG_BIN); do \
+ for x in $(PROG_BIN) $(SCRIPT_BIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(PROG_LIBEXEC); do \
diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c
index 13448a040dda..3f6f0bcd6abe 100644
--- a/crypto/kerberosIV/appl/kauth/kauth.c
+++ b/crypto/kerberosIV/appl/kauth/kauth.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,7 +41,7 @@
#include "kauth.h"
-RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $");
krb_principal princ;
static char srvtab[MaxPathLen];
@@ -233,7 +233,6 @@ main(int argc, char **argv)
case 'd':
krb_enable_debug();
_kafs_debug = 1;
- aflag++;
break;
case 'f':
strlcpy(srvtab, optarg, sizeof(srvtab));
diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c
index 8dae4d0a45c5..d99f2a3b3673 100644
--- a/crypto/kerberosIV/appl/kauth/kauthd.c
+++ b/crypto/kerberosIV/appl/kauth/kauthd.c
@@ -33,7 +33,7 @@
#include "kauth.h"
-RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kauthd.c,v 1.25.2.1 2000/06/28 19:07:58 assar Exp $");
krb_principal princ;
static char locuser[SNAME_SZ];
@@ -128,7 +128,7 @@ doit(int sock)
if( kuserok(&auth, locuser) != 0) {
snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
locuser, krb_unparse_name(&princ));
- syslog (LOG_ERR, buf);
+ syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@@ -136,7 +136,7 @@ doit(int sock)
passwd = k_getpwnam (locuser);
if (passwd == NULL) {
snprintf (buf, sizeof(buf), "No user '%s'", locuser);
- syslog (LOG_ERR, buf);
+ syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@@ -145,7 +145,7 @@ doit(int sock)
initgroups(passwd->pw_name, passwd->pw_gid) ||
setuid(passwd->pw_uid)) {
snprintf (buf, sizeof(buf), "Could not change user");
- syslog (LOG_ERR, buf);
+ syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@@ -182,7 +182,7 @@ doit(int sock)
return 0;
} else {
snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
- syslog (LOG_NOTICE, buf);
+ syslog (LOG_NOTICE, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in
index 801c3f962825..16ed049d2508 100644
--- a/crypto/kerberosIV/appl/kip/Makefile.in
+++ b/crypto/kerberosIV/appl/kip/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $
+# $Id: Makefile.in,v 1.18.4.1 2000/06/23 02:54:59 assar Exp $
SHELL = /bin/sh
@@ -8,12 +8,13 @@ VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
AR = ar
-DEFS = @DEFS@
+DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\""
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@@ -27,7 +28,8 @@ EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = kip$(EXECSUFFIX)
PROG_LIBEXEC = kipd$(EXECSUFFIX)
-PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
+SCRIPT_LIBEXEC = kip-join-network kipd-control
+PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC)
SOURCES_KIP = kip.c
SOURCES_KIPD = kipd.c
@@ -55,6 +57,9 @@ install: all
for x in $(PROG_LIBEXEC); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
+ for x in $(SCRIPT_LIBEXEC); do \
+ $(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
uninstall:
for x in $(PROG_BIN); do \
@@ -63,6 +68,9 @@ uninstall:
for x in $(PROG_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
+ for x in $(SCRIPT_LIBEXEC); do \
+ rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
+ done
TAGS: $(SOURCES)
etags $(SOURCES)
@@ -91,4 +99,12 @@ kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
$(OBJECTS): ../../include/config.h
+kip-join-network: kip-join-network.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@
+ chmod +x $@
+
+kipd-control: kipd-control.in
+ sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@
+ chmod +x $@
+
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean
diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c
index c97fe9fb2122..4feb9c8eea46 100644
--- a/crypto/kerberosIV/appl/kip/common.c
+++ b/crypto/kerberosIV/appl/kip/common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,7 +33,10 @@
#include "kip.h"
-RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $");
+
+sig_atomic_t disconnect = 0;
+int isserver = 0;
/*
* Copy packets from `tundev' to `netdev' or vice versa.
@@ -56,16 +59,23 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
memcpy (&iv1, iv, sizeof(iv1));
memcpy (&iv2, iv, sizeof(iv2));
- for (;;) {
+ while(!disconnect) {
fd_set fdset;
int ret, len;
+ if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) {
+ warnx ("fd too large");
+ return 1;
+ }
+
FD_ZERO(&fdset);
FD_SET(tundev, &fdset);
FD_SET(netdev, &fdset);
ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
- if (ret < 0 && errno != EINTR) {
+ if (ret < 0) {
+ if (errno == EINTR)
+ continue;
warn ("select");
return 1;
}
@@ -107,6 +117,21 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
des_cfb64_encrypt (buf, buf, 2, schedule,
&iv2, &num2, DES_DECRYPT);
len = (buf[0] << 8 ) | buf[1];
+ if (len > mtu) {
+ fatal (-1, "buffer too large", schedule, &iv2);
+ return -1;
+ }
+
+ if (len == 0) {
+ len = read (netdev, buf, mtu);
+ if (len < 1)
+ len = 1;
+ buf[len-1] = '\0';
+
+ fatal (-1, buf, schedule, &iv2);
+ return -1;
+ }
+
ret = krb_net_read (netdev, buf + 2, len);
if (ret == 0)
return 0;
@@ -127,6 +152,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
}
}
}
+ return 0;
}
/*
@@ -148,18 +174,19 @@ childhandler (int sig)
/*
* Find a free tunnel device and open it.
+ * Return the interface name in `name, len'.
*/
int
-tunnel_open (void)
+tunnel_open (char *name, size_t len)
{
int fd;
int i;
- char name[64];
+ char devname[256];
for (i = 0; i < 256; ++i) {
- snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
- fd = open (name, O_RDWR, 0);
+ snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i);
+ fd = open (devname, O_RDWR, 0);
if (fd >= 0)
break;
if (errno == ENOENT || errno == ENODEV) {
@@ -169,5 +196,107 @@ tunnel_open (void)
}
if (fd < 0)
warn("open %s" ,name);
+ else
+ snprintf (name, len, "%s%d", TUNDEV, i);
return fd;
}
+
+/*
+ * run the command `cmd' with (...). return 0 if succesful or error
+ * otherwise (and copy an error messages into `msg, len')
+ */
+
+int
+kip_exec (const char *cmd, char *msg, size_t len, ...)
+{
+ pid_t pid;
+ char **argv;
+ va_list ap;
+
+ va_start(ap, len);
+ argv = vstrcollect(&ap);
+ va_end(ap);
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ snprintf (msg, len, "fork: %s", strerror(errno));
+ return errno;
+ case 0: {
+ int fd = open (_PATH_DEVNULL, O_RDWR, 0600);
+ if (fd < 0) {
+ snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno));
+ return errno;
+ }
+
+ close (STDIN_FILENO);
+ close (STDOUT_FILENO);
+ close (STDERR_FILENO);
+
+ dup2 (fd, STDIN_FILENO);
+ dup2 (fd, STDOUT_FILENO);
+ dup2 (fd, STDERR_FILENO);
+
+ execvp (cmd, argv);
+ snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno));
+ return errno;
+ }
+ default: {
+ int status;
+
+ while (waitpid(pid, &status, 0) < 0)
+ if (errno != EINTR) {
+ snprintf (msg, len, "waitpid: %s", strerror(errno));
+ return errno;
+ }
+
+ if (WIFEXITED(status)) {
+ if (WEXITSTATUS(status) == 0) {
+ return 0;
+ } else {
+ snprintf (msg, len, "child returned with %d",
+ WEXITSTATUS(status));
+ return 1;
+ }
+ } else if (WIFSIGNALED(status)) {
+#ifndef WCOREDUMP
+#define WCOREDUMP(X) 0
+#endif
+ snprintf (msg, len, "terminated by signal num %d %s",
+ WTERMSIG(status),
+ WCOREDUMP(status) ? " coredumped" : "");
+ return 1;
+ } else if (WIFSTOPPED(status)) {
+ snprintf (msg, len, "process stoped by signal %d",
+ WSTOPSIG(status));
+ return 1;
+ } else {
+ snprintf (msg, len, "child died in mysterious circumstances");
+ return 1;
+ }
+ }
+ }
+}
+
+/*
+ * fatal error `s' occured.
+ */
+
+void
+fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv)
+{
+ int16_t err = 0;
+ int num = 0;
+
+ if (fd != -1) {
+ des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err,
+ sizeof(err), schedule, iv, &num, DES_ENCRYPT);
+
+ write (fd, &err, sizeof(err));
+ write (fd, s, strlen(s)+1);
+ }
+ if (isserver)
+ syslog(LOG_ERR, "%s", s);
+ else
+ warnx ("fatal error: %s", s);
+}
diff --git a/crypto/kerberosIV/appl/kip/kip-join-network.in b/crypto/kerberosIV/appl/kip/kip-join-network.in
new file mode 100644
index 000000000000..c105fe6ba62a
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kip-join-network.in
@@ -0,0 +1,53 @@
+#!/bin/sh
+# $Id$
+#
+# Join a network, see kipd-control from more comments.
+#
+
+PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir%
+
+endpointhost=130.237.43.201
+thispointhost=130.237.43.17
+fakepoint=10.0.0.1
+dev=tun0
+
+case $# in
+ 0)
+ modprobe tun
+ def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }')
+
+ if test "X$def" = "X" ; then
+ echo "missing default route"
+ exit 1
+ fi
+
+ exec kip -c $0 -a $def $endpointhost
+ ;;
+ *)
+ state=$1
+ dev=$2
+ host=$3
+ arg=$4
+ case $state in
+ up)
+ ifconfig $dev $thispointhost pointopoint $fakepoint
+ route delete default
+
+ route add -host $endpointhost gw $arg
+ route add default gw $fakepoint
+ ;;
+ down)
+
+ echo $dev $arg > /tmp/kip-down
+
+ ifconfig $dev down
+
+ route delete default
+ route delete $endpointhost
+ route add default gw $arg
+ ;;
+ *)
+ exit 17
+ ;;
+ esac
+esac
diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c
index 667a8d856a5c..55b6032031b7 100644
--- a/crypto/kerberosIV/appl/kip/kip.c
+++ b/crypto/kerberosIV/appl/kip/kip.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,14 +33,31 @@
#include "kip.h"
-RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $");
+RCSID("$Id: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $");
-static void
-usage(void)
+static char *cmd_str = NULL;
+static char *arg_str = NULL;
+static char *port_str = NULL;
+static int version_flag = 0;
+static int help_flag = 0;
+
+struct getargs args[] = {
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "port" },
+ { "cmd", 'c', arg_string, &cmd_str,
+ "command to run when starting", "cmd"},
+ { "arg", 'a', arg_string, &arg_str,
+ "argument to above command", "arg"},
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+
+static RETSIGTYPE
+disconnecthandler (int sig)
{
- fprintf (stderr, "Usage: %s host\n",
- __progname);
- exit (1);
+ disconnect = 1;
+ SIGRETURN(0);
}
/*
@@ -48,7 +65,8 @@ usage(void)
*/
static int
-connect_host (char *host, des_cblock *key, des_key_schedule schedule)
+connect_host (char *host, int port,
+ des_cblock *key, des_key_schedule schedule)
{
CREDENTIALS cred;
KTEXT_ST text;
@@ -70,7 +88,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
memset (&thataddr, 0, sizeof(thataddr));
thataddr.sin_family = AF_INET;
- thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+ thataddr.sin_port = port;
for(p = hostent->h_addr_list; *p; ++p) {
memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
@@ -139,19 +157,50 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
*/
static int
-doit (char *host)
+doit (char *host, int port)
{
+ char tun_if_name[64];
des_key_schedule schedule;
des_cblock iv;
- int other, this;
+ int other, this, ret;
- other = connect_host (host, &iv, schedule);
+ other = connect_host (host, port, &iv, schedule);
if (other < 0)
return 1;
- this = tunnel_open ();
+ this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
return 1;
- return copy_packets (this, other, TUNMTU, &iv, schedule);
+
+ if (cmd_str) {
+ char buf[1024];
+ ret = kip_exec (cmd_str, buf, sizeof(buf),
+ "kip-control", "up", tun_if_name, host, arg_str,
+ NULL);
+ if (ret)
+ errx (1, "%s (up) failed: %s", cmd_str, buf);
+ }
+
+ ret = copy_packets (this, other, TUNMTU, &iv, schedule);
+
+ if (cmd_str) {
+ char buf[1024];
+ ret = kip_exec (cmd_str, buf, sizeof(buf),
+ "kip-control", "down", tun_if_name, host, arg_str,
+ NULL);
+ if (ret)
+ errx (1, "%s (down) failed: %s", cmd_str, buf);
+ }
+ return 0;
+}
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "hostname");
+ exit (ret);
}
/*
@@ -162,9 +211,51 @@ doit (char *host)
int
main(int argc, char **argv)
{
+ int port;
+ int optind = 0;
+ char *hostname;
+
set_progname (argv[0]);
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc != 1)
+ usage (1);
+
+ hostname = argv[0];
+
+ if(port_str) {
+ struct servent *s = roken_getservbyname (port_str, "tcp");
+
+ if (s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "bad port `%s'", port_str);
+ port = htons(port);
+ }
+ } else {
+ port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+ }
+
+ signal (SIGCHLD, childhandler);
+ signal (SIGHUP, disconnecthandler);
+ signal (SIGTERM, disconnecthandler);
- if (argc != 2)
- usage ();
- return doit (argv[1]);
+ return doit (hostname, port);
}
diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h
index dc748dffa79a..7bfc5f15ab2f 100644
--- a/crypto/kerberosIV/appl/kip/kip.h
+++ b/crypto/kerberosIV/appl/kip/kip.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */
+/* $Id: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -44,7 +44,6 @@
#include <errno.h>
#include <pwd.h>
#include <signal.h>
-#include <paths.h>
#include <fcntl.h>
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
@@ -72,14 +71,20 @@
#include <netinet/tcp.h>
#endif
#include <netdb.h>
+#ifdef HAVE_SYS_SOCKIO_H
#include <sys/sockio.h>
+#endif
#include <net/if.h>
#ifdef HAVE_NET_IF_VAR_H
#include <net/if_var.h>
#endif
+#ifdef HAVE_NET_IF_TUN_H
#include <net/if_tun.h>
+#endif
#include <err.h>
+#include <getarg.h>
+
#ifdef SOCKS
#include <socks.h>
#endif
@@ -90,6 +95,10 @@
#define TUNDEV "tun"
+#ifndef TUNMTU
+#define TUNMTU 1500 /* everything is ethernet :) */
+#endif
+
#define KIPPORT 2112
#define KIP_VERSION "KIPSRV.0"
@@ -100,5 +109,14 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
RETSIGTYPE childhandler (int);
+extern sig_atomic_t disconnect;
+extern int isserver;
+
+int
+tunnel_open (char *, size_t);
+
+void
+fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv);
+
int
-tunnel_open (void);
+kip_exec (const char *cmd, char *msg, size_t len, ...);
diff --git a/crypto/kerberosIV/appl/kip/kipd-control.in b/crypto/kerberosIV/appl/kip/kipd-control.in
new file mode 100644
index 000000000000..8fb0e9bb0b83
--- /dev/null
+++ b/crypto/kerberosIV/appl/kip/kipd-control.in
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $Id$
+#
+# Simple example how you can missuse kip to provide "mobile-ip".
+# This is since there is no way to tunnel ip over udp or any other
+# protocol. There is also problems to get thru firewalls and NATs
+# with mobile-ip since (today) they usully doesn't support IPIP or
+# GRE.
+#
+# All commands are for linux (redhat6.1) but it should be quite
+# simple to fix it to support other OS.
+#
+
+PATH=/sbin:/usr/sbin:/usr/bin:/bin
+
+# arguments are: [up|down] dev remote-peer-addr user
+
+state=$1
+dev=$2
+remote=$3
+user=$4
+
+outdevice=eth0
+
+case "$state" in
+ up)
+ case "$user" in
+ lha.root@E.KTH.SE)
+ ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17
+ route add -host 130.237.43.17 gw 10.0.0.1
+ arp -H ether -i $outdevice \
+ -s 130.237.43.17 00:80:c8:82:83:61 pub
+ ;;
+ esac
+ ;;
+ down)
+ case "$user" in
+ lha.root@E.KTH.SE)
+ ifconfig $dev 0.0.0.0
+ ifconfig $dev down
+ arp -i $outdevice -d 130.237.43.17
+ arp -d 130.237.43.17
+ true
+ ;;
+ *)
+ ifconfig $dev down
+ ;;
+ esac
+ ;;
+ *)
+ exit 17
+ ;;
+esac
diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c
index 429f815e6a1d..74e8ac2986c2 100644
--- a/crypto/kerberosIV/appl/kip/kipd.c
+++ b/crypto/kerberosIV/appl/kip/kipd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
+ * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -33,22 +33,11 @@
#include "kip.h"
-RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
-
-static int
-fatal (int fd, char *s)
-{
- u_char err = 1;
-
- write (fd, &err, sizeof(err));
- write (fd, s, strlen(s)+1);
- syslog(LOG_ERR, s);
- return err;
-}
+RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $");
static int
recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
- struct sockaddr_in *retaddr)
+ struct sockaddr_in *retaddr, char *user, size_t len)
{
int status;
KTEXT_ST ticket;
@@ -80,13 +69,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
return 1;
}
passwd = k_getpwnam ("root");
- if (passwd == NULL)
- return fatal (sock, "Cannot find root");
- if (kuserok(&auth, "root") != 0)
- return fatal (sock, "Permission denied");
+ if (passwd == NULL) {
+ fatal (sock, "Cannot find root", schedule, &auth.session);
+ return 1;
+ }
+ if (kuserok(&auth, "root") != 0) {
+ fatal (sock, "Permission denied", schedule, &auth.session);
+ return 1;
+ }
if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
return 1;
+ snprintf (user, len, "%s%s%s@%s", auth.pname,
+ auth.pinst[0] != '\0' ? "." : "",
+ auth.pinst, auth.prealm);
+
memcpy(key, &auth.session, sizeof(des_cblock));
*retaddr = thataddr;
return 0;
@@ -95,17 +92,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
static int
doit(int sock)
{
+ char msg[1024];
+ char cmd[MAXPATHLEN];
+ char tun_if_name[64];
+ char user[MAX_K_NAME_SZ];
struct sockaddr_in thataddr;
des_key_schedule schedule;
des_cblock key;
- int this;
+ int this, ret, ret2;
- if (recv_conn (sock, &key, schedule, &thataddr))
+ isserver = 1;
+
+ if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
return 1;
- this = tunnel_open ();
+ this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
- fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
- return copy_packets (this, sock, TUNMTU, &key, schedule);
+ fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
+
+ strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
+
+ ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
+ "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
+ NULL);
+ if (ret) {
+ fatal (sock, msg, schedule, &key);
+ return -1;
+ }
+
+ ret = copy_packets (this, sock, TUNMTU, &key, schedule);
+
+ ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
+ "down", tun_if_name, user, NULL);
+ if (ret2)
+ syslog(LOG_ERR, "%s", msg);
+ return ret;
+}
+
+static char *port_str = NULL;
+static int inetd_flag = 1;
+static int version_flag = 0;
+static int help_flag = 0;
+
+struct getargs args[] = {
+ { "inetd", 'i', arg_negative_flag, &inetd_flag,
+ "Not started from inetd" },
+ { "port", 'p', arg_string, &port_str, "Use this port",
+ "port" },
+ { "version", 0, arg_flag, &version_flag },
+ { "help", 0, arg_flag, &help_flag }
+};
+
+static void
+usage(int ret)
+{
+ arg_printusage (args,
+ sizeof(args) / sizeof(args[0]),
+ NULL,
+ "");
+ exit (ret);
}
/*
@@ -115,9 +159,44 @@ doit(int sock)
int
main (int argc, char **argv)
{
- set_progname (argv[0]);
+ int port;
+ int optind = 0;
+ set_progname (argv[0]);
roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
+
+ if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
+ &optind))
+ usage (1);
+
+ if (help_flag)
+ usage (0);
+
+ if (version_flag) {
+ print_version (NULL);
+ return 0;
+ }
+
+ if(port_str) {
+ struct servent *s = roken_getservbyname (port_str, "tcp");
+
+ if (s)
+ port = s->s_port;
+ else {
+ char *ptr;
+
+ port = strtol (port_str, &ptr, 10);
+ if (port == 0 && ptr == port_str)
+ errx (1, "bad port `%s'", port_str);
+ port = htons(port);
+ }
+ } else {
+ port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
+ }
+
+ if (!inetd_flag)
+ mini_inetd (port);
+
signal (SIGCHLD, childhandler);
- return doit(0);
+ return doit(STDIN_FILENO);
}
diff --git a/crypto/kerberosIV/appl/push/push.8 b/crypto/kerberosIV/appl/push/push.8
index 5066b375cfb7..0cf4a6cd0fec 100644
--- a/crypto/kerberosIV/appl/push/push.8
+++ b/crypto/kerberosIV/appl/push/push.8
@@ -1,4 +1,4 @@
-.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $
+.\" $Id: push.8,v 1.3.16.2 2000/06/23 03:06:11 assar Exp $
.\"
.Dd May 31, 1998
.Dt PUSH 8
@@ -127,7 +127,8 @@ using Kerberos 5.
.Sh SEE ALSO
.Xr movemail 8 ,
.Xr popper 8 ,
-.Xr from 1
+.Xr from 1 ,
+.Xr pfrom 1
.\".Sh STANDARDS
.Sh HISTORY
.Nm
diff --git a/crypto/kerberosIV/appl/push/push.cat8 b/crypto/kerberosIV/appl/push/push.cat8
index bdd380491baf..1c0b7a4b9b5e 100644
--- a/crypto/kerberosIV/appl/push/push.cat8
+++ b/crypto/kerberosIV/appl/push/push.cat8
@@ -1,5 +1,5 @@
-PUSH(8) UNIX System Manager's Manual PUSH(8)
+PUSH(8) System Manager's Manual PUSH(8)
NNAAMMEE
ppuusshh - fetch mail via POP
@@ -69,7 +69,7 @@ EEXXAAMMPPLLEESS
using Kerberos 5.
SSEEEE AALLSSOO
- movemail(8), popper(8), from(1)
+ movemail(8), popper(8), from(1), pfrom(1)
HHIISSTTOORRYY
ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
diff --git a/crypto/kerberosIV/appl/sample/sample_server.c b/crypto/kerberosIV/appl/sample/sample_server.c
index 5442562f3aa3..ba4f6ab3441c 100644
--- a/crypto/kerberosIV/appl/sample/sample_server.c
+++ b/crypto/kerberosIV/appl/sample/sample_server.c
@@ -18,7 +18,7 @@
#include "sample.h"
-RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $");
+RCSID("$Id: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $");
static void
usage (void)
@@ -108,7 +108,7 @@ main(int argc, char **argv)
snprintf(retbuf, sizeof(retbuf),
"Kerberos error: %s\n",
krb_get_err_text(status));
- syslog(LOG_ERR, retbuf);
+ syslog(LOG_ERR, "%s", retbuf);
} else {
/* Check the version string (KRB_SENDAUTH_VLEN chars) */
if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {
diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog
index 5681679d9b5e..b2c27bc113a6 100644
--- a/crypto/kerberosIV/appl/telnet/ChangeLog
+++ b/crypto/kerberosIV/appl/telnet/ChangeLog
@@ -1,3 +1,57 @@
+2000-03-26 Assar Westerlund <assar@sics.se>
+
+ * telnetd/sys_term.c (*): make sure to always call time, ctime,
+ and gmtime with `time_t's. there were some types (like in
+ lastlog) that we believed to always be time_t. this has proven
+ wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
+ quantities but time_t has gone up to 64 bits
+
+1999-09-16 Assar Westerlund <assar@sics.se>
+
+ * telnet/commands.c: revert 1.54, get_default_username should DTRT
+ now
+
+1999-09-05 Assar Westerlund <assar@sics.se>
+
+ * telnetd/utility.c (ttloop): make it return 1 if interrupted by a
+ signal, which must have been what was meant from the beginning
+
+ * telnetd/ext.h (ttloop): update prototype
+
+ * telnetd/authenc.c (telnet_spin): actually return the value from
+ ttloop (otherwise it's kind of bogus)
+
+1999-08-05 Assar Westerlund <assar@sics.se>
+
+ * telnetd/sys_term.c (rmut): free utxp
+
+1999-08-04 Assar Westerlund <assar@sics.se>
+
+ * telnet/main.c: add -G and config file support. From Miroslav
+ Ruda <ruda@ics.muni.cz>
+
+ * telnetd/sys_term.c (rmut): work around utmpx strangness. From
+ Miroslav Ruda <ruda@ics.muni.cz>
+
+1999-08-02 Assar Westerlund <assar@sics.se>
+
+ * telnetd/telnetd.c (doit): only free hp if != NULL. From: Jonas
+ Oberg <jonas@coyote.org>
+
+1999-07-29 Assar Westerlund <assar@sics.se>
+
+ * telnetd/telnetd.c (doit): remove unused variable mapped_sin
+
+1999-07-26 Assar Westerlund <assar@sics.se>
+
+ * telnetd/ext.h: update prototypes
+
+ * telnetd/telnetd.c: make it handle v4 and v6 sockets. (it
+ doesn't handle being given a v6 socket that's really talking to an
+ v4 adress (mapped) because the rest of the code in telnetd is not
+ able to handle it anyway). please run two telnetd from your
+ inetd, one for v4 and one for v6.
+
1999-07-07 Assar Westerlund <assar@sics.se>
* telnet/commands.c (tn): extra bogus const-cast
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
index b5c09538efa0..02e4aca2f121 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
@@ -55,7 +55,7 @@
#include <config.h>
#endif
-RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
+RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $");
#ifdef KRB4
#ifdef HAVE_SYS_TYPES_H
@@ -180,7 +180,7 @@ kerberos4_send(char *name, Authenticator *ap)
memset(instance, 0, sizeof(instance));
- strcpy_truncate (instance,
+ strlcpy (instance,
krb_get_phost(RemoteHostName),
INST_SZ);
@@ -521,7 +521,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
return(level);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
- strcpy_truncate(name, UserNameRequested, name_sz);
+ strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else
return(AUTH_USER);
@@ -540,11 +540,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
- strcpy_truncate((char *)buf, " REJECT ", buflen);
+ strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
- strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+ strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@@ -557,15 +557,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
break;
case KRB_AUTH: /* Authentication data follows */
- strcpy_truncate((char *)buf, " AUTH", buflen);
+ strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_CHALLENGE:
- strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+ strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB_RESPONSE:
- strcpy_truncate((char *)buf, " RESPONSE", buflen);
+ strlcpy((char *)buf, " RESPONSE", buflen);
goto common2;
default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
index 0b7818f762be..3e6abbb4a8be 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
@@ -53,7 +53,7 @@
#include <config.h>
-RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $");
+RCSID("$Id: kerberos5.c,v 1.38 1999/09/16 20:41:33 assar Exp $");
#ifdef KRB5
@@ -587,7 +587,7 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
ticket->client,
UserNameRequested))
{
- strcpy_truncate(name, UserNameRequested, name_sz);
+ strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else
return(AUTH_USER);
@@ -606,11 +606,11 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
- strcpy_truncate((char *)buf, " REJECT ", buflen);
+ strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
- strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+ strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@@ -624,24 +624,24 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
case KRB_AUTH: /* Authentication data follows */
- strcpy_truncate((char *)buf, " AUTH", buflen);
+ strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_RESPONSE:
- strcpy_truncate((char *)buf, " RESPONSE", buflen);
+ strlcpy((char *)buf, " RESPONSE", buflen);
goto common2;
case KRB_FORWARD: /* Forwarded credentials follow */
- strcpy_truncate((char *)buf, " FORWARD", buflen);
+ strlcpy((char *)buf, " FORWARD", buflen);
goto common2;
case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
- strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen);
+ strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
goto common2;
case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
/* (reason might follow) */
- strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen);
+ strlcpy((char *)buf, " FORWARD_REJECT", buflen);
goto common2;
default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
index ee1eee29e678..a85d562cc9b7 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
@@ -33,7 +33,7 @@
#include <config.h>
-RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
+RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
#ifdef KRB4_ENCPWD
/*
@@ -308,7 +308,7 @@ krb4encpwd_reply(ap, data, cnt)
des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
UserPassword = user_passwd;
Challenge = challenge;
- strcpy_truncate(instance, RemoteHostName, sizeof(instance));
+ strlcpy(instance, RemoteHostName, sizeof(instance));
if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
@@ -338,7 +338,7 @@ krb4encpwd_status(ap, name, name_sz, level)
return(level);
if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
- strcpy_truncate(name, UserNameRequested, name_sz);
+ strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@@ -360,11 +360,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */
- strcpy_truncate((char *)buf, " REJECT ", buflen);
+ strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */
- strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+ strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@@ -377,15 +377,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
break;
case KRB4_ENCPWD_AUTH: /* Authentication data follows */
- strcpy_truncate((char *)buf, " AUTH", buflen);
+ strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB4_ENCPWD_CHALLENGE:
- strcpy_truncate((char *)buf, " CHALLENGE", buflen);
+ strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB4_ENCPWD_ACK:
- strcpy_truncate((char *)buf, " ACK", buflen);
+ strlcpy((char *)buf, " ACK", buflen);
goto common2;
default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
index 267e98e0299d..dafb4486b6fa 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
@@ -33,7 +33,7 @@
#include <config.h>
-RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $");
+RCSID("$Id: rsaencpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
#ifdef RSA_ENCPWD
/*
@@ -260,7 +260,7 @@ rsaencpwd_is(ap, data, cnt)
snprintf(challenge, sizeof(challenge), "%x", now);
challenge_len = strlen(challenge);
} else {
- strcpy_truncate(challenge, "randchal", sizeof(challenge));
+ strlcpy(challenge, "randchal", sizeof(challenge));
challenge_len = 8;
}
@@ -392,7 +392,7 @@ rsaencpwd_status(ap, name, name_sz, level)
return(level);
if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
- strcpy_truncate(name, UserNameRequested, name_sz);
+ strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@@ -414,11 +414,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */
- strcpy_truncate((char *)buf, " REJECT ", buflen);
+ strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */
- strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+ strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@@ -431,11 +431,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
break;
case RSA_ENCPWD_AUTH: /* Authentication data follows */
- strcpy_truncate((char *)buf, " AUTH", buflen);
+ strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case RSA_ENCPWD_CHALLENGEKEY:
- strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen);
+ strlcpy((char *)buf, " CHALLENGEKEY", buflen);
goto common2;
default:
diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
index 6d2eefe9438b..9155ef2f3df8 100644
--- a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
+++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c
@@ -33,7 +33,7 @@
#include <config.h>
-RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $");
+RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $");
#ifdef SPX
/*
@@ -514,7 +514,7 @@ spx_status(ap, name, name_sz, level)
&acl_file_buffer);
if (major_status == GSS_S_COMPLETE) {
- strcpy_truncate(name, UserNameRequested, name_sz);
+ strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@@ -537,11 +537,11 @@ spx_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case SPX_REJECT: /* Rejected (reason might follow) */
- strcpy_truncate((char *)buf, " REJECT ", buflen);
+ strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case SPX_ACCEPT: /* Accepted (name might follow) */
- strcpy_truncate((char *)buf, " ACCEPT ", buflen);
+ strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@@ -554,7 +554,7 @@ spx_printsub(data, cnt, buf, buflen)
break;
case SPX_AUTH: /* Authentication data follows */
- strcpy_truncate((char *)buf, " AUTH", buflen);
+ strlcpy((char *)buf, " AUTH", buflen);
goto common2;
default:
diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
index 08da93d943f2..6150fc7e21ca 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/authenc.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c
@@ -33,7 +33,7 @@
#include "telnet_locl.h"
-RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $");
+RCSID("$Id: authenc.c,v 1.10 1999/09/16 20:41:35 assar Exp $");
#if defined(AUTHENTICATION) || defined(ENCRYPTION)
int
@@ -82,7 +82,7 @@ telnet_gets(char *prompt, char *result, int length, int echo)
printf("%s", prompt);
res = fgets(result, length, stdin);
} else if ((res = getpass(prompt))) {
- strcpy_truncate(result, res, length);
+ strlcpy(result, res, length);
res = result;
}
TerminalNewMode(om);
diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c
index 57803fa27cb3..fe77b56d6fa7 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/commands.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c
@@ -33,7 +33,7 @@
#include "telnet_locl.h"
-RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $");
+RCSID("$Id: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $");
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@@ -67,7 +67,7 @@ makeargv()
cp = line;
if (*cp == '!') { /* Special case shell escape */
/* save for shell command */
- strcpy_truncate(saveline, line, sizeof(saveline));
+ strlcpy(saveline, line, sizeof(saveline));
*argp++ = "!"; /* No room in string to get this */
margc++;
cp++;
@@ -1583,7 +1583,7 @@ env_init(void)
if (strchr(hbuf, '.') == 0) {
struct hostent *he = roken_gethostbyname(hbuf);
if (he != NULL)
- strcpy_truncate(hbuf, he->h_name, 256);
+ strlcpy(hbuf, he->h_name, 256);
}
asprintf (&cp, "%s%s", hbuf, cp2);
@@ -1981,7 +1981,7 @@ cmdrc(char *m1, char *m2)
if (skiprc)
return;
- strcpy_truncate(m1save, m1, sizeof(m1save));
+ strlcpy(m1save, m1, sizeof(m1save));
m1 = m1save;
if (rcname[0] == 0) {
@@ -2075,7 +2075,7 @@ tn(int argc, char **argv)
return 0;
}
if (argc < 2) {
- strcpy_truncate(line, "open ", sizeof(line));
+ strlcpy(line, "open ", sizeof(line));
printf("(to) ");
fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
makeargv();
@@ -2146,7 +2146,7 @@ tn(int argc, char **argv)
sin6.sin6_family = family = AF_INET6;
sa = (struct sockaddr *)&sin6;
sa_size = sizeof(sin6);
- strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+ strlcpy(_hostname, hostp, sizeof(_hostname));
hostname =_hostname;
} else
#endif
@@ -2154,7 +2154,7 @@ tn(int argc, char **argv)
sin.sin_family = family = AF_INET;
sa = (struct sockaddr *)&sin;
sa_size = sizeof(sin);
- strcpy_truncate(_hostname, hostp, sizeof(_hostname));
+ strlcpy(_hostname, hostp, sizeof(_hostname));
hostname = _hostname;
} else {
#ifdef HAVE_GETHOSTBYNAME2
@@ -2167,7 +2167,7 @@ tn(int argc, char **argv)
host = roken_gethostbyname(hostp);
#endif
if (host) {
- strcpy_truncate(_hostname, host->h_name, sizeof(_hostname));
+ strlcpy(_hostname, host->h_name, sizeof(_hostname));
family = host->h_addrtype;
addr_list = host->h_addr_list;
diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c
index 2c896ebd86c5..ea60ae9a0d67 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/main.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/main.c
@@ -38,7 +38,7 @@ static char *copyright[] = {
};
#include "telnet_locl.h"
-RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $");
+RCSID("$Id: main.c,v 1.30 1999/11/13 06:30:11 assar Exp $");
/* These values need to be the same as defined in libtelnet/kerberos5.c */
/* Either define them in both places, or put in some common header file. */
@@ -69,7 +69,7 @@ usage(void)
{
fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
#ifdef AUTHENTICATION
- "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
+ "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
"\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
#else
"[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
@@ -90,6 +90,11 @@ usage(void)
*/
+#ifdef FORWARD
+extern int forward_flags;
+static int default_forward=0;
+#endif /* FORWARD */
+
#ifdef KRB5
/* XXX ugly hack to setup dns-proxy stuff */
#define Authenticator asn1_Authenticator
@@ -99,8 +104,29 @@ krb5_init(void)
{
krb5_context context;
krb5_init_context(&context);
+
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+ if (krb5_config_get_bool (context, NULL,
+ "libdefaults", "forward", NULL)) {
+ forward_flags |= OPTS_FORWARD_CREDS;
+ default_forward=1;
+ }
+ if (krb5_config_get_bool (context, NULL,
+ "libdefaults", "forwardable", NULL)) {
+ forward_flags |= OPTS_FORWARDABLE_CREDS;
+ default_forward=1;
+ }
+#endif
+#ifdef ENCRYPTION
+ if (krb5_config_get_bool (context, NULL,
+ "libdefaults", "encrypt", NULL)) {
+ encrypt_auto(1);
+ decrypt_auto(1);
+ EncryptVerbose(1);
+ }
+#endif
+
krb5_free_context(context);
-
}
#endif
@@ -109,9 +135,6 @@ main(int argc, char **argv)
{
int ch;
char *user;
-#ifdef FORWARD
- extern int forward_flags;
-#endif /* FORWARD */
#ifdef KRB5
krb5_init();
@@ -137,7 +160,8 @@ main(int argc, char **argv)
*/
autologin = -1;
- while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) {
+ while((ch = getopt(argc, argv,
+ "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
switch(ch) {
case '8':
eight = 3; /* binary output and input */
@@ -202,7 +226,8 @@ main(int argc, char **argv)
break;
case 'f':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
- if (forward_flags & OPTS_FORWARD_CREDS) {
+ if ((forward_flags & OPTS_FORWARD_CREDS) &&
+ !default_forward) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
@@ -217,7 +242,8 @@ main(int argc, char **argv)
break;
case 'F':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
- if (forward_flags & OPTS_FORWARD_CREDS) {
+ if ((forward_flags & OPTS_FORWARD_CREDS) &&
+ !default_forward) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
@@ -237,7 +263,7 @@ main(int argc, char **argv)
extern char *dest_realm, dst_realm_buf[];
extern int dst_realm_sz;
dest_realm = dst_realm_buf;
- strcpy_truncate(dest_realm, optarg, dst_realm_sz);
+ strlcpy(dest_realm, optarg, dst_realm_sz);
}
#else
fprintf(stderr,
@@ -269,6 +295,17 @@ main(int argc, char **argv)
prompt);
#endif
break;
+ case 'G':
+#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
+ forward_flags ^= OPTS_FORWARD_CREDS;
+ forward_flags ^= OPTS_FORWARDABLE_CREDS;
+#else
+ fprintf(stderr,
+ "%s: Warning: -G ignored, no Kerberos V5 support.\n",
+ prompt);
+#endif
+ break;
+
case '?':
default:
usage();
diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c
index faacc302b59b..42ca388b1777 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/network.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/network.c
@@ -33,7 +33,7 @@
#include "telnet_locl.h"
-RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
+RCSID("$Id: network.c,v 1.10.28.1 2000/10/10 13:08:27 assar Exp $");
Ring netoring, netiring;
unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ];
@@ -69,6 +69,8 @@ stilloob(void)
do {
FD_ZERO(&excepts);
+ if (net >= FD_SETSIZE)
+ errx (1, "fd too large");
FD_SET(net, &excepts);
value = select(net+1, 0, 0, &excepts, &timeout);
} while ((value == -1) && (errno == EINTR));
diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
index 334ef0450fbd..6bff63800261 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
@@ -33,7 +33,7 @@
#include "telnet_locl.h"
-RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $");
+RCSID("$Id: sys_bsd.c,v 1.23.18.2 2000/10/19 21:21:21 assar Exp $");
/*
* The following routines try to encapsulate what is system dependent
@@ -774,6 +774,11 @@ process_rings(int netin,
int returnValue = 0;
static struct timeval TimeValue = { 0 };
+ if (net >= FD_SETSIZE
+ || tout >= FD_SETSIZE
+ || tin >= FD_SETSIZE)
+ errx (1, "fd too large");
+
if (netout) {
FD_SET(net, &obits);
}
@@ -791,7 +796,7 @@ process_rings(int netin,
FD_SET(net, &xbits);
}
#endif
- if ((c = select(16, &ibits, &obits, &xbits,
+ if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
if (c == -1) {
/*
diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
index b4a378212571..0c883d611bed 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
+++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
@@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the Kungliga Tekniska
- * Högskolan and its contributors.
- *
- * 4. Neither the name of the Institute nor the names of its contributors
+ * 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
-/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */
+/* $Id: telnet_locl.h,v 1.18 1999/12/02 16:58:34 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
index 5d677cf26b75..ab281a5bf64e 100644
--- a/crypto/kerberosIV/appl/telnet/telnet/utilities.c
+++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c
@@ -37,7 +37,7 @@
#include "telnet_locl.h"
-RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $");
+RCSID("$Id: utilities.c,v 1.22.2.1 2000/10/10 13:10:27 assar Exp $");
FILE *NetTrace = 0; /* Not in bss, since needs to stay */
int prettydump;
@@ -82,13 +82,13 @@ SetNetTrace(char *file)
if (file && (strcmp(file, "-") != 0)) {
NetTrace = fopen(file, "w");
if (NetTrace) {
- strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile));
+ strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
return;
}
fprintf(stderr, "Cannot open %s.\n", file);
}
NetTrace = stdout;
- strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
+ strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
}
void
@@ -817,6 +817,9 @@ EmptyTerminal(void)
FD_ZERO(&outs);
+ if (tout >= FD_SETSIZE)
+ ExitString("fd too large", 1);
+
if (TTYBYTES() == 0) {
FD_SET(tout, &outs);
select(tout+1, 0, &outs, 0,
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
index 2a95127ee6a1..ec5f2dcc1de5 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c
@@ -33,7 +33,7 @@
#include "telnetd.h"
-RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $");
+RCSID("$Id: authenc.c,v 1.9 1999/09/05 19:14:50 assar Exp $");
#ifdef AUTHENTICATION
@@ -63,8 +63,7 @@ net_encrypt(void)
int
telnet_spin(void)
{
- ttloop();
- return(0);
+ return ttloop();
}
char *
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
index 83b7166a7185..8f5edf17929b 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/ext.h
+++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h
@@ -33,7 +33,7 @@
* @(#)ext.h 8.2 (Berkeley) 12/15/93
*/
-/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */
+/* $Id: ext.h,v 1.19 1999/09/05 19:15:21 assar Exp $ */
#ifndef __EXT_H__
#define __EXT_H__
@@ -121,11 +121,9 @@ void init_env (void);
void start_login (char *host, int autologin, char *name);
void cleanup (int sig);
int main (int argc, char **argv);
-void usage (void);
int getterminaltype (char *name, size_t);
void _gettermname (void);
int terminaltypeok (char *s);
-void doit (struct sockaddr_in *who);
void my_telnet (int f, int p, char*, int, char*);
void interrupt (void);
void sendbrk (void);
@@ -134,7 +132,7 @@ void recv_ayt (void);
void doeof (void);
void flowstat (void);
void clientstat (int code, int parm1, int parm2);
-void ttloop (void);
+int ttloop (void);
int stilloob (int s);
void ptyflush (void);
char *nextitem (char *current);
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
index 09753c0cbcb9..2477c42fd1d8 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
@@ -33,7 +33,7 @@
#include "telnetd.h"
-RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $");
+RCSID("$Id: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $");
#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
# define PARENT_DOES_UTMP
@@ -388,7 +388,7 @@ int getpty(int *ptynum)
p = _getpty(&master, O_RDWR, 0600, 1);
if(p == NULL)
return -1;
- strcpy_truncate(line, p, sizeof(Xline));
+ strlcpy(line, p, sizeof(Xline));
return master;
#else
@@ -420,7 +420,7 @@ int getpty(int *ptynum)
#ifdef HAVE_UNLOCKPT
unlockpt(p);
#endif
- strcpy_truncate(line, ptsname(p), sizeof(Xline));
+ strlcpy(line, ptsname(p), sizeof(Xline));
really_stream = 1;
return p;
}
@@ -1154,7 +1154,7 @@ startslave(char *host, int autologin, char *autoname)
/*
* Create utmp entry for child
*/
- time(&wtmp.ut_time);
+ wtmp.ut_time = time(NULL);
wtmp.ut_type = LOGIN_PROCESS;
wtmp.ut_pid = pid;
strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user));
@@ -1205,26 +1205,50 @@ init_env(void)
/*
* scrub_env()
*
- * Remove variables from the environment that might cause login to
- * behave in a bad manner. To avoid this, login should be staticly
- * linked.
+ * We only accept the environment variables listed below.
*/
-static void scrub_env(void)
+static void
+scrub_env(void)
{
- static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL };
+ static const char *reject[] = {
+ "TERMCAP=/",
+ NULL
+ };
+
+ static const char *accept[] = {
+ "XAUTH=", "XAUTHORITY=", "DISPLAY=",
+ "TERM=",
+ "EDITOR=",
+ "PAGER=",
+ "PRINTER=",
+ "LOGNAME=",
+ "POSIXLY_CORRECT=",
+ "TERMCAP=",
+ NULL
+ };
char **cpp, **cpp2;
- char **p;
+ const char **p;
for (cpp2 = cpp = environ; *cpp; cpp++) {
- for(p = remove; *p; p++)
+ int reject_it = 0;
+
+ for(p = reject; *p; p++)
+ if(strncmp(*cpp, *p, strlen(*p)) == 0) {
+ reject_it = 1;
+ break;
+ }
+ if (reject_it)
+ continue;
+
+ for(p = accept; *p; p++)
if(strncmp(*cpp, *p, strlen(*p)) == 0)
break;
- if(*p == NULL)
+ if(*p != NULL)
*cpp2++ = *cpp;
}
- *cpp2 = 0;
+ *cpp2 = NULL;
}
@@ -1376,7 +1400,7 @@ static int addarg(struct arg_val *argv, char *val)
static void
rmut(void)
{
- struct utmpx *utxp, utmpx;
+ struct utmpx utmpx, *non_save_utxp;
char *clean_tty = clean_ttyname(line);
/*
@@ -1387,8 +1411,14 @@ rmut(void)
memset(&utmpx, 0, sizeof(utmpx));
strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
utmpx.ut_type = LOGIN_PROCESS;
- utxp = getutxline(&utmpx);
- if (utxp) {
+ non_save_utxp = getutxline(&utmpx);
+ if (non_save_utxp) {
+ struct utmpx *utxp;
+ char user0;
+
+ utxp = malloc(sizeof(struct utmpx));
+ *utxp = *non_save_utxp;
+ user0 = utxp->ut_user[0];
utxp->ut_user[0] = '\0';
utxp->ut_type = DEAD_PROCESS;
#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
@@ -1406,6 +1436,7 @@ rmut(void)
gettimeofday(&utxp->ut_tv, NULL);
pututxline(utxp);
#ifdef WTMPX_FILE
+ utxp->ut_user[0] = user0;
updwtmpx(WTMPX_FILE, utxp);
#elif defined(WTMP_FILE)
/* This is a strange system with a utmpx and a wtmp! */
@@ -1418,14 +1449,13 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
#endif
- time(&wtmp.ut_time);
+ wtmp.ut_time = time(NULL);
write(f, &wtmp, sizeof(wtmp));
close(f);
}
}
-#else
-
#endif
+ free (utxp);
}
endutxent();
} /* end of rmut */
@@ -1463,7 +1493,7 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(u->ut_host, "", sizeof(u->ut_host));
#endif
- time(&u->ut_time);
+ u->ut_time = time(NULL);
write(f, u, sizeof(wtmp));
found++;
}
@@ -1478,7 +1508,7 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
#endif
- time(&wtmp.ut_time);
+ wtmp.ut_time = time(NULL);
write(f, &wtmp, sizeof(wtmp));
close(f);
}
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
index 73008a3d24be..0c2750e11fb3 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
@@ -33,7 +33,7 @@
#include "telnetd.h"
-RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $");
+RCSID("$Id: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $");
#ifdef _SC_CRAY_SECURE_SYS
#include <sys/sysv.h>
@@ -117,7 +117,7 @@ int debug = 0;
int keepalive = 1;
char *progname;
-extern void usage (void);
+static void usage (void);
/*
* The string to pass to getopt(). We do it this way so
@@ -136,12 +136,14 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
#endif
;
-void doit(struct sockaddr_in*);
+static void doit(struct sockaddr*, int);
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
- struct sockaddr_in from;
- int on = 1, fromlen;
+ struct sockaddr_storage __ss;
+ struct sockaddr *sa = (struct sockaddr *)&__ss;
+ int on = 1, sa_size;
int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@@ -167,7 +169,7 @@ int main(int argc, char **argv)
highpty = getnpty();
#endif /* CRAY */
- while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
+ while ((ch = getopt(argc, argv, valid_opts)) != -1) {
switch(ch) {
#ifdef AUTHENTICATION
@@ -406,14 +408,14 @@ int main(int argc, char **argv)
#endif /* _SC_CRAY_SECURE_SYS */
roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
- fromlen = sizeof (from);
- if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
+ sa_size = sizeof (__ss);
+ if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
- setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
+ setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
(void *)&on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
@@ -428,20 +430,21 @@ int main(int argc, char **argv)
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
- && (setsockopt(0, IPPROTO_IP, IP_TOS,
+ && sa->sa_family == AF_INET
+ && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
(void *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
- net = 0;
- doit(&from);
+ net = STDIN_FILENO;
+ doit(sa, sa_size);
/* NOTREACHED */
return 0;
} /* end of main */
-void
-usage()
+static void
+usage(void)
{
fprintf(stderr, "Usage: telnetd");
#ifdef AUTHENTICATION
@@ -591,12 +594,12 @@ getterminaltype(char *name, size_t name_sz)
* we have to just go with what we (might) have already gotten.
*/
if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
- strcpy_truncate(first, terminaltype, sizeof(first));
+ strlcpy(first, terminaltype, sizeof(first));
for(;;) {
/*
* Save the unknown name, and request the next name.
*/
- strcpy_truncate(last, terminaltype, sizeof(last));
+ strlcpy(last, terminaltype, sizeof(last));
_gettermname();
if (terminaltypeok(terminaltype))
break;
@@ -656,14 +659,20 @@ char remote_host_name[MaxHostNameLen];
/*
* Get a pty, scan input lines.
*/
-void
-doit(struct sockaddr_in *who)
+static void
+doit(struct sockaddr *who, int who_len)
{
char *host = NULL;
- struct hostent *hp;
+ struct hostent *hp = NULL;
int level;
int ptynum;
char user_name[256];
+ int error;
+ char host_addr[256];
+ void *addr;
+ int addr_sz;
+ const char *tmp;
+ int af;
/*
* Find an available pty to use.
@@ -688,24 +697,52 @@ doit(struct sockaddr_in *who)
}
#endif /* _SC_CRAY_SECURE_SYS */
- /* get name of connected client */
- hp = roken_gethostbyaddr((const char *)&who->sin_addr,
- sizeof (struct in_addr),
- who->sin_family);
+ af = who->sa_family;
+ switch (af) {
+ case AF_INET : {
+ struct sockaddr_in *sin = (struct sockaddr_in *)who;
+
+ addr = &sin->sin_addr;
+ addr_sz = sizeof(sin->sin_addr);
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6 : {
+ struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who;
+
+ addr = &sin6->sin6_addr;
+ addr_sz = sizeof(sin6->sin6_addr);
+ break;
+ }
+#endif
+ default :
+ fatal (net, "Unknown address family\r\n");
+ break;
+ }
+
+ hp = getipnodebyaddr (addr, addr_sz, af, &error);
if (hp == NULL && registerd_host_only) {
fatal(net, "Couldn't resolve your address into a host name.\r\n\
Please contact your net administrator");
- } else if (hp) {
+ } else if (hp != NULL) {
host = hp->h_name;
- } else {
- host = inet_ntoa(who->sin_addr);
}
+
+ tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr));
+ if (tmp == NULL)
+ strlcpy (host_addr, "unknown address", sizeof(host_addr));
+
+ if (host == NULL)
+ host = host_addr;
+
/*
* We must make a copy because Kerberos is probably going
* to also do a gethost* and overwrite the static data...
*/
- strcpy_truncate(remote_host_name, host, sizeof(remote_host_name));
+ strlcpy(remote_host_name, host, sizeof(remote_host_name));
+ if (hp != NULL)
+ freehostent (hp);
host = remote_host_name;
/* XXX - should be k_gethostname? */
@@ -725,9 +762,9 @@ Please contact your net administrator");
* If hostname still doesn't fit utmp, use ipaddr.
*/
if (strlen(remote_host_name) > abs(utmp_len))
- strcpy_truncate(remote_host_name,
- inet_ntoa(who->sin_addr),
- sizeof(remote_host_name));
+ strlcpy(remote_host_name,
+ host_addr,
+ sizeof(remote_host_name));
#ifdef AUTHENTICATION
auth_encrypt_init(hostname, host, "TELNETD", 1);
@@ -970,6 +1007,11 @@ my_telnet(int f, int p, char *host, int level, char *autoname)
FD_ZERO(&ibits);
FD_ZERO(&obits);
FD_ZERO(&xbits);
+
+ if (f >= FD_SETSIZE
+ || p >= FD_SETSIZE)
+ fatal(net, "fd too large");
+
/*
* Never look for input if there's still
* stuff in the corresponding output buffer
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
index 5ad5bd8798e3..fdda3d7854cb 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
+++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
@@ -124,10 +124,6 @@
#include "defs.h"
-#ifdef HAVE_ARPA_TELNET_H
-#include <arpa/telnet.h>
-#endif
-
#ifndef _POSIX_VDISABLE
# ifdef VDISABLE
# define _POSIX_VDISABLE VDISABLE
@@ -152,12 +148,16 @@
#include <sys/utsname.h>
#endif
-#include "ext.h"
-
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
+#ifdef HAVE_ARPA_TELNET_H
+#include <arpa/telnet.h>
+#endif
+
+#include "ext.h"
+
#ifdef SOCKS
#include <socks.h>
/* This doesn't belong here. */
diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
index cfca89a3a607..ff5192e06d4e 100644
--- a/crypto/kerberosIV/appl/telnet/telnetd/utility.c
+++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c
@@ -34,7 +34,7 @@
#define PRINTOPTIONS
#include "telnetd.h"
-RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
+RCSID("$Id: utility.c,v 1.22.2.1 2000/10/10 13:12:34 assar Exp $");
/*
* utility functions performing io related tasks
@@ -47,9 +47,11 @@ RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
* data from the network, and pass it through the telnet state
* machine. We also flush the pty input buffer (by dropping its data)
* if it becomes too full.
+ *
+ * return 0 if OK or 1 if interrupted by a signal.
*/
-void
+int
ttloop(void)
{
void netflush(void);
@@ -61,10 +63,12 @@ ttloop(void)
netflush();
ncc = read(net, netibuf, sizeof netibuf);
if (ncc < 0) {
+ if (errno == EINTR)
+ return 1;
syslog(LOG_INFO, "ttloop: read: %m\n");
exit(1);
} else if (ncc == 0) {
- syslog(LOG_INFO, "ttloop: peer died: %m\n");
+ syslog(LOG_INFO, "ttloop: peer died\n");
exit(1);
}
DIAG(TD_REPORT, {
@@ -76,6 +80,7 @@ ttloop(void)
pfrontp = pbackp = ptyobuf;
telrcv();
}
+ return 0;
} /* end of ttloop */
/*
@@ -88,6 +93,9 @@ stilloob(int s)
fd_set excepts;
int value;
+ if (s >= FD_SETSIZE)
+ fatal(ourpty, "fd too large");
+
do {
FD_ZERO(&excepts);
FD_SET(s, &excepts);
@@ -395,7 +403,7 @@ void edithost(char *pat, char *host)
pat++;
}
if (*host)
- strcpy_truncate (res, host,
+ strlcpy (res, host,
sizeof editedhost - (res - editedhost));
else
*res = '\0';
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 19:14:04 +0000