diff options
| author | Hans Insulander <hin@cvs.openbsd.org> | 2002-06-08 21:49:02 +0000 |
|---|---|---|
| committer | Hans Insulander <hin@cvs.openbsd.org> | 2002-06-08 21:49:02 +0000 |
| commit | 4651c329a08d87f675d8768e86d83285d4fdd2c3 (patch) | |
| tree | 83fbe175494e5bf951bd5ec5fa1a905cff674f57 | |
| parent | 3eae848576d301ba9b7d27fc77d4697826b287a8 (diff) | |
Merge krb4-1.1.1
81 files changed, 2053 insertions, 1488 deletions
diff --git a/kerberosIV/src/admin/adm_locl.h b/kerberosIV/src/admin/adm_locl.h index cccf779f80b..b296327af19 100644 --- a/kerberosIV/src/admin/adm_locl.h +++ b/kerberosIV/src/admin/adm_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $KTH: adm_locl.h,v 1.17 1999/12/02 16:58:27 joda Exp $ */ +/* $KTH: adm_locl.h,v 1.19 2001/08/26 01:40:36 assar Exp $ */ #ifndef __adm_locl_h #define __adm_locl_h @@ -58,6 +58,10 @@ #include <time.h> #endif /* !TIME_WITH_SYS_TIME */ +#ifdef HAVE_UTIME_H +#include <utime.h> +#endif + #ifdef HAVE_UNISTD_H #include <unistd.h> #endif @@ -78,10 +82,18 @@ #include <roken.h> +#ifdef HAVE_OPENSSL +#include <openssl/des.h> +#else #include <des.h> +#endif #include <krb.h> #include <krb_db.h> #include <kdc.h> #include <kadm.h> +#ifdef HAVE_OPENSSL +#define des_new_random_key des_random_key +#endif + #endif /* __adm_locl_h */ diff --git a/kerberosIV/src/admin/ext_srvtab.c b/kerberosIV/src/admin/ext_srvtab.c index 2e510fff283..54bd9520f3a 100644 --- a/kerberosIV/src/admin/ext_srvtab.c +++ b/kerberosIV/src/admin/ext_srvtab.c @@ -9,7 +9,7 @@ #include "adm_locl.h" -RCSID("$KTH: ext_srvtab.c,v 1.18 1999/09/16 20:37:20 assar Exp $"); +RCSID("$KTH: ext_srvtab.c,v 1.20 2001/09/02 23:58:56 assar Exp $"); static des_cblock master_key; static des_cblock session_key; @@ -57,8 +57,10 @@ main(int argc, char **argv) memset(realm, 0, sizeof(realm)); -#ifdef HAVE_ATEXIT +#if defined(HAVE_ATEXIT) atexit(StampOutSecrets); +#elif defined(HAVE_ON_EXIT) + on_exit(StampOutSecrets); #endif /* Parse commandline arguments */ diff --git a/kerberosIV/src/admin/kdb_destroy.c b/kerberosIV/src/admin/kdb_destroy.c index 095716345f2..841e117e6b8 100644 --- a/kerberosIV/src/admin/kdb_destroy.c +++ b/kerberosIV/src/admin/kdb_destroy.c @@ -9,7 +9,7 @@ #include "adm_locl.h" -RCSID("$KTH: kdb_destroy.c,v 1.9 1998/06/09 19:24:13 joda Exp $"); +RCSID("$KTH: kdb_destroy.c,v 1.12 2001/09/13 00:34:06 assar Exp $"); int main(int argc, char **argv) diff --git a/kerberosIV/src/admin/kdb_edit.c b/kerberosIV/src/admin/kdb_edit.c index a777fb03704..6f03e7bc6aa 100644 --- a/kerberosIV/src/admin/kdb_edit.c +++ b/kerberosIV/src/admin/kdb_edit.c @@ -15,7 +15,7 @@ #include "adm_locl.h" -RCSID("$KTH: kdb_edit.c,v 1.28 1999/09/16 20:37:21 assar Exp $"); +RCSID("$KTH: kdb_edit.c,v 1.30 2001/08/26 01:40:36 assar Exp $"); #ifdef DEBUG extern kerb_debug; @@ -382,8 +382,10 @@ main(int argc, char **argv) stdout)) < 0) return 1; +#ifndef HAVE_OPENSSL /* Initialize non shared random sequence */ des_init_random_number_generator(&master_key); +#endif /* lookup the default values */ n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, diff --git a/kerberosIV/src/admin/kdb_init.c b/kerberosIV/src/admin/kdb_init.c index 47bcdafc420..313c7816efc 100644 --- a/kerberosIV/src/admin/kdb_init.c +++ b/kerberosIV/src/admin/kdb_init.c @@ -10,7 +10,7 @@ #include "adm_locl.h" -RCSID("$KTH: kdb_init.c,v 1.25 1999/09/16 20:37:21 assar Exp $"); +RCSID("$KTH: kdb_init.c,v 1.27 2001/08/26 01:40:36 assar Exp $"); enum ap_op { NULL_KEY, /* setup null keys */ @@ -140,8 +140,10 @@ main(int argc, char **argv) fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); #endif +#ifndef HAVE_OPENSSL /* Initialize non shared random sequence */ des_init_random_number_generator(&master_key); +#endif /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ #define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) diff --git a/kerberosIV/src/admin/kdb_util.c b/kerberosIV/src/admin/kdb_util.c index 6efb5b2a04a..d933e2c4a9e 100644 --- a/kerberosIV/src/admin/kdb_util.c +++ b/kerberosIV/src/admin/kdb_util.c @@ -14,8 +14,9 @@ */ #include "adm_locl.h" +#include <getarg.h> -RCSID("$KTH: kdb_util.c,v 1.42.2.1 2000/10/10 12:59:16 assar Exp $"); +RCSID("$KTH: kdb_util.c,v 1.46 2001/02/20 23:07:49 assar Exp $"); static des_cblock master_key, new_master_key; static des_key_schedule master_key_schedule, new_master_key_schedule; @@ -293,6 +294,8 @@ clear_secrets (void) memset(new_master_key_schedule, 0, sizeof (des_key_schedule)); } +static int prompt_flag = 1; + static void convert_new_master_key (char *db_file, FILE *out) { @@ -300,8 +303,12 @@ convert_new_master_key (char *db_file, FILE *out) errx (1, "Sorry, this function is not available with " "the new master key scheme."); #else - printf ("\n\nEnter the CURRENT master key."); - if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + if(prompt_flag) { + printf ("\n\nEnter the CURRENT master key."); + fflush(stdout); + } + + if (kdb_get_master_key (prompt_flag ? KDB_GET_PROMPT : 0, &master_key, master_key_schedule) != 0) { clear_secrets (); errx (1, "Couldn't get master key."); @@ -313,6 +320,7 @@ convert_new_master_key (char *db_file, FILE *out) } printf ("\n\nNow enter the NEW master key. Do not forget it!!"); + fflush(stdout); if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key, new_master_key_schedule) != 0) { clear_secrets (); @@ -345,9 +353,9 @@ convert_key_old_db (Principal *p) copy_to_key(&p->key_low, &p->key_high, key); #ifndef NOENCRYPTION - des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, - (long)sizeof(des_cblock),master_key_schedule, - (des_cblock *)master_key_schedule, DES_DECRYPT); + des_pcbc_encrypt(key,key, + (long)sizeof(des_cblock),master_key_schedule, + (des_cblock *)master_key_schedule, DES_DECRYPT); #endif /* make new key, new style */ @@ -408,10 +416,34 @@ convert_old_format_db (char *db_file, FILE *out) dump_db (db_file, out, convert_key_old_db); } +static int help_flag; +static int version_flag; + +static struct getargs args[] = { + { NULL, 'n', arg_negative_flag, &prompt_flag, "don't prompt for master key" }, + { "help", 'h', arg_flag, &help_flag }, + { "version", 0, arg_flag, &version_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "operation file [database]"); + fprintf(stderr, "Operation is one of: load, merge, dump, slave_dump,\n"); + fprintf(stderr, " new_master_key, convert_old_db\n"); + fprintf(stderr, "use file `-' for stdout\n"); + + exit (ret); +} + int main(int argc, char **argv) { int ret; + int optind = 0; FILE *file; enum { OP_LOAD, @@ -424,50 +456,58 @@ main(int argc, char **argv) char *file_name; char *db_name; - if (argc != 3 && argc != 4) { - fprintf(stderr, "Usage: %s operation file [database name].\n", - argv[0]); - fprintf(stderr, "Operation is one of: " - "load, merge, dump, slave_dump, new_master_key, " - "convert_old_db\n"); - fprintf(stderr, "use file `-' for stdout\n"); - exit(1); + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version(NULL); + return 0; } - if (argc == 3) + + argc -= optind; + argv += optind; + + if (argc != 2 && argc != 3) + usage (1); + if (argc == 2) db_name = DBM_FILE; else - db_name = argv[3]; + db_name = argv[2]; ret = kerb_db_set_name (db_name); /* this makes starting slave servers ~14.3 times easier */ - if(ret && strcmp(argv[1], "load") == 0) + if(ret && strcmp(argv[0], "load") == 0) ret = kerb_db_create (db_name); if(ret) err (1, "Can't open database"); - if (!strcmp(argv[1], "load")) + if (!strcmp(argv[0], "load")) op = OP_LOAD; - else if (!strcmp(argv[1], "merge")) + else if (!strcmp(argv[0], "merge")) op = OP_MERGE; - else if (!strcmp(argv[1], "dump")) + else if (!strcmp(argv[0], "dump")) op = OP_DUMP; - else if (!strcmp(argv[1], "slave_dump")) + else if (!strcmp(argv[0], "slave_dump")) op = OP_SLAVE_DUMP; - else if (!strcmp(argv[1], "new_master_key")) + else if (!strcmp(argv[0], "new_master_key")) op = OP_NEW_MASTER; - else if (!strcmp(argv[1], "convert_old_db")) + else if (!strcmp(argv[0], "convert_old_db")) op = OP_CONVERT_OLD_DB; else { - warnx ("%s is an invalid operation.", argv[1]); + warnx ("%s is an invalid operation.", argv[0]); warnx ("Valid operations are \"load\", \"merge\", " "\"dump\", \"slave_dump\", \"new_master_key\", " "and \"convert_old_db\""); return 1; } - file_name = argv[2]; + file_name = argv[1]; if (strcmp (file_name, "-") == 0 && op != OP_LOAD && op != OP_MERGE) @@ -483,23 +523,18 @@ main(int argc, char **argv) file = fopen (file_name, mode); } if (file == NULL) - err (1, "open %s", argv[2]); + err (1, "open %s", argv[1]); switch (op) { case OP_DUMP: - if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF) - || (fflush(file) != 0) - || (fsync(fileno(file)) != 0) - || (fclose(file) == EOF)) - err(1, "%s", file_name); - break; case OP_SLAVE_DUMP: - if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF) + if ((dump_db(db_name, file, NULL) == EOF) || (fflush(file) != 0) || (fsync(fileno(file)) != 0) || (fclose(file) == EOF)) err(1, "%s", file_name); - update_ok_file(file_name); + if(op == OP_SLAVE_DUMP) + update_ok_file(file_name); break; case OP_LOAD: load_db (db_name, file); diff --git a/kerberosIV/src/admin/kstash.c b/kerberosIV/src/admin/kstash.c index ac1e6ad916e..6bd1ebe8dea 100644 --- a/kerberosIV/src/admin/kstash.c +++ b/kerberosIV/src/admin/kstash.c @@ -10,7 +10,7 @@ #include "adm_locl.h" -RCSID("$KTH: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $"); +RCSID("$KTH: kstash.c,v 1.11 2001/02/20 23:07:49 assar Exp $"); /* change this later, but krblib_dbm needs it for now */ diff --git a/kerberosIV/src/appl/afsutil/aklog.c b/kerberosIV/src/appl/afsutil/aklog.c index 4d5a0d1adba..75027d31065 100644 --- a/kerberosIV/src/appl/afsutil/aklog.c +++ b/kerberosIV/src/appl/afsutil/aklog.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -66,16 +66,13 @@ #include <roken.h> -RCSID("$KTH: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $"); +RCSID("$KTH: aklog.c,v 1.29 2001/08/26 01:48:42 assar Exp $"); static int debug = 0; static void DEBUG(const char *, ...) -#ifdef __GNUC__ -__attribute__ ((format (printf, 1, 2))) -#endif -; + __attribute__ ((format (printf, 1, 2))); static void DEBUG(const char *fmt, ...) @@ -155,7 +152,7 @@ createuser (const char *cell) cell = cellbuf; } - if(krb_get_default_principal(name, instance, realm)) + if(krb_get_default_principal(name, instance, realm) < 0) errx (1, "Could not even figure out who you are"); snprintf (cmd, sizeof(cmd), @@ -173,7 +170,7 @@ main(int argc, char **argv) int do_aklog = -1; int do_createuser = -1; const char *cell = NULL; - char *realm = NULL; + const char *realm = NULL; char cellbuf[64]; if(!k_hasafs()) diff --git a/kerberosIV/src/appl/afsutil/kstring2key.c b/kerberosIV/src/appl/afsutil/kstring2key.c index 539755b2e7b..5d74de8a147 100644 --- a/kerberosIV/src/appl/afsutil/kstring2key.c +++ b/kerberosIV/src/appl/afsutil/kstring2key.c @@ -33,7 +33,7 @@ #include "config.h" -RCSID("$KTH: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $"); +RCSID("$KTH: kstring2key.c,v 1.18 2001/08/26 01:40:37 assar Exp $"); #include <stdio.h> #include <string.h> @@ -42,7 +42,11 @@ RCSID("$KTH: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $"); #include <roken.h> +#ifdef HAVE_OPENSSL +#include <openssl/des.h> +#else #include <des.h> +#endif #include <krb.h> #define VERIFY 0 @@ -52,7 +56,7 @@ usage(void) { fprintf(stderr, "Usage: %s [-c AFS cellname] [ -5 krb5salt ] [ password ]\n", - __progname); + getprogname()); fprintf(stderr, " krb5salt is realmname APPEND principal APPEND instance\n"); exit(1); diff --git a/kerberosIV/src/appl/afsutil/pagsh.c b/kerberosIV/src/appl/afsutil/pagsh.c index 82cc30abc5b..2a97bde629d 100644 --- a/kerberosIV/src/appl/afsutil/pagsh.c +++ b/kerberosIV/src/appl/afsutil/pagsh.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -35,7 +35,7 @@ #include <config.h> #endif -RCSID("$KTH: pagsh.c,v 1.22 1999/12/02 16:58:28 joda Exp $"); +RCSID("$KTH: pagsh.c,v 1.24 2001/02/20 23:11:33 assar Exp $"); #include <stdio.h> #include <stdlib.h> @@ -69,6 +69,8 @@ main(int argc, char **argv) char **args; int i; + set_progname(argv[0]); + do { snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned int)getuid(), (unsigned int)(getpid()*time(0))); @@ -76,8 +78,7 @@ main(int argc, char **argv) } while(f < 0); close(f); unlink(tf); - if(setenv("KRBTKFILE", tf, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv("KRBTKFILE", tf, 1); i = 0; diff --git a/kerberosIV/src/appl/bsd/login.c b/kerberosIV/src/appl/bsd/login.c index 0268568fc11..caf37726731 100644 --- a/kerberosIV/src/appl/bsd/login.c +++ b/kerberosIV/src/appl/bsd/login.c @@ -45,7 +45,7 @@ #include <sys/capability.h> #endif -RCSID("$KTH: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $"); +RCSID("$KTH: login.c,v 1.132 2001/02/20 23:07:50 assar Exp $"); #ifdef OTP #include <otp.h> @@ -131,7 +131,7 @@ static void motd(void) { int fd, nchars; - RETSIGTYPE (*oldint)(); + RETSIGTYPE (*oldint)(int); char tbuf[8192]; if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) @@ -663,8 +663,7 @@ main(int argc, char **argv) sysv_newenv(argc, argv, pwd, term, pflag); #ifdef KERBEROS if (krbtkfile_env) - if(setenv("KRBTKFILE", krbtkfile_env, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv("KRBTKFILE", krbtkfile_env, 1); #endif if (tty[sizeof("tty")-1] == 'd') diff --git a/kerberosIV/src/appl/bsd/login_access.c b/kerberosIV/src/appl/bsd/login_access.c index b791d81c96d..c6fbdc3907f 100644 --- a/kerberosIV/src/appl/bsd/login_access.c +++ b/kerberosIV/src/appl/bsd/login_access.c @@ -25,7 +25,7 @@ #include "bsd_locl.h" -RCSID("$KTH: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $"); +RCSID("$KTH: login_access.c,v 1.20 2001/06/04 14:08:39 assar Exp $"); #ifdef LOGIN_ACCESS diff --git a/kerberosIV/src/appl/bsd/login_fbtab.c b/kerberosIV/src/appl/bsd/login_fbtab.c index ede7268cc36..211e3968c4c 100644 --- a/kerberosIV/src/appl/bsd/login_fbtab.c +++ b/kerberosIV/src/appl/bsd/login_fbtab.c @@ -59,7 +59,7 @@ #include "bsd_locl.h" -RCSID("$KTH: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $"); +RCSID("$KTH: login_fbtab.c,v 1.15 2001/06/04 14:08:41 assar Exp $"); void login_protect (char *, char *, int, uid_t, gid_t); void login_fbtab (char *tty, uid_t uid, gid_t gid); diff --git a/kerberosIV/src/appl/bsd/rcp.c b/kerberosIV/src/appl/bsd/rcp.c index 173aa90ce66..adee450ab54 100644 --- a/kerberosIV/src/appl/bsd/rcp.c +++ b/kerberosIV/src/appl/bsd/rcp.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$KTH: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $"); +RCSID("$KTH: rcp.c,v 1.59 2001/09/17 04:42:47 assar Exp $"); /* Globals */ static char dst_realm_buf[REALM_SZ]; @@ -72,7 +72,8 @@ AUTH_DAT kdata; static void send_auth(char *h, char *r) { - int lslen, fslen, status; + int status; + socklen_t lslen, fslen; long opts; lslen = sizeof(struct sockaddr_in); @@ -94,7 +95,8 @@ send_auth(char *h, char *r) static void answer_auth(void) { - int lslen, fslen, status; + socklen_t lslen, fslen; + int status; long opts; char inst[INST_SZ], v[9]; @@ -116,7 +118,7 @@ static int des_read(int fd, char *buf, int len) { if (doencrypt) - return(des_enc_read(fd, buf, len, schedule, + return(bsd_des_enc_read(fd, buf, len, schedule, (iamremote? &kdata.session : &cred.session))); else return(read(fd, buf, len)); @@ -126,7 +128,7 @@ static int des_write(int fd, char *buf, int len) { if (doencrypt) - return(des_enc_write(fd, buf, len, schedule, + return(bsd_des_enc_write(fd, buf, len, schedule, (iamremote? &kdata.session : &cred.session))); else return(write(fd, buf, len)); @@ -158,7 +160,7 @@ run_err(const char *fmt, ...) if (!iamremote) { va_start(args, fmt); vwarnx(fmt, args); - va_end(args); + va_end(args); } } @@ -183,12 +185,13 @@ allocbuf(BUF *bp, int fd, int blksize) { struct stat stb; size_t size; + char *p; if (fstat(fd, &stb) < 0) { run_err("fstat: %s", strerror(errno)); return (0); } -#ifdef HAVE_ST_BLKSIZE +#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE size = ROUNDUP(stb.st_blksize, blksize); #else size = blksize; @@ -197,15 +200,16 @@ allocbuf(BUF *bp, int fd, int blksize) size = blksize; if (bp->cnt >= size) return (bp); - if (bp->buf == NULL) - bp->buf = malloc(size); - else - bp->buf = realloc(bp->buf, size); - if (bp->buf == NULL) { + if ((p = realloc(bp->buf, size)) == NULL) { + if (bp->buf) + free(bp->buf); + bp->buf = NULL; bp->cnt = 0; run_err("%s", strerror(errno)); return (0); } + memset(p, 0, size); + bp->buf = p; bp->cnt = size; return (bp); } diff --git a/kerberosIV/src/appl/bsd/rcp_util.c b/kerberosIV/src/appl/bsd/rcp_util.c index 7b219c14376..b2d6302ce47 100644 --- a/kerberosIV/src/appl/bsd/rcp_util.c +++ b/kerberosIV/src/appl/bsd/rcp_util.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$KTH: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $"); +RCSID("$KTH: rcp_util.c,v 1.9 2000/07/08 12:11:59 assar Exp $"); char * colon(char *cp) @@ -73,7 +73,7 @@ bad: warnx("%s: invalid user name", cp0); int susystem(char *s, int userid) { - RETSIGTYPE (*istat)(), (*qstat)(); + RETSIGTYPE (*istat)(int), (*qstat)(int); int status; pid_t pid; diff --git a/kerberosIV/src/appl/bsd/rlogin.c b/kerberosIV/src/appl/bsd/rlogin.c index 1efb9e64f53..5e2fe73f8be 100644 --- a/kerberosIV/src/appl/bsd/rlogin.c +++ b/kerberosIV/src/appl/bsd/rlogin.c @@ -36,7 +36,7 @@ */ #include "bsd_locl.h" -RCSID("$KTH: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $"); +RCSID("$KTH: rlogin.c,v 1.71 2001/08/26 01:43:46 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -273,7 +273,7 @@ reader(void) kludgep = 1; #ifndef NOENCRYPTION if (doencrypt) - rcvcnt = des_enc_read(rem, rcvbuf, + rcvcnt = bsd_des_enc_read(rem, rcvbuf, sizeof(rcvbuf), schedule, &cred.session); else @@ -319,7 +319,7 @@ sendwindow(void) #ifndef NOENCRYPTION if(doencrypt) - des_enc_write(rem, obuf, sizeof(obuf), schedule, + bsd_des_enc_write(rem, obuf, sizeof(obuf), schedule, &cred.session); else #endif @@ -411,7 +411,7 @@ writer(void) if (c != escapechar) { #ifndef NOENCRYPTION if (doencrypt) - des_enc_write(rem, &escapechar,1, schedule, &cred.session); + bsd_des_enc_write(rem, &escapechar,1, schedule, &cred.session); else #endif write(rem, &escapechar, 1); @@ -422,7 +422,7 @@ writer(void) #ifdef NOENCRYPTION if (write(rem, &c, 1) == 0) { #else - if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { + if (bsd_des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { #endif warnx("line gone"); break; diff --git a/kerberosIV/src/appl/bsd/rlogind.c b/kerberosIV/src/appl/bsd/rlogind.c index 3a06c6954bc..0629b055def 100644 --- a/kerberosIV/src/appl/bsd/rlogind.c +++ b/kerberosIV/src/appl/bsd/rlogind.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$KTH: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $"); +RCSID("$KTH: rlogind.c,v 1.117 2001/09/17 04:42:47 assar Exp $"); extern int __check_rhosts_file; @@ -310,7 +310,8 @@ int main(int argc, char **argv) { struct sockaddr_in from; - int ch, fromlen, on; + socklen_t fromlen; + int ch, on; int interactive = 0; int portnum = 0; @@ -421,7 +422,9 @@ doit(int f, struct sockaddr_in *fromp) fatal(f, "Remote host requires Kerberos authentication", 0); alarm(0); - inaddr2str (fromp->sin_addr, hostname, sizeof(hostname)); + getnameinfo_verified ((struct sockaddr *)fromp, sizeof(*fromp), + hostname, sizeof(hostname), + NULL, 0, 0); if (use_kerberos) { retval = do_krb_login(fromp); @@ -450,7 +453,7 @@ doit(int f, struct sockaddr_in *fromp) } #ifndef NOENCRYPTION if (doencrypt) - des_enc_write(f, SECURE_MESSAGE, + bsd_des_enc_write(f, SECURE_MESSAGE, strlen(SECURE_MESSAGE), schedule, &kdata->session); else @@ -667,7 +670,7 @@ protocol(int f, int master) if (FD_ISSET(f, &ibits)) { #ifndef NOENCRYPTION if (doencrypt) - fcc = des_enc_read(f, fibuf, + fcc = bsd_des_enc_read(f, fibuf, sizeof(fibuf), schedule, &kdata->session); else @@ -733,7 +736,7 @@ protocol(int f, int master) if ((FD_ISSET(f, &obits)) && pcc > 0) { #ifndef NOENCRYPTION if (doencrypt) - cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session); + cc = bsd_des_enc_write(f, pbp, pcc, schedule, &kdata->session); else #endif cc = write(f, pbp, pcc); @@ -806,7 +809,7 @@ fatal(int f, const char *msg, int syserr) len = strlen(bp); #ifndef NOENCRYPTION if (doencrypt) - des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); + bsd_des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); else #endif write(f, buf, bp + len - buf); @@ -917,8 +920,10 @@ do_krb_login(struct sockaddr_in *dest) k_getsockinst(0, instance, sizeof(instance)); if (doencrypt) { - rc = sizeof(faddr); - if (getsockname(0, (struct sockaddr *)&faddr, &rc)) + socklen_t faddr_len; + + faddr_len = sizeof(faddr); + if (getsockname(0, (struct sockaddr *)&faddr, &faddr_len)) return (-1); authopts = KOPT_DO_MUTUAL; rc = krb_recvauth( diff --git a/kerberosIV/src/appl/bsd/rsh.c b/kerberosIV/src/appl/bsd/rsh.c index cd9a0779060..1c9c00367c0 100644 --- a/kerberosIV/src/appl/bsd/rsh.c +++ b/kerberosIV/src/appl/bsd/rsh.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$KTH: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $"); +RCSID("$KTH: rsh.c,v 1.47 2001/08/26 01:43:47 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -82,7 +82,7 @@ sendsig(int signo_) char signo = signo_; #ifndef NOENCRYPTION if (doencrypt) - des_enc_write(rfd2, &signo, 1, schedule, &cred.session); + bsd_des_enc_write(rfd2, &signo, 1, schedule, &cred.session); else #endif write(rfd2, &signo, 1); @@ -121,7 +121,7 @@ talk(int nflag, sigset_t omask, int pid, int rem) goto rewrite; #ifndef NOENCRYPTION if (doencrypt) - wc = des_enc_write(rem, bp, cc, schedule, &cred.session); + wc = bsd_des_enc_write(rem, bp, cc, schedule, &cred.session); else #endif wc = write(rem, bp, cc); @@ -158,7 +158,7 @@ talk(int nflag, sigset_t omask, int pid, int rem) errno = 0; #ifndef NOENCRYPTION if (doencrypt) - cc = des_enc_read(rfd2, buf, sizeof buf, + cc = bsd_des_enc_read(rfd2, buf, sizeof buf, schedule, &cred.session); else #endif @@ -173,7 +173,7 @@ talk(int nflag, sigset_t omask, int pid, int rem) errno = 0; #ifndef NOENCRYPTION if (doencrypt) - cc = des_enc_read(rem, buf, sizeof buf, + cc = bsd_des_enc_read(rem, buf, sizeof buf, schedule, &cred.session); else #endif diff --git a/kerberosIV/src/appl/bsd/rshd.c b/kerberosIV/src/appl/bsd/rshd.c index 38c24b9741d..74b51c2d7b0 100644 --- a/kerberosIV/src/appl/bsd/rshd.c +++ b/kerberosIV/src/appl/bsd/rshd.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$KTH: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $"); +RCSID("$KTH: rshd.c,v 1.71 2001/09/17 04:42:47 assar Exp $"); extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ extern int __check_rhosts_file; @@ -73,7 +73,8 @@ int main(int argc, char *argv[]) { struct linger linger; - int ch, on = 1, fromlen; + int ch, on = 1; + socklen_t fromlen; struct sockaddr_in from; int portnum = 0; @@ -284,7 +285,9 @@ doit(struct sockaddr_in *fromp) } errorstr = NULL; - inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost)); + getnameinfo_verified ((struct sockaddr *)fromp, sizeof(*fromp), + remotehost, sizeof(remotehost), + NULL, 0, 0); if (use_kerberos) { kdata = &authbuf; @@ -294,9 +297,10 @@ doit(struct sockaddr_in *fromp) version[VERSION_SIZE - 1] = '\0'; if (doencrypt) { struct sockaddr_in local_addr; - rc = sizeof(local_addr); + socklen_t la_len; + la_len = sizeof(local_addr); if (getsockname(0, (struct sockaddr *)&local_addr, - &rc) < 0) { + &la_len) < 0) { syslog(LOG_ERR, "getsockname: %m"); error("rshd: getsockname: %m"); exit(1); @@ -422,7 +426,7 @@ doit(struct sockaddr_in *fromp) close(pv1[1]); close(pv2[0]); #ifndef NOENCRYPTION - des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); + bsd_des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); #else write(s, msg, sizeof(msg) - 1); #endif @@ -479,7 +483,7 @@ doit(struct sockaddr_in *fromp) int ret; if (doencrypt) #ifndef NOENCRYPTION - ret = des_enc_read(s, &sig, 1, schedule, &kdata->session); + ret = bsd_des_enc_read(s, &sig, 1, schedule, &kdata->session); #else ret = read(s, &sig, 1); #endif @@ -499,7 +503,7 @@ doit(struct sockaddr_in *fromp) } else { if (doencrypt) #ifndef NOENCRYPTION - des_enc_write(s, buf, cc, schedule, &kdata->session); + bsd_des_enc_write(s, buf, cc, schedule, &kdata->session); #else write(s, buf, cc); #endif @@ -516,7 +520,7 @@ doit(struct sockaddr_in *fromp) FD_CLR(pv1[0], &readfrom); } else #ifndef NOENCRYPTION - des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); + bsd_des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); #else write(STDOUT_FILENO, buf, cc); #endif @@ -527,7 +531,7 @@ doit(struct sockaddr_in *fromp) && FD_ISSET(pv2[1], &wready)) { errno = 0; #ifndef NOENCRYPTION - cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); + cc = bsd_des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); #else cc = read(STDIN_FILENO, buf, sizeof(buf)); #endif @@ -636,6 +640,7 @@ error(const char *fmt, ...) } else len = 0; len += vsnprintf(bp, sizeof(buf) - len, fmt, ap); + len = min(len, sizeof(buf)); write(STDERR_FILENO, buf, len); va_end(ap); } diff --git a/kerberosIV/src/appl/bsd/su.c b/kerberosIV/src/appl/bsd/su.c index 36b6bb198b2..84ac4bca73e 100644 --- a/kerberosIV/src/appl/bsd/su.c +++ b/kerberosIV/src/appl/bsd/su.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID ("$KTH: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $"); +RCSID ("$KTH: su.c,v 1.77 2001/08/28 10:12:40 assar Exp $"); #ifdef SYSV_SHADOW #include "sysv_shadow.h" @@ -258,24 +258,18 @@ main (int argc, char **argv) if (environ == NULL) err (1, "malloc"); environ[0] = NULL; - if(setenv ("PATH", _PATH_DEFPATH, 1) != 0) - errx(1, "cannot set PATH"); + esetenv ("PATH", _PATH_DEFPATH, 1); if (t) - if(setenv ("TERM", t, 1) != 0) - errx(1, "cannot set TERM"); + esetenv ("TERM", t, 1); if (k) - if(setenv ("KRBTKFILE", k, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv ("KRBTKFILE", k, 1); if (chdir (pwd->pw_dir) < 0) errx (1, "no directory"); } if (asthem || pwd->pw_uid) - if(setenv ("USER", pwd->pw_name, 1) != 0) - errx(1, "cannot set USER"); - if(setenv ("HOME", pwd->pw_dir, 1) != 0) - errx(1, "cannot set HOME"); - if(setenv ("SHELL", shell, 1) != 0) - errx(1, "cannot set SHELL"); + esetenv ("USER", pwd->pw_name, 1); + esetenv ("HOME", pwd->pw_dir, 1); + esetenv ("SHELL", shell, 1); } if (iscsh == YES) { if (fastlogin) @@ -360,8 +354,12 @@ kerberos (char *username, char *user, char *lrealm, int uid) if (lrealm != NULL) { allowed = koktologin (username, lrealm, user) == 0; } else { - for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) + for (n = 1; + !allowed && (kerno = krb_get_lrealm (tmp_realm, n)) == KSUCCESS; + ++n) allowed = koktologin (username, tmp_realm, user) == 0; + if (kerno != KSUCCESS) + return (1); lrealm = tmp_realm; } if (!allowed && !uid) { @@ -374,8 +372,7 @@ kerberos (char *username, char *user, char *lrealm, int uid) "%s_%s_to_%s_%u", TKT_ROOT, username, user, (unsigned) getpid ()); - if(setenv ("KRBTKFILE", krbtkfile, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv ("KRBTKFILE", krbtkfile, 1); krb_set_tkt_string (krbtkfile); /* * Set real as well as effective ID to 0 for the moment, diff --git a/kerberosIV/src/appl/bsd/sysv_default.c b/kerberosIV/src/appl/bsd/sysv_default.c index a51eac32690..b20097db71e 100644 --- a/kerberosIV/src/appl/bsd/sysv_default.c +++ b/kerberosIV/src/appl/bsd/sysv_default.c @@ -18,7 +18,7 @@ #include "bsd_locl.h" -RCSID("$KTH: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $"); +RCSID("$KTH: sysv_default.c,v 1.12 2001/06/04 14:08:41 assar Exp $"); #include "sysv_default.h" diff --git a/kerberosIV/src/appl/bsd/sysv_default.h b/kerberosIV/src/appl/bsd/sysv_default.h index 601259ebccd..471e1764158 100644 --- a/kerberosIV/src/appl/bsd/sysv_default.h +++ b/kerberosIV/src/appl/bsd/sysv_default.h @@ -16,7 +16,7 @@ ************************************************************************/ /* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ -/* $KTH: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */ +/* $KTH: sysv_default.h,v 1.6 2001/06/04 14:08:41 assar Exp $ */ extern char *default_console; extern char *default_altsh; diff --git a/kerberosIV/src/appl/bsd/sysv_environ.c b/kerberosIV/src/appl/bsd/sysv_environ.c index f7b6c8fcbb5..5922b3c4b1c 100644 --- a/kerberosIV/src/appl/bsd/sysv_environ.c +++ b/kerberosIV/src/appl/bsd/sysv_environ.c @@ -18,7 +18,7 @@ #include "bsd_locl.h" -RCSID("$KTH: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $"); +RCSID("$KTH: sysv_environ.c,v 1.25 2001/06/04 14:08:41 assar Exp $"); #ifdef HAVE_ULIMIT_H #include <ulimit.h> @@ -52,8 +52,7 @@ read_etc_environment (void) if (val == NULL) continue; *val = '\0'; - if(setenv(buf, val + 1, 1) != 0) - errx(1, "cannot set %s", buf); + esetenv(buf, val + 1, 1); } fclose (f); } @@ -127,14 +126,12 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd, for (pp = preserved; pp->name; pp++) if (pp->value) - if(setenv(pp->name, pp->value, 1) != 0) - errx(1, "cannot set %s", pp->name); + esetenv(pp->name, pp->value, 1); /* The TERM definition from e.g. rlogind can override an existing one. */ if (term[0]) - if(setenv("TERM", term, 1) != 0) - errx(1, "cannot set TERM"); + esetenv("TERM", term, 1); /* * Environment definitions from the command line overrule existing ones, @@ -149,8 +146,7 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd, while (argc && *argv) { if (strchr(*argv, '=') == 0) { snprintf(buf, sizeof(buf), "L%d", count++); - if(setenv(buf, *argv, 1) != 0) - errx(1, "cannot set %s", buf); + esetenv(buf, *argv, 1); } else { for (cp = censored; cp->prefix; cp++) if (STREQN(*argv, cp->prefix, cp->length)) @@ -163,25 +159,20 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd, /* PATH is always reset. */ - if(setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1) != 0) - errx(1, "cannot set PATH"); + esetenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ - if(setenv("HOME", pwd->pw_dir, 1) != 0) - errx(1, "cannot set HOME"); + esetenv("HOME", pwd->pw_dir, 1); { char *sep = "/"; if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') sep = ""; roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); } - if(setenv("MAIL", buf, 1) != 0) - errx(1, "cannot set MAIL"); - if(setenv("LOGNAME", pwd->pw_name, 1) != 0) - errx(1, "cannot set LOGNAME"); - if(setenv("USER", pwd->pw_name, 1) != 0) - errx(1, "cannot set USER"); + esetenv("MAIL", buf, 1); + esetenv("LOGNAME", pwd->pw_name, 1); + esetenv("USER", pwd->pw_name, 1); /* * Variables that may be set according to specifications in the defaults @@ -192,14 +183,11 @@ void sysv_newenv(int argc, char **argv, struct passwd *pwd, */ if (strcasecmp(default_altsh, "YES") == 0) - if(setenv("SHELL", pwd->pw_shell, 1) != 0) - errx(1, "cannot set SHELL"); + esetenv("SHELL", pwd->pw_shell, 1); if (default_hz) - if(setenv("HZ", default_hz, 0) != 0) - errx(1, "cannot set HZ"); + esetenv("HZ", default_hz, 0); if (default_timezone) - if(setenv("TZ", default_timezone, 0) != 0) - errx(1, "cannot set TZ"); + esetenv("TZ", default_timezone, 0); /* Non-environment stuff. */ diff --git a/kerberosIV/src/appl/bsd/sysv_shadow.c b/kerberosIV/src/appl/bsd/sysv_shadow.c index 932a0280923..c6ab0b95843 100644 --- a/kerberosIV/src/appl/bsd/sysv_shadow.c +++ b/kerberosIV/src/appl/bsd/sysv_shadow.c @@ -18,7 +18,7 @@ #include "bsd_locl.h" -RCSID("$KTH: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $"); +RCSID("$KTH: sysv_shadow.c,v 1.9 2001/06/04 14:08:41 assar Exp $"); #ifdef SYSV_SHADOW diff --git a/kerberosIV/src/appl/bsd/utmpx_login.c b/kerberosIV/src/appl/bsd/utmpx_login.c index 14248c58091..691147ce708 100644 --- a/kerberosIV/src/appl/bsd/utmpx_login.c +++ b/kerberosIV/src/appl/bsd/utmpx_login.c @@ -18,7 +18,7 @@ #include "bsd_locl.h" -RCSID("$KTH: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $"); +RCSID("$KTH: utmpx_login.c,v 1.23 2001/06/04 14:08:41 assar Exp $"); /* utmpx_login - update utmp and wtmp after login */ @@ -37,7 +37,7 @@ utmpx_update(struct utmpx *ut, char *line, char *user, char *host) strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); #endif strncpy(ut->ut_user, user, sizeof(ut->ut_user)); - strncpy(ut->ut_host, host, sizeof(ut->ut_host)); + shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host)); #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN ut->ut_syslen = strlen(host) + 1; if (ut->ut_syslen > sizeof(ut->ut_host)) diff --git a/kerberosIV/src/appl/ftp/ftp/ftp.c b/kerberosIV/src/appl/ftp/ftp/ftp.c index b78f9b8e731..40a85fabec5 100644 --- a/kerberosIV/src/appl/ftp/ftp/ftp.c +++ b/kerberosIV/src/appl/ftp/ftp/ftp.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID ("$KTH: ftp.c,v 1.60.2.1 2000/06/23 02:45:40 assar Exp $"); +RCSID ("$KTH: ftp.c,v 1.70 2001/09/07 20:28:10 nectar Exp $"); struct sockaddr_storage hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; @@ -55,62 +55,59 @@ typedef void (*sighand) (int); char * hookup (const char *host, int port) { - struct hostent *hp = NULL; - int s, len; static char hostnamebuf[MaxHostNameLen]; + struct addrinfo *ai, *a; + struct addrinfo hints; int error; - int af; - char **h; - int ret; + char portstr[NI_MAXSERV]; + socklen_t len; + int s; -#ifdef HAVE_IPV6 - if (hp == NULL) - hp = getipnodebyname (host, AF_INET6, 0, &error); -#endif - if (hp == NULL) - hp = getipnodebyname (host, AF_INET, 0, &error); + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + hints.ai_flags = AI_CANONNAME; + + snprintf (portstr, sizeof(portstr), "%u", ntohs(port)); - if (hp == NULL) { - warnx ("%s: %s", host, hstrerror(error)); + error = getaddrinfo (host, portstr, &hints, &ai); + if (error) { + warnx ("%s: %s", host, gai_strerror(error)); code = -1; return NULL; } - strlcpy (hostnamebuf, hp->h_name, sizeof(hostnamebuf)); + strlcpy (hostnamebuf, host, sizeof(hostnamebuf)); hostname = hostnamebuf; - af = hisctladdr->sa_family = hp->h_addrtype; - for (h = hp->h_addr_list; - *h != NULL; - ++h) { - - s = socket (af, SOCK_STREAM, 0); - if (s < 0) { - warn ("socket"); - code = -1; - freehostent (hp); - return (0); - } - - socket_set_address_and_port (hisctladdr, *h, port); + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; - ret = connect (s, hisctladdr, socket_sockaddr_size(hisctladdr)); - if (ret < 0) { - char addr[256]; + if (a->ai_canonname != NULL) + strlcpy (hostnamebuf, a->ai_canonname, sizeof(hostnamebuf)); - if (inet_ntop (af, socket_get_address(hisctladdr), - addr, sizeof(addr)) == NULL) - strlcpy (addr, "unknown address", - sizeof(addr)); - warn ("connect %s", addr); + memcpy (hisctladdr, a->ai_addr, a->ai_addrlen); + + error = connect (s, a->ai_addr, a->ai_addrlen); + if (error < 0) { + char addrstr[256]; + + if (getnameinfo (a->ai_addr, a->ai_addrlen, + addrstr, sizeof(addrstr), + NULL, 0, NI_NUMERICHOST) != 0) + strlcpy (addrstr, "unknown address", sizeof(addrstr)); + + warn ("connect %s", addrstr); close (s); continue; } break; } - freehostent (hp); - if (ret < 0) { + freeaddrinfo (ai); + if (error < 0) { + warnx ("failed to contact %s", host); code = -1; - close (s); return NULL; } @@ -203,7 +200,9 @@ login (char *host) } strlcpy(username, user, sizeof(username)); n = command("USER %s", user); - if (n == CONTINUE) { + if (n == COMPLETE) + n = command("PASS dummy"); /* DK: Compatibility with gssftp daemon */ + else if(n == CONTINUE) { if (pass == NULL) { char prompt[128]; if(myname && @@ -532,9 +531,9 @@ empty (fd_set * mask, int sec) { struct timeval t; - t.tv_sec = (long) sec; + t.tv_sec = sec; t.tv_usec = 0; - return (select (32, mask, NULL, NULL, &t)); + return (select (FD_SETSIZE, mask, NULL, NULL, &t)); } jmp_buf sendabort; @@ -624,7 +623,7 @@ sendrequest (char *cmd, char *local, char *remote, char *lmode, int printnames) int c, d; FILE *fin, *dout = 0; int (*closefunc) (FILE *); - RETSIGTYPE (*oldintr)(), (*oldintp)(); + RETSIGTYPE (*oldintr)(int), (*oldintp)(int); long bytes = 0, hashbytes = HASHBYTES; char *rmode = "w"; @@ -1242,7 +1241,7 @@ static int active_mode (void) { int tmpno = 0; - int len; + socklen_t len; int result; noport: @@ -1368,7 +1367,8 @@ dataconn (const char *lmode) { struct sockaddr_storage from_ss; struct sockaddr *from = (struct sockaddr *)&from_ss; - int s, fromlen = sizeof (from_ss); + socklen_t fromlen = sizeof(from_ss); + int s; if (passivemode) return (fdopen (data, lmode)); @@ -1628,6 +1628,8 @@ abort: pswitch (!proxy); if (cpend) { FD_ZERO (&mask); + if (fileno(cin) >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (fileno (cin), &mask); if ((nfnd = empty (&mask, 10)) <= 0) { if (nfnd < 0) { @@ -1656,6 +1658,8 @@ reset (int argc, char **argv) FD_ZERO (&mask); while (nfnd > 0) { + if (fileno (cin) >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (fileno (cin), &mask); if ((nfnd = empty (&mask, 0)) < 0) { warn ("reset"); @@ -1729,8 +1733,12 @@ abort_remote (FILE * din) fprintf (cout, "%cABOR\r\n", DM); fflush (cout); FD_ZERO (&mask); + if (fileno (cin) >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (fileno (cin), &mask); if (din) { + if (fileno (din) >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (fileno (din), &mask); } if ((nfnd = empty (&mask, 10)) <= 0) { diff --git a/kerberosIV/src/appl/ftp/ftp/main.c b/kerberosIV/src/appl/ftp/ftp/main.c index 3e5924a3784..c2f106aade7 100644 --- a/kerberosIV/src/appl/ftp/ftp/main.c +++ b/kerberosIV/src/appl/ftp/ftp/main.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$KTH: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $"); +RCSID("$KTH: main.c,v 1.31 2001/02/20 01:44:43 assar Exp $"); int main(int argc, char **argv) @@ -52,9 +52,11 @@ main(int argc, char **argv) doglob = 1; interactive = 1; autologin = 1; + lineedit = 1; passivemode = 0; /* passive mode not active */ + use_kerberos = 1; - while ((ch = getopt(argc, argv, "dginptv")) != -1) { + while ((ch = getopt(argc, argv, "dgilnptvK")) != -1) { switch (ch) { case 'd': options |= SO_DEBUG; @@ -69,6 +71,9 @@ main(int argc, char **argv) interactive = 0; break; + case 'l': + lineedit = 0; + break; case 'n': autologin = 0; break; @@ -84,9 +89,14 @@ main(int argc, char **argv) verbose++; break; + case 'K': + /* Disable Kerberos authentication */ + use_kerberos = 0; + break; + default: fprintf(stderr, - "usage: ftp [-dginptv] [host [port]]\n"); + "usage: ftp [-dgilnptvK] [host [port]]\n"); exit(1); } } @@ -115,7 +125,7 @@ main(int argc, char **argv) exit(0); signal(SIGINT, intr); signal(SIGPIPE, lostpeer); - xargv[0] = (char*)__progname; + xargv[0] = (char*)getprogname(); xargv[1] = argv[0]; xargv[2] = argv[1]; xargv[3] = argv[2]; @@ -198,10 +208,8 @@ tail(filename) } */ -#ifndef HAVE_READLINE - static char * -readline(char *prompt) +simple_readline(char *prompt) { char buf[BUFSIZ]; printf ("%s", prompt); @@ -213,6 +221,14 @@ readline(char *prompt) return strdup(buf); } +#ifndef HAVE_READLINE + +static char * +readline(char *prompt) +{ + return simple_readline (prompt); +} + static void add_history(char *p) { @@ -241,13 +257,17 @@ cmdscanner(int top) for (;;) { if (fromatty) { char *p; - p = readline("ftp> "); + if (lineedit) + p = readline("ftp> "); + else + p = simple_readline("ftp> "); if(p == NULL) { printf("\n"); quit(0, 0); } strlcpy(line, p, sizeof(line)); - add_history(p); + if (lineedit) + add_history(p); free(p); } else{ if (fgets(line, sizeof line, stdin) == NULL) diff --git a/kerberosIV/src/appl/ftp/ftp/ruserpass.c b/kerberosIV/src/appl/ftp/ftp/ruserpass.c index 81c45785b88..6a61e175d7c 100644 --- a/kerberosIV/src/appl/ftp/ftp/ruserpass.c +++ b/kerberosIV/src/appl/ftp/ftp/ruserpass.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID("$KTH: ruserpass.c,v 1.16 1999/09/16 20:37:31 assar Exp $"); +RCSID("$KTH: ruserpass.c,v 1.19 2000/01/08 07:45:11 assar Exp $"); static int token (void); static FILE *cfile; @@ -71,10 +71,10 @@ static struct toktab { static char * guess_domain (char *hostname, size_t sz) { - struct hostent *he; + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; char *dot; - char *a; - char **aliases; if (gethostname (hostname, sz) < 0) { strlcpy (hostname, "", sz); @@ -84,23 +84,24 @@ guess_domain (char *hostname, size_t sz) if (dot != NULL) return dot + 1; - he = gethostbyname (hostname); - if (he == NULL) + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + + error = getaddrinfo (hostname, NULL, &hints, &ai); + if (error) return hostname; - dot = strchr (he->h_name, '.'); - if (dot != NULL) { - strlcpy (hostname, he->h_name, sz); - return dot + 1; - } - for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) { - dot = strchr (a, '.'); - if (dot != NULL) { - strlcpy (hostname, a, sz); - return dot + 1; + for (a = ai; a != NULL; a = a->ai_next) + if (a->ai_canonname != NULL) { + strlcpy (hostname, ai->ai_canonname, sz); + break; } - } - return hostname; + freeaddrinfo (ai); + dot = strchr (hostname, '.'); + if (dot != NULL) + return dot + 1; + else + return hostname; } int diff --git a/kerberosIV/src/appl/ftp/ftpd/ftpd.c b/kerberosIV/src/appl/ftp/ftpd/ftpd.c index 8bcabcafb80..70cd33fc03c 100644 --- a/kerberosIV/src/appl/ftp/ftpd/ftpd.c +++ b/kerberosIV/src/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$KTH: ftpd.c,v 1.131.2.8 2001/03/26 11:43:25 assar Exp $"); +RCSID("$KTH: ftpd.c,v 1.160 2001/09/13 09:17:14 joda Exp $"); static char version[] = "Version 6.00"; @@ -68,6 +68,7 @@ struct passwd *pw; int debug = 0; int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */ int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ +int restricted_data_ports = 1; int logging; int guest; int dochroot; @@ -136,7 +137,7 @@ static void myoob (int); static int checkuser (char *, char *); static int checkaccess (char *); static FILE *dataconn (const char *, off_t, const char *); -static void dolog (struct sockaddr *); +static void dolog (struct sockaddr *sa, int len); static void end_login (void); static FILE *getdatasock (const char *); static char *gunique (char *); @@ -206,6 +207,8 @@ int use_builtin_ls = -1; static int help_flag; static int version_flag; +static const char *good_chars = "+-=_,."; + struct getargs args[] = { { NULL, 'a', arg_string, &auth_string, "required authentication" }, { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" }, @@ -215,9 +218,11 @@ struct getargs args[] = { { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, + { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" }, { NULL, 'd', arg_flag, &debug, "enable debugging" }, { NULL, 'v', arg_flag, &debug, "enable debugging" }, { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, + { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" }, { "version", 0, arg_flag, &version_flag }, { "help", 'h', arg_flag, &help_flag } }; @@ -252,25 +257,27 @@ show_file(const char *file, int code) int main(int argc, char **argv) { - int addrlen, on = 1, tos; - char *cp, line[LINE_MAX]; - FILE *fd; + socklen_t his_addr_len, ctrl_addr_len; + int on = 1; int port; struct servent *sp; int optind = 0; -#ifdef KRB4 /* detach from any tickets and tokens */ { +#ifdef KRB4 char tkfile[1024]; snprintf(tkfile, sizeof(tkfile), "/tmp/ftp_%u", (unsigned)getpid()); krb_set_tkt_string(tkfile); +#endif +#if defined(KRB4) && defined(KRB5) if(k_hasafs()) k_setpag(); - } #endif + } + if(getarg(args, num_args, argc, argv, &optind)) usage(1); @@ -328,7 +335,6 @@ main(int argc, char **argv) ftpd_timeout = maxtimeout; #endif - if(interactive_flag) mini_inetd (port); @@ -337,21 +343,24 @@ main(int argc, char **argv) * necessary for anonymous ftp's that chroot and can't do it later. */ openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); - addrlen = sizeof(his_addr_ss); - if (getpeername(STDIN_FILENO, his_addr, &addrlen) < 0) { + his_addr_len = sizeof(his_addr_ss); + if (getpeername(STDIN_FILENO, his_addr, &his_addr_len) < 0) { syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); exit(1); } - addrlen = sizeof(ctrl_addr_ss); - if (getsockname(STDIN_FILENO, ctrl_addr, &addrlen) < 0) { + ctrl_addr_len = sizeof(ctrl_addr_ss); + if (getsockname(STDIN_FILENO, ctrl_addr, &ctrl_addr_len) < 0) { syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); exit(1); } #if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) - tos = IPTOS_LOWDELAY; - if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) - syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); + { + int tos = IPTOS_LOWDELAY; + + if (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, + (void *)&tos, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); + } #endif data_source->sa_family = ctrl_addr->sa_family; socket_set_port (data_source, @@ -380,7 +389,7 @@ main(int argc, char **argv) if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) syslog(LOG_ERR, "fcntl F_SETOWN: %m"); #endif - dolog(his_addr); + dolog(his_addr, his_addr_len); /* * Set up default state */ @@ -707,7 +716,6 @@ checkaccess(char *name) int do_login(int code, char *passwd) { - FILE *fd; login_attempts = 0; /* this time successful */ if (setegid((gid_t)pw->pw_gid) < 0) { reply(550, "Can't set gid."); @@ -831,6 +839,51 @@ end_login(void) dochroot = 0; } +#ifdef KRB5 +static int +krb5_verify(struct passwd *pwd, char *passwd) +{ + krb5_context context; + krb5_ccache id; + krb5_principal princ; + krb5_error_code ret; + + ret = krb5_init_context(&context); + if(ret) + return ret; + + ret = krb5_parse_name(context, pwd->pw_name, &princ); + if(ret){ + krb5_free_context(context); + return ret; + } + ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &id); + if(ret){ + krb5_free_principal(context, princ); + krb5_free_context(context); + return ret; + } + ret = krb5_verify_user(context, + princ, + id, + passwd, + 1, + NULL); + krb5_free_principal(context, princ); +#ifdef KRB4 + if (k_hasafs()) { + k_setpag(); + krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir); + } +#endif /* KRB4 */ + krb5_cc_destroy(context, id); + krb5_free_context (context); + if(ret) + return ret; + return 0; +} +#endif /* KRB5 */ + void pass(char *passwd) { @@ -857,19 +910,25 @@ pass(char *passwd) } #endif else if((auth_level & AUTH_OTP) == 0) { +#ifdef KRB5 + rval = krb5_verify(pw, passwd); +#endif #ifdef KRB4 - char realm[REALM_SZ]; - if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) - rval = krb_verify_user(pw->pw_name, - "", realm, - passwd, - KRB_VERIFY_SECURE, NULL); - if (rval == KSUCCESS ) { - chown (tkt_string(), pw->pw_uid, pw->pw_gid); - if(k_hasafs()) - krb_afslog(0, 0); - } else + if (rval) { + char realm[REALM_SZ]; + if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) + rval = krb_verify_user(pw->pw_name, + "", realm, + passwd, + KRB_VERIFY_SECURE, NULL); + if (rval == KSUCCESS ) { + chown (tkt_string(), pw->pw_uid, pw->pw_gid); + if(k_hasafs()) + krb_afslog(0, 0); + } + } #endif + if (rval) rval = unix_verify_user(pw->pw_name, passwd); } else { char *s; @@ -1046,7 +1105,6 @@ done: int filename_check(char *filename) { - static const char good_chars[] = "+-=_,."; char *p; p = strrchr(filename, '/'); @@ -1062,7 +1120,7 @@ filename_check(char *filename) if(*p == '\0') return 0; } - lreply(553, "\"%s\" is an illegal filename.", filename); + lreply(553, "\"%s\" is not an acceptable filename.", filename); lreply(553, "The filename must start with an alphanumeric " "character and must only"); reply(553, "consist of alphanumeric characters or any of the following: %s", @@ -1129,18 +1187,22 @@ do_store(char *name, char *mode, int unique) goto done; set_buffer_size(fileno(din), 1); if (receive_data(din, fout) == 0) { + if((*closefunc)(fout) < 0) + perror_reply(552, name); + else { if (unique) reply(226, "Transfer complete (unique file name:%s).", name); else reply(226, "Transfer complete."); - } + } + } else + (*closefunc)(fout); fclose(din); data = -1; pdata = -1; done: LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count); - (*closefunc)(fout); } static FILE * @@ -1182,6 +1244,26 @@ bad: return (NULL); } +static int +accept_with_timeout(int socket, + struct sockaddr *address, + size_t *address_len, + struct timeval *timeout) +{ + int ret; + fd_set rfd; + FD_ZERO(&rfd); + FD_SET(socket, &rfd); + ret = select(socket + 1, &rfd, NULL, NULL, timeout); + if(ret < 0) + return ret; + if(ret == 0) { + errno = ETIMEDOUT; + return -1; + } + return accept(socket, address, address_len); +} + static FILE * dataconn(const char *name, off_t size, const char *mode) { @@ -1198,10 +1280,13 @@ dataconn(const char *name, off_t size, const char *mode) if (pdata >= 0) { struct sockaddr_storage from_ss; struct sockaddr *from = (struct sockaddr *)&from_ss; + struct timeval timeout; int s; - int fromlen = sizeof(from_ss); + socklen_t fromlen = sizeof(from_ss); - s = accept(pdata, from, &fromlen); + timeout.tv_sec = 15; + timeout.tv_usec = 0; + s = accept_with_timeout(pdata, from, &fromlen, &timeout); if (s < 0) { reply(425, "Can't open data connection."); close(pdata); @@ -1761,11 +1846,10 @@ renamecmd(char *from, char *to) } static void -dolog(struct sockaddr *sa) +dolog(struct sockaddr *sa, int len) { - struct sockaddr_in *sin = (struct sockaddr_in *)sa; - - inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost)); + getnameinfo_verified (sa, len, remotehost, sizeof(remotehost), + NULL, 0, 0); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); setproctitle("%s", proctitle); @@ -1868,7 +1952,7 @@ myoob(int signo) void pasv(void) { - int len; + socklen_t len; char *p, *a; struct sockaddr_in *sin; @@ -1890,6 +1974,8 @@ pasv(void) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); seteuid(0); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { seteuid(pw->pw_uid); @@ -1921,7 +2007,7 @@ pasv_error: void epsv(char *proto) { - int len; + socklen_t len; pdata = socket(ctrl_addr->sa_family, SOCK_STREAM, 0); if (pdata < 0) { @@ -1932,6 +2018,8 @@ epsv(char *proto) socket_set_address_and_port (pasv_addr, socket_get_address (ctrl_addr), 0); + socket_set_portrange(pdata, restricted_data_ports, + pasv_addr->sa_family); seteuid(0); if (bind(pdata, pasv_addr, socket_sockaddr_size (pasv_addr)) < 0) { seteuid(pw->pw_uid); @@ -2104,7 +2192,13 @@ send_file_list(char *whichf) char buf[MaxPathLen]; if (strpbrk(whichf, "~{[*?") != NULL) { - int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT; + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE| +#ifdef GLOB_MAXPATH + GLOB_MAXPATH +#else + GLOB_LIMIT +#endif + ; memset(&gl, 0, sizeof(gl)); freeglob = 1; diff --git a/kerberosIV/src/appl/kauth/kauth.c b/kerberosIV/src/appl/kauth/kauth.c index 362af2c6803..696e8fa73ab 100644 --- a/kerberosIV/src/appl/kauth/kauth.c +++ b/kerberosIV/src/appl/kauth/kauth.c @@ -41,7 +41,7 @@ #include "kauth.h" -RCSID("$KTH: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $"); +RCSID("$KTH: kauth.c,v 1.101 2001/02/20 01:44:44 assar Exp $"); krb_principal princ; static char srvtab[MaxPathLen]; @@ -60,7 +60,7 @@ usage(void) " %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n" " [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n" " [-h hosts... [--]] [command ... ]\n\n", - __progname, __progname); + getprogname(), getprogname()); fprintf(stderr, "A fully qualified name can be given: user[.instance][@realm]\n" "Realm is converted to uppercase!\n"); @@ -274,7 +274,6 @@ main(int argc, char **argv) break; case 'v': version_flag++; - print_version(NULL); break; case '?': default: @@ -315,8 +314,7 @@ main(int argc, char **argv) }while(f < 0); close(f); unlink(tf); - if(setenv("KRBTKFILE", tf, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv("KRBTKFILE", tf, 1); krb_set_tkt_string (tf); } diff --git a/kerberosIV/src/appl/kauth/kauthd.c b/kerberosIV/src/appl/kauth/kauthd.c index feb66f6c8c7..2c1dda582b9 100644 --- a/kerberosIV/src/appl/kauth/kauthd.c +++ b/kerberosIV/src/appl/kauth/kauthd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kauth.h" -RCSID("$KTH: kauthd.c,v 1.25.2.1 2000/06/28 19:07:58 assar Exp $"); +RCSID("$KTH: kauthd.c,v 1.30 2001/02/20 23:13:06 assar Exp $"); krb_principal princ; static char locuser[SNAME_SZ]; @@ -80,7 +80,7 @@ doit(int sock) char instance[INST_SZ]; des_key_schedule schedule; struct sockaddr_in thisaddr, thataddr; - int addrlen; + socklen_t addrlen; int len; char buf[BUFSIZ]; void *data; @@ -99,7 +99,9 @@ doit(int sock) return 1; } - inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost)); + getnameinfo_verified ((struct sockaddr *)&thataddr, sizeof(thataddr), + remotehost, sizeof(remotehost), + NULL, 0, 0); k_getsockinst (sock, instance, sizeof(instance)); status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, @@ -172,9 +174,14 @@ doit(int sock) lifetime, NULL, decrypt_remote_tkt, &arg); } if (status == KSUCCESS) { + char remoteaddr[INET6_ADDRSTRLEN]; + + getnameinfo ((struct sockaddr *)&thataddr, sizeof(thataddr), + remoteaddr, sizeof(remoteaddr), + NULL, 0, NI_NUMERICHOST); + syslog (LOG_INFO, "from %s(%s): %s -> %s", - remotehost, - inet_ntoa(thataddr.sin_addr), + remotehost, remoteaddr, locuser, krb_unparse_name (&princ)); write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, @@ -192,6 +199,8 @@ doit(int sock) int main (int argc, char **argv) { + set_progname(argv[0]); + openlog ("kauthd", LOG_ODELAY, LOG_AUTH); if(argc > 1 && strcmp(argv[1], "-i") == 0) diff --git a/kerberosIV/src/appl/kip/common.c b/kerberosIV/src/appl/kip/common.c index f01abd70f45..05e4dcea06d 100644 --- a/kerberosIV/src/appl/kip/common.c +++ b/kerberosIV/src/appl/kip/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kip.h" -RCSID("$KTH: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $"); +RCSID("$KTH: common.c,v 1.19 2001/09/17 04:58:48 assar Exp $"); volatile sig_atomic_t disconnect = 0; int isserver = 0; @@ -128,7 +128,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, len = 1; buf[len-1] = '\0'; - fatal (-1, buf, schedule, &iv2); + fatal (-1, (const char *)buf, schedule, &iv2); return -1; } diff --git a/kerberosIV/src/appl/kip/kip.c b/kerberosIV/src/appl/kip/kip.c index 12a66006d02..c7fa985375b 100644 --- a/kerberosIV/src/appl/kip/kip.c +++ b/kerberosIV/src/appl/kip/kip.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kip.h" -RCSID("$KTH: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $"); +RCSID("$KTH: kip.c,v 1.22 2001/09/17 04:58:07 assar Exp $"); static char *cmd_str = NULL; static char *arg_str = NULL; @@ -73,7 +73,7 @@ connect_host (char *host, int port, MSG_DAT msg; int status; struct sockaddr_in thisaddr, thataddr; - int addrlen; + socklen_t addrlen; struct hostent *hostent; int s; u_char b; diff --git a/kerberosIV/src/appl/kip/kip.h b/kerberosIV/src/appl/kip/kip.h index e9dac39063e..2e2d039a717 100644 --- a/kerberosIV/src/appl/kip/kip.h +++ b/kerberosIV/src/appl/kip/kip.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $KTH: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */ +/* $KTH: kip.h,v 1.20 2000/12/29 22:10:11 assar Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -71,6 +71,9 @@ #include <netinet/tcp.h> #endif #include <netdb.h> +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif #ifdef HAVE_SYS_SOCKIO_H #include <sys/sockio.h> #endif diff --git a/kerberosIV/src/appl/kip/kipd.c b/kerberosIV/src/appl/kip/kipd.c index f53b3b147fb..d3618f34b36 100644 --- a/kerberosIV/src/appl/kip/kipd.c +++ b/kerberosIV/src/appl/kip/kipd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kip.h" -RCSID("$KTH: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $"); +RCSID("$KTH: kipd.c,v 1.22 2001/09/17 04:42:48 assar Exp $"); static int recv_conn (int sock, des_cblock *key, des_key_schedule schedule, @@ -44,7 +44,7 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule, AUTH_DAT auth; char instance[INST_SZ]; struct sockaddr_in thisaddr, thataddr; - int addrlen; + socklen_t addrlen; char version[KRB_SENDAUTH_VLEN + 1]; u_char ok = 0; struct passwd *passwd; diff --git a/kerberosIV/src/appl/kx/kx.c b/kerberosIV/src/appl/kx/kx.c index 1715d1bc0a2..e066fa23a30 100644 --- a/kerberosIV/src/appl/kx/kx.c +++ b/kerberosIV/src/appl/kx/kx.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kx.h" -RCSID("$KTH: kx.c,v 1.63 1999/12/02 16:58:32 joda Exp $"); +RCSID("$KTH: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $"); static int nchild; static int donep; @@ -96,50 +96,54 @@ usr2handler (int sig) static int connect_host (kx_context *kc) { - int addrlen; - struct hostent *hostent; - int s; - char **p; - struct sockaddr_in thisaddr; - struct sockaddr_in thataddr; - - hostent = gethostbyname (kc->host); - if (hostent == NULL) { - warnx ("gethostbyname '%s' failed: %s", kc->host, - hstrerror(h_errno)); - return -1; - } + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + char portstr[NI_MAXSERV]; + socklen_t addrlen; + int s; + struct sockaddr_storage thisaddr_ss; + struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss; - memset (&thataddr, 0, sizeof(thataddr)); - thataddr.sin_family = AF_INET; - thataddr.sin_port = kc->port; - for(p = hostent->h_addr_list; *p; ++p) { - memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; - s = socket (AF_INET, SOCK_STREAM, 0); - if (s < 0) - err (1, "socket"); + snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port)); - if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) { - warn ("connect(%s)", kc->host); - close (s); - continue; - } else { - break; - } - } - if (*p == NULL) - return -1; - - addrlen = sizeof(thisaddr); - if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || - addrlen != sizeof(thisaddr)) - err(1, "getsockname(%s)", kc->host); - kc->thisaddr = thisaddr; - kc->thataddr = thataddr; - if ((*kc->authenticate)(kc, s)) - return -1; - return s; + error = getaddrinfo (kc->host, portstr, &hints, &ai); + if (error) { + warnx ("%s: %s", kc->host, gai_strerror(error)); + return -1; + } + + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + warn ("connect(%s)", kc->host); + close (s); + continue; + } + break; + } + + if (a == NULL) { + freeaddrinfo (ai); + return -1; + } + + addrlen = a->ai_addrlen; + if (getsockname (s, thisaddr, &addrlen) < 0 || + addrlen != a->ai_addrlen) + err(1, "getsockname(%s)", kc->host); + memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr)); + memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr)); + freeaddrinfo (ai); + if ((*kc->authenticate)(kc, s)) + return -1; + return s; } /* @@ -443,11 +447,14 @@ doit_active (kx_context *kc) fd_set fdset; pid_t child; int fd, thisfd = -1; - int zero = 0; + socklen_t zero = 0; FD_ZERO(&fdset); - for (i = 0; i < nsockets; ++i) + for (i = 0; i < nsockets; ++i) { + if (sockets[i].fd >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET(sockets[i].fd, &fdset); + } if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0) continue; for (i = 0; i < nsockets; ++i) diff --git a/kerberosIV/src/appl/kx/kxd.c b/kerberosIV/src/appl/kx/kxd.c index 73106d2e20d..e16e031bf2d 100644 --- a/kerberosIV/src/appl/kx/kxd.c +++ b/kerberosIV/src/appl/kx/kxd.c @@ -33,7 +33,7 @@ #include "kx.h" -RCSID("$KTH: kxd.c,v 1.61.2.1 2000/06/28 19:08:00 assar Exp $"); +RCSID("$KTH: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $"); static pid_t wait_on_pid = -1; static int done = 0; @@ -114,10 +114,11 @@ recv_conn (int sock, kx_context *kc, { u_char msg[1024], *p; char user[256]; - int addrlen; + socklen_t addrlen; struct passwd *passwd; struct sockaddr_in thisaddr, thataddr; char remotehost[MaxHostNameLen]; + char remoteaddr[INET6_ADDRSTRLEN]; int ret = 1; int flags; int len; @@ -139,7 +140,9 @@ recv_conn (int sock, kx_context *kc, kc->thisaddr = thisaddr; kc->thataddr = thataddr; - inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost)); + getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen, + remotehost, sizeof(remotehost), + NULL, 0, 0); if (net_read (sock, msg, 4) != 4) { syslog (LOG_ERR, "read: %m"); @@ -225,9 +228,11 @@ recv_conn (int sock, kx_context *kc, syslog(LOG_ERR, "setting uid/groups: %m"); fatal (kc, sock, "cannot set uid"); } + inet_ntop (thataddr.sin_family, + &thataddr.sin_addr, remoteaddr, sizeof(remoteaddr)); + syslog (LOG_INFO, "from %s(%s): %s -> %s", - remotehost, - inet_ntoa(thataddr.sin_addr), + remotehost, remoteaddr, kc->user, user); umask(077); if (!(flags & PASSIVE)) { @@ -292,7 +297,7 @@ doit_conn (kx_context *kc, int sock, sock2; struct sockaddr_in addr; struct sockaddr_in thisaddr; - int addrlen; + socklen_t addrlen; u_char msg[1024], *p; sock = socket (AF_INET, SOCK_STREAM, 0); @@ -490,9 +495,21 @@ doit_passive (kx_context *kc, int cookiesp = TRUE; FD_ZERO(&fds); + if (sock >= FD_SETSIZE) { + syslog (LOG_ERR, "fd too large"); + cleanup(nsockets, sockets); + return 1; + } + FD_SET(sock, &fds); - for (i = 0; i < nsockets; ++i) + for (i = 0; i < nsockets; ++i) { + if (sockets[i].fd >= FD_SETSIZE) { + syslog (LOG_ERR, "fd too large"); + cleanup(nsockets, sockets); + return 1; + } FD_SET(sockets[i].fd, &fds); + } ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL); if(ret <= 0) continue; @@ -506,7 +523,7 @@ doit_passive (kx_context *kc, if (FD_ISSET(sockets[i].fd, &fds)) { if (sockets[i].flags == TCP) { struct sockaddr_in peer; - int len = sizeof(peer); + socklen_t len = sizeof(peer); fd = accept (sockets[i].fd, (struct sockaddr *)&peer, @@ -521,7 +538,7 @@ doit_passive (kx_context *kc, errno = EINTR; } } else if(sockets[i].flags == UNIX_SOCKET) { - int zero = 0; + socklen_t zero = 0; fd = accept (sockets[i].fd, NULL, &zero); @@ -722,7 +739,7 @@ main (int argc, char **argv) } } else { #if defined(KRB5) - port = krb5_getportbyname(NULL, "kx", "tcp", htons(KX_PORT)); + port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT); #elif defined(KRB4) port = k_getportbyname ("kx", "tcp", htons(KX_PORT)); #else diff --git a/kerberosIV/src/appl/otp/otp.c b/kerberosIV/src/appl/otp/otp.c index f539aaf82a4..523d485a5a1 100644 --- a/kerberosIV/src/appl/otp/otp.c +++ b/kerberosIV/src/appl/otp/otp.c @@ -34,7 +34,7 @@ #include "otp_locl.h" #include <getarg.h> -RCSID("$KTH: otp.c,v 1.32 1999/12/02 16:58:32 joda Exp $"); +RCSID("$KTH: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $"); static int listp; static int deletep; diff --git a/kerberosIV/src/appl/otp/otpprint.c b/kerberosIV/src/appl/otp/otpprint.c index 2099aa167c2..a43822a74ab 100644 --- a/kerberosIV/src/appl/otp/otpprint.c +++ b/kerberosIV/src/appl/otp/otpprint.c @@ -34,7 +34,7 @@ #include "otp_locl.h" #include <getarg.h> -RCSID("$KTH: otpprint.c,v 1.13 1999/12/02 16:58:33 joda Exp $"); +RCSID("$KTH: otpprint.c,v 1.14 2001/02/20 01:44:46 assar Exp $"); static int extendedp; static int count = 10; diff --git a/kerberosIV/src/appl/popper/pop_debug.c b/kerberosIV/src/appl/popper/pop_debug.c index 912854b0a09..4943fe1c802 100644 --- a/kerberosIV/src/appl/popper/pop_debug.c +++ b/kerberosIV/src/appl/popper/pop_debug.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -34,7 +34,7 @@ /* Tiny program to help debug popper */ #include "popper.h" -RCSID("$KTH: pop_debug.c,v 1.16 1999/12/02 16:58:33 joda Exp $"); +RCSID("$KTH: pop_debug.c,v 1.21 2001/02/20 01:44:47 assar Exp $"); static void loop(int s) @@ -66,44 +66,32 @@ loop(int s) static int get_socket (const char *hostname, int port) { - struct hostent *hostent = NULL; - char **h; - int error; - int af; - -#ifdef HAVE_IPV6 - if (hostent == NULL) - hostent = getipnodebyname (hostname, AF_INET6, 0, &error); -#endif - if (hostent == NULL) - hostent = getipnodebyname (hostname, AF_INET, 0, &error); - - if (hostent == NULL) - errx(1, "gethostbyname '%s' failed: %s", hostname, hstrerror(error)); - - af = hostent->h_addrtype; + int ret; + struct addrinfo *ai, *a; + struct addrinfo hints; + char portstr[NI_MAXSERV]; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + snprintf (portstr, sizeof(portstr), "%d", ntohs(port)); + ret = getaddrinfo (hostname, portstr, &hints, &ai); + if (ret) + errx (1, "getaddrinfo %s: %s", hostname, gai_strerror (ret)); - for (h = hostent->h_addr_list; *h != NULL; ++h) { - struct sockaddr_storage sa_ss; - struct sockaddr *sa = (struct sockaddr *)&sa_ss; + for (a = ai; a != NULL; a = a->ai_next) { int s; - sa->sa_family = af; - socket_set_address_and_port (sa, *h, port); - - s = socket (af, SOCK_STREAM, 0); + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) - err (1, "socket"); - if (connect (s, sa, socket_sockaddr_size(sa)) < 0) { - warn ("connect(%s)", hostname); + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { close (s); continue; } - freehostent (hostent); + freeaddrinfo (ai); return s; } - freehostent (hostent); - exit (1); + err (1, "failed to connect to %s", hostname); } #ifdef KRB4 @@ -149,7 +137,9 @@ doit_v5 (char *host, int port) krb5_principal server; int s = get_socket (host, port); - krb5_init_context (&context); + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); ret = krb5_sname_to_principal (context, host, @@ -257,6 +247,15 @@ main(int argc, char **argv) port = htons(port); } } + if (port == 0) { +#ifdef KRB5 + port = krb5_getportbyname (NULL, "kpop", "tcp", 1109); +#elif defined(KRB4) + port = k_getportbyname ("kpop", "tcp", 1109); +#else +#error must define KRB4 or KRB5 +#endif + } #if defined(KRB4) && defined(KRB5) if(use_v4 == -1 && use_v5 == 1) diff --git a/kerberosIV/src/appl/popper/pop_init.c b/kerberosIV/src/appl/popper/pop_init.c index ada8d958375..32da78117ac 100644 --- a/kerberosIV/src/appl/popper/pop_init.c +++ b/kerberosIV/src/appl/popper/pop_init.c @@ -5,7 +5,7 @@ */ #include <popper.h> -RCSID("$KTH: pop_init.c,v 1.51.2.1 2000/04/12 15:47:58 assar Exp $"); +RCSID("$KTH: pop_init.c,v 1.58 2001/02/20 01:44:47 assar Exp $"); #if defined(KRB4) || defined(KRB5) @@ -21,6 +21,34 @@ pop_net_read(POP *p, int fd, void *buf, size_t len) } #endif +static char *addr_log; + +static void +pop_write_addr(POP *p, struct sockaddr *addr) +{ + char ts[32]; + char as[128]; + time_t t; + FILE *f; + if(addr_log == NULL) + return; + t = time(NULL); + strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t)); + if(inet_ntop (addr->sa_family, socket_get_address(addr), + as, sizeof(as)) == NULL) { + pop_log(p, POP_PRIORITY, "failed to print address"); + return; + } + + f = fopen(addr_log, "a"); + if(f == NULL) { + pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log); + return; + } + fprintf(f, "%s %s\n", as, ts); + fclose(f); +} + #ifdef KRB4 static int krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) @@ -58,7 +86,7 @@ krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client, p->kdata.pname, p->kdata.pinst, p->kdata.prealm, krb_get_err_text(auth)); - exit (1); + return -1; } #ifdef DEBUG @@ -77,6 +105,7 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) krb5_auth_context auth_context = NULL; u_int32_t len; krb5_ticket *ticket; + char *server; if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) return -1; @@ -96,28 +125,35 @@ krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) KRB5_RECVAUTH_IGNORE_VERSION, NULL, &ticket); - if (ret == 0) { - char *s; - ret = krb5_unparse_name(p->context, ticket->server, &s); - if(ret) { - pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", - krb5_get_err_text(p->context, ret)); - exit(1); - } - /* does this make sense? */ - if(strncmp(server, "pop/", 4) != 0) { - pop_log(p, POP_PRIORITY, - "Got ticket for service `%s'", server); - exit(1); - } else if(p->debug) - pop_log(p, POP_DEBUG, - "Accepted ticket for service `%s'", s); - free(s); - krb5_auth_con_free (p->context, auth_context); - krb5_copy_principal (p->context, ticket->client, &p->principal); - krb5_free_ticket (p->context, ticket); + if (ret) { + pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", + krb5_get_err_text(p->context, ret)); + return -1; + } + + ret = krb5_unparse_name(p->context, ticket->server, &server); + if(ret) { + pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", + krb5_get_err_text(p->context, ret)); + ret = -1; + goto out; } + /* does this make sense? */ + if(strncmp(server, "pop/", 4) != 0) { + pop_log(p, POP_PRIORITY, + "Got ticket for service `%s'", server); + ret = -1; + goto out; + } else if(p->debug) + pop_log(p, POP_DEBUG, + "Accepted ticket for service `%s'", server); + free(server); + out: + krb5_auth_con_free (p->context, auth_context); + krb5_copy_principal (p->context, ticket->client, &p->principal); + krb5_free_ticket (p->context, ticket); + return ret; } #endif @@ -135,12 +171,14 @@ krb_authenticate(POP *p, struct sockaddr *addr) } #ifdef KRB4 if (krb4_authenticate (p, 0, buf, addr) == 0){ + pop_write_addr(p, addr); p->version = 4; return POP_SUCCESS; } #endif #ifdef KRB5 if (krb5_authenticate (p, 0, buf, addr) == 0){ + pop_write_addr(p, addr); p->version = 5; return POP_SUCCESS; } @@ -178,6 +216,7 @@ static struct getargs args[] = { { "port", 'p', arg_string, &port_str, "port to listen to", "port" }, { "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" }, { "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" }, + { "address-log", 0, arg_string, &addr_log, "enable address log", "file" }, { "help", 'h', arg_flag, &help_flag }, { "version", 'v', arg_flag, &version_flag } }; @@ -206,8 +245,7 @@ pop_init(POP *p,int argcount,char **argmessage) { struct sockaddr_storage cs_ss; struct sockaddr *cs = (struct sockaddr *)&cs_ss; - struct hostent * ch; /* Client host information */ - int len; + socklen_t len; char * trace_file_name = "/tmp/popper-trace"; int portnum = 0; int optind = 0; @@ -217,16 +255,22 @@ pop_init(POP *p,int argcount,char **argmessage) memset (p, 0, sizeof(POP)); /* Save my name in a global variable */ - p->myname = (char*)__progname; + p->myname = (char*)getprogname(); /* Get the name of our host */ gethostname(p->myhost,MaxHostNameLen); #ifdef KRB5 - krb5_init_context (&p->context); + { + krb5_error_code ret; - krb5_openlog(p->context, p->myname, &p->logf); - krb5_set_warn_dest(p->context, p->logf); + ret = krb5_init_context (&p->context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + krb5_openlog(p->context, p->myname, &p->logf); + krb5_set_warn_dest(p->context, p->logf); + } #else /* Open the log file */ roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY); @@ -312,59 +356,13 @@ pop_init(POP *p,int argcount,char **argmessage) p->ipport = ntohs(socket_get_port (cs)); /* Get the canonical name of the host to whom I am speaking */ - ch = getipnodebyaddr (socket_get_address (cs), - socket_addr_size (cs), - cs->sa_family, - &error); - if (ch == NULL){ - pop_log(p,POP_PRIORITY, - "Unable to get canonical name of client, err = %d",error); + error = getnameinfo_verified (cs, len, p->client, sizeof(p->client), + NULL, 0, 0); + if (error) { + pop_log (p, POP_PRIORITY, + "getnameinfo: %s", gai_strerror (error)); strlcpy (p->client, p->ipaddr, sizeof(p->client)); } - /* Save the cannonical name of the client host in - the POP parameter block */ - else { - /* Distrust distant nameservers */ - struct hostent * ch_again; - char * * addrp; - - /* See if the name obtained for the client's IP - address returns an address */ - ch_again = getipnodebyname (ch->h_name, - cs->sa_family, - 0, - &error); - - if (ch_again == NULL) { - pop_log(p,POP_PRIORITY, - "Client at \"%s\" resolves to an unknown host name \"%s\"", - p->ipaddr,ch->h_name); - strlcpy (p->client, p->ipaddr, sizeof(p->client)); - } - else { - /* Save the host name (the previous value was - destroyed by gethostbyname) */ - strlcpy (p->client, ch->h_name, sizeof(p->client)); - - /* Look for the client's IP address in the list returned - for its name */ - for (addrp=ch_again->h_addr_list; *addrp; ++addrp) - if (memcmp(*addrp, - socket_get_address (cs), - socket_addr_size (cs)) == 0) - break; - - if (!*addrp) { - pop_log (p,POP_PRIORITY, - "Client address \"%s\" not listed for its host name \"%s\"", - p->ipaddr,ch->h_name); - strlcpy (p->client, p->ipaddr, sizeof(p->client)); - } - } - freehostent (ch_again); - } - if(ch != NULL) - freehostent (ch); /* Create input file stream for TCP/IP communication */ if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){ diff --git a/kerberosIV/src/appl/push/push.c b/kerberosIV/src/appl/push/push.c index 303ec8bf9a0..8f39b401ff6 100644 --- a/kerberosIV/src/appl/push/push.c +++ b/kerberosIV/src/appl/push/push.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "push_locl.h" -RCSID("$KTH: push.c,v 1.34.2.1 1999/12/06 17:25:28 assar Exp $"); +RCSID("$KTH: push.c,v 1.45 2001/09/04 09:45:52 assar Exp $"); #ifdef KRB4 static int use_v4 = -1; @@ -72,7 +72,7 @@ struct getargs args[] = { "number-or-service" }, { "from", 0, arg_flag, &do_from, "Behave like from", NULL }, - { "header", 0, arg_string, &header_str, "Header string to print", NULL }, + { "headers", 0, arg_string, &header_str, "Headers to print", NULL }, { "count", 'c', arg_flag, &do_count, "Print number of messages", NULL}, { "version", 0, arg_flag, &do_version, "Print version", NULL }, @@ -87,7 +87,7 @@ usage (int ret) arg_printusage (args, sizeof(args) / sizeof(args[0]), NULL, - "[[{po:username[@hostname] | hostname[:username]}] ...]" + "[[{po:username[@hostname] | hostname[:username]}] ...] " "filename"); exit (ret); } @@ -95,45 +95,39 @@ usage (int ret) static int do_connect (const char *hostname, int port, int nodelay) { - struct hostent *hostent = NULL; - char **h; + struct addrinfo *ai, *a; + struct addrinfo hints; int error; - int af; - int s; - -#ifdef HAVE_IPV6 - if (hostent == NULL) - hostent = getipnodebyname (hostname, AF_INET6, 0, &error); -#endif - if (hostent == NULL) - hostent = getipnodebyname (hostname, AF_INET, 0, &error); + int s = -1; + char portstr[NI_MAXSERV]; - if (hostent == NULL) - errx(1, "gethostbyname '%s' failed: %s", hostname, hstrerror(error)); + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; - af = hostent->h_addrtype; + snprintf (portstr, sizeof(portstr), "%u", ntohs(port)); - for (h = hostent->h_addr_list; *h != NULL; ++h) { - struct sockaddr_storage sa_ss; - struct sockaddr *sa = (struct sockaddr *)&sa_ss; + error = getaddrinfo (hostname, portstr, &hints, &ai); + if (error) + errx (1, "getaddrinfo(%s): %s", hostname, gai_strerror(error)); - sa->sa_family = af; - socket_set_address_and_port (sa, *h, port); - - s = socket (af, SOCK_STREAM, 0); + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); if (s < 0) - err (1, "socket"); - if (connect(s, sa, socket_sockaddr_size(sa)) < 0) { - warn ("connect(%s)", hostname); - close (s); continue; - } else { - break; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + warn ("connect(%s)", hostname); + close (s); + continue; } + break; } - freehostent (hostent); - if (*h == NULL) + freeaddrinfo (ai); + if (a == NULL) { + warnx ("failed to contact %s", hostname); return -1; + } + if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (void *)&nodelay, sizeof(nodelay)) < 0) err (1, "setsockopt TCP_NODELAY"); @@ -163,9 +157,7 @@ write_state_init (struct write_state *w, int fd) #endif w->allociovecs = min(STEP, w->maxiovecs); w->niovecs = 0; - w->iovecs = malloc(w->allociovecs * sizeof(*w->iovecs)); - if (w->iovecs == NULL) - err (1, "malloc"); + w->iovecs = emalloc(w->allociovecs * sizeof(*w->iovecs)); w->fd = fd; } @@ -179,10 +171,8 @@ write_state_add (struct write_state *w, void *v, size_t len) w->niovecs = 0; } else { w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs); - w->iovecs = realloc (w->iovecs, - w->allociovecs * sizeof(*w->iovecs)); - if (w->iovecs == NULL) - errx (1, "realloc"); + w->iovecs = erealloc (w->iovecs, + w->allociovecs * sizeof(*w->iovecs)); } } w->iovecs[w->niovecs].iov_base = v; @@ -218,7 +208,7 @@ doit(int s, { int ret; char out_buf[PUSH_BUFSIZ]; - size_t out_len = 0; + int out_len = 0; char in_buf[PUSH_BUFSIZ + 1]; /* sentinel */ size_t in_len = 0; char *in_ptr = in_buf; @@ -231,11 +221,32 @@ doit(int s, size_t from_line_length; time_t now; struct write_state write_state; + int numheaders = 1; + char **headers = NULL; + int i; + char *tmp = NULL; if (do_from) { + char *tmp2; + + tmp2 = tmp = estrdup(header_str); + out_fd = -1; if (verbose) fprintf (stderr, "%s@%s\n", user, host); + while (*tmp != '\0') { + tmp = strchr(tmp, ','); + if (tmp == NULL) + break; + tmp++; + numheaders++; + } + + headers = emalloc(sizeof(char *) * (numheaders + 1)); + for (i = 0; i < numheaders; i++) { + headers[i] = strtok_r(tmp2, ",", &tmp2); + } + headers[numheaders] = NULL; } else { out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666); if (out_fd < 0) @@ -251,6 +262,8 @@ doit(int s, out_len = snprintf (out_buf, sizeof(out_buf), "USER %s\r\nPASS hej\r\nSTAT\r\n", user); + if (out_len < 0) + errx (1, "snprintf failed"); if (net_write (s, out_buf, out_len) != out_len) err (1, "write"); if (verbose > 1) @@ -264,6 +277,8 @@ doit(int s, FD_ZERO(&readset); FD_ZERO(&writeset); + if (s >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET(s,&readset); if (((state == STAT || state == RETR || state == TOP) && asked_for < count) @@ -300,12 +315,17 @@ doit(int s, if (state == TOP) { char *copy = beg; - if (strncasecmp(copy, - header_str, - min(p - copy + 1, strlen(header_str))) == 0) { - fprintf (stdout, "%.*s\n", (int)(p - copy), copy); + for (i = 0; i < numheaders; i++) { + size_t len; + + len = min(p - copy + 1, strlen(headers[i])); + if (strncasecmp(copy, headers[i], len) == 0) { + fprintf (stdout, "%.*s\n", (int)(p - copy), copy); + } } if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') { + if (numheaders > 1) + fprintf (stdout, "\n"); state = STAT; if (++retrieved == count) { state = QUIT; @@ -446,6 +466,8 @@ doit(int s, else if(state == DELE) out_len = snprintf (out_buf, sizeof(out_buf), "DELE %u\r\n", ++asked_deleted); + if (out_len < 0) + errx (1, "snprintf failed"); if (net_write (s, out_buf, out_len) != out_len) err (1, "write"); if (verbose > 1) @@ -454,8 +476,12 @@ doit(int s, } if (verbose) fprintf (stderr, "Done\n"); - if (!do_from) + if (do_from) { + free (tmp); + free (headers); + } else { write_state_destroy (&write_state); + } return 0; } @@ -576,12 +602,8 @@ hesiod_get_pobox (const char **user) if (strcasecmp(hpo->hesiod_po_type, "pop") != 0) errx (1, "Unsupported po type %s", hpo->hesiod_po_type); - ret = strdup(hpo->hesiod_po_host); - if(ret == NULL) - errx (1, "strdup: out of memory"); - *user = strdup(hpo->hesiod_po_name); - if (*user == NULL) - errx (1, "strdup: out of memory"); + ret = estrdup(hpo->hesiod_po_host); + *user = estrdup(hpo->hesiod_po_name); hesiod_free_postoffice (context, hpo); } hesiod_end (context); @@ -603,12 +625,8 @@ hesiod_get_pobox (const char **user) if (strcasecmp(hpo->po_type, "pop") != 0) errx (1, "Unsupported po type %s", hpo->po_type); - ret = strdup(hpo->po_host); - if(ret == NULL) - errx (1, "strdup: out of memory"); - *user = strdup(hpo->po_name); - if (*user == NULL) - errx (1, "strdup: out of memory"); + ret = estrdup(hpo->po_host); + *user = estrdup(hpo->po_name); } return ret; } @@ -648,9 +666,7 @@ parse_pobox (char *a0, const char **host, const char **user) if (pwd == NULL) errx (1, "Who are you?"); - *user = strdup (pwd->pw_name); - if (*user == NULL) - errx (1, "strdup: out of memory"); + *user = estrdup (pwd->pw_name); } *host = get_pobox (user); return; @@ -703,7 +719,13 @@ main(int argc, char **argv) char *pobox = NULL; #ifdef KRB5 - krb5_init_context (&context); + { + krb5_error_code ret; + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + } #endif if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, @@ -765,14 +787,15 @@ main(int argc, char **argv) port = htons(port); } } - if (port == 0) + if (port == 0) { #ifdef KRB5 port = krb5_getportbyname (context, "kpop", "tcp", 1109); #elif defined(KRB4) - port = k_getportbyname ("kpop", "tcp", 1109); + port = k_getportbyname ("kpop", "tcp", htons(1109)); #else #error must define KRB4 or KRB5 #endif + } parse_pobox (pobox, &host, &user); diff --git a/kerberosIV/src/appl/sample/sample_client.c b/kerberosIV/src/appl/sample/sample_client.c index 3fe94eb5985..27a0dc70f28 100644 --- a/kerberosIV/src/appl/sample/sample_client.c +++ b/kerberosIV/src/appl/sample/sample_client.c @@ -23,13 +23,13 @@ #include "sample.h" -RCSID("$KTH: sample_client.c,v 1.21 1999/11/13 06:27:01 assar Exp $"); +RCSID("$KTH: sample_client.c,v 1.23 2001/09/17 04:59:13 assar Exp $"); static void usage (void) { fprintf (stderr, "Usage: %s [-s service] [-p port] hostname checksum\n", - __progname); + getprogname()); exit (1); } @@ -40,7 +40,7 @@ main(int argc, char **argv) struct sockaddr_in sin, lsin; char *remote_host; int status; - int namelen; + socklen_t namelen; int sock = -1; KTEXT_ST ticket; char buf[512]; diff --git a/kerberosIV/src/appl/sample/sample_server.c b/kerberosIV/src/appl/sample/sample_server.c index 4a35f5ef2a5..74ac9ef4d15 100644 --- a/kerberosIV/src/appl/sample/sample_server.c +++ b/kerberosIV/src/appl/sample/sample_server.c @@ -18,13 +18,13 @@ #include "sample.h" -RCSID("$KTH: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $"); +RCSID("$KTH: sample_server.c,v 1.17 2001/09/17 04:42:50 assar Exp $"); static void usage (void) { fprintf (stderr, "Usage: %s [-i] [-s service] [-t srvtab]\n", - __progname); + getprogname()); exit (1); } @@ -32,7 +32,7 @@ int main(int argc, char **argv) { struct sockaddr_in peername, myname; - int namelen = sizeof(peername); + socklen_t namelen = sizeof(peername); int status, count, len; long authopts; AUTH_DAT auth_data; diff --git a/kerberosIV/src/appl/sample/simple_client.c b/kerberosIV/src/appl/sample/simple_client.c index 498734d95ae..0e3cf71423c 100644 --- a/kerberosIV/src/appl/sample/simple_client.c +++ b/kerberosIV/src/appl/sample/simple_client.c @@ -10,7 +10,7 @@ */ #include "sample.h" -RCSID("$KTH: simple_client.c,v 1.15 1999/11/13 06:29:01 assar Exp $"); +RCSID("$KTH: simple_client.c,v 1.18 2001/09/17 05:00:26 assar Exp $"); #define MSG "hi, Jennifer!" /* message text */ @@ -33,6 +33,7 @@ talkto(char *hostname, char *service, int port) /* for krb_mk_safe/priv */ struct sockaddr_in c_sock; /* client address */ + socklen_t c_sock_len; CREDENTIALS c; /* ticket & session key */ CREDENTIALS *cred = &c; @@ -52,7 +53,7 @@ talkto(char *hostname, char *service, int port) if (port) s_sock.sin_port = port; else - s_sock.sin_port = k_getportbyname (service, "tcp", htons(SAMPLE_PORT)); + s_sock.sin_port = k_getportbyname (service, "udp", htons(SAMPLE_PORT)); if (gethostname(myhostname, sizeof(myhostname)) < 0) { warn("gethostname"); @@ -111,8 +112,8 @@ talkto(char *hostname, char *service, int port) /* Get my address */ memset(&c_sock, 0, sizeof(c_sock)); - i = sizeof(c_sock); - if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) { + c_sock_len = sizeof(c_sock); + if (getsockname(sock, (struct sockaddr *)&c_sock, &c_sock_len) < 0) { warn("getsockname"); return 1; } @@ -159,7 +160,7 @@ static void usage (void) { fprintf (stderr, "Usage: %s [-s service] [-p port] hostname\n", - __progname); + getprogname()); exit (1); } @@ -180,7 +181,7 @@ main(int argc, char **argv) strlcpy (service, optarg, sizeof(service)); break; case 'p' : - serv = getservbyname (optarg, "tcp"); + serv = getservbyname (optarg, "udp"); if (serv) port = serv->s_port; else diff --git a/kerberosIV/src/appl/sample/simple_server.c b/kerberosIV/src/appl/sample/simple_server.c index 320363133f6..4a62267afe2 100644 --- a/kerberosIV/src/appl/sample/simple_server.c +++ b/kerberosIV/src/appl/sample/simple_server.c @@ -11,13 +11,13 @@ #include "sample.h" -RCSID("$KTH: simple_server.c,v 1.11 1999/11/13 06:29:24 assar Exp $"); +RCSID("$KTH: simple_server.c,v 1.13 2001/09/17 05:01:30 assar Exp $"); static void usage (void) { fprintf (stderr, "Usage: %s [-p port] [-s service] [-t srvtab]\n", - __progname); + getprogname()); exit (1); } @@ -32,7 +32,7 @@ main(int argc, char **argv) int c; int sock; int i; - int len; + socklen_t len; KTEXT_ST k; KTEXT ktxt = &k; AUTH_DAT ad; diff --git a/kerberosIV/src/appl/telnet/libtelnet/kerberos.c b/kerberosIV/src/appl/telnet/libtelnet/kerberos.c index 00ca951ecd3..79887109802 100644 --- a/kerberosIV/src/appl/telnet/libtelnet/kerberos.c +++ b/kerberosIV/src/appl/telnet/libtelnet/kerberos.c @@ -55,7 +55,7 @@ #include <config.h> #endif -RCSID("$KTH: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $"); +RCSID("$KTH: kerberos.c,v 1.54 2001/08/22 20:30:22 assar Exp $"); #ifdef KRB4 #ifdef HAVE_SYS_TYPES_H @@ -65,7 +65,6 @@ RCSID("$KTH: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $"); #include <arpa/telnet.h> #endif #include <stdio.h> -#include <des.h> /* BSD wont include this in krb.h, so we do it here */ #include <krb.h> #include <pwd.h> #include <stdlib.h> @@ -170,7 +169,6 @@ kerberos4_send(char *name, Authenticator *ap) CREDENTIALS cred; int r; - printf("[ Trying %s ... ]\r\n", name); if (!UserNameRequested) { if (auth_debug_mode) { printf("Kerberos V4: no user name supplied\r\n"); @@ -190,6 +188,8 @@ kerberos4_send(char *name, Authenticator *ap) printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); return(0); } + printf("[ Trying %s (%s.%s@%s) ... ]\r\n", name, + KRB_SERVICE_NAME, instance, realm); r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L); if (r) { printf("mk_req failed: %s\r\n", krb_get_err_text(r)); @@ -200,7 +200,8 @@ kerberos4_send(char *name, Authenticator *ap) printf("get_cred failed: %s\r\n", krb_get_err_text(r)); return(0); } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + if (!auth_sendname((unsigned char*)UserNameRequested, + strlen(UserNameRequested))) { if (auth_debug_mode) printf("Not enough room for user name\r\n"); return(0); @@ -219,7 +220,9 @@ kerberos4_send(char *name, Authenticator *ap) des_key_sched(&cred.session, sched); memcpy (&cred_session, &cred.session, sizeof(cred_session)); +#ifndef HAVE_OPENSSL des_init_random_number_generator(&cred.session); +#endif des_new_random_key(&session_key); des_ecb_encrypt(&session_key, &session_key, sched, 0); des_ecb_encrypt(&session_key, &challenge, sched, 0); @@ -272,7 +275,7 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) char realm[REALM_SZ]; char instance[INST_SZ]; int r; - int addr_len; + socklen_t addr_len; if (cnt-- < 1) return; @@ -331,8 +334,7 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) "%s%u", TKT_ROOT, (unsigned)pw->pw_uid); - if(setenv("KRBTKFILE", ts, 1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv("KRBTKFILE", ts, 1); if (pw->pw_uid == 0) syslog(LOG_INFO|LOG_AUTH, @@ -358,6 +360,8 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) Data(ap, KRB_REJECT, (void *)msg, -1); free(msg); } + auth_finished(ap, AUTH_REJECT); + break; } auth_finished(ap, AUTH_USER); break; @@ -570,11 +574,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) goto common2; default: - snprintf(buf, buflen, " %d (unknown)", data[3]); + snprintf((char*)buf, buflen, " %d (unknown)", data[3]); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - snprintf(buf, buflen, " %d", data[i]); + snprintf((char*)buf, buflen, " %d", data[i]); BUMP(buf, buflen); } break; @@ -646,7 +650,7 @@ pack_cred(CREDENTIALS *cred, unsigned char *buf) static int unpack_cred(unsigned char *buf, int len, CREDENTIALS *cred) { - unsigned char *p = buf; + char *p = (char*)buf; u_int32_t tmp; strncpy (cred->service, p, ANAME_SZ); diff --git a/kerberosIV/src/appl/telnet/telnet/commands.c b/kerberosIV/src/appl/telnet/telnet/commands.c index 848f06b31e7..d89b2c3f219 100644 --- a/kerberosIV/src/appl/telnet/telnet/commands.c +++ b/kerberosIV/src/appl/telnet/telnet/commands.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$KTH: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $"); +RCSID("$KTH: commands.c,v 1.67 2001/08/29 00:45:20 assar Exp $"); #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -350,11 +350,12 @@ send_wontcmd(char *name) return(send_tncmd(send_wont, "wont", name)); } +extern char *telopts[]; /* XXX */ + static int send_tncmd(void (*func)(), char *cmd, char *name) { char **cpp; - extern char *telopts[]; int val = 0; if (isprefix(name, "help") || isprefix(name, "?")) { @@ -988,7 +989,6 @@ unsetcmd(int argc, char *argv[]) * 'mode' command. */ #ifdef KLUDGELINEMODE -extern int kludgelinemode; static int dokludgemode(void) @@ -1030,7 +1030,6 @@ static int dolmmode(int bit, int on) { unsigned char c; - extern int linemode; if (my_want_state_is_wont(TELOPT_LINEMODE)) { printf("?Need to have LINEMODE option enabled first.\r\n"); @@ -1328,8 +1327,6 @@ shell(int argc, char **argv) static int bye(int argc, char **argv) { - extern int resettermname; - if (connected) { shutdown(net, 2); printf("Connection closed.\r\n"); @@ -1551,7 +1548,6 @@ env_find(unsigned char *var) void env_init(void) { - extern char **environ; char **epp, *cp; struct env_lst *ep; @@ -1569,7 +1565,7 @@ env_init(void) * "unix:0.0", we have to get rid of "unix" and insert our * hostname. */ - if ((ep = env_find("DISPLAY")) + if ((ep = env_find((unsigned char*)"DISPLAY")) && (*ep->value == ':' || strncmp((char *)ep->value, "unix:", 5) == 0)) { char hbuf[256+1]; @@ -1581,9 +1577,23 @@ env_init(void) /* If this is not the full name, try to get it via DNS */ if (strchr(hbuf, '.') == 0) { - struct hostent *he = roken_gethostbyname(hbuf); - if (he != NULL) - strlcpy(hbuf, he->h_name, 256); + struct addrinfo hints, *ai, *a; + int error; + + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + + error = getaddrinfo (hbuf, NULL, &hints, &ai); + if (error == 0) { + for (a = ai; a != NULL; a = a->ai_next) + if (a->ai_canonname != NULL) { + strlcpy (hbuf, + ai->ai_canonname, + 256); + break; + } + freeaddrinfo (ai); + } } asprintf (&cp, "%s%s", hbuf, cp2); @@ -1595,7 +1605,8 @@ env_init(void) * USER with the value from LOGNAME. By default, we * don't export the USER variable. */ - if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) { + if ((env_find((unsigned char*)"USER") == NULL) && + (ep = env_find((unsigned char*)"LOGNAME"))) { env_define((unsigned char *)"USER", ep->value); env_unexport((unsigned char *)"USER"); } @@ -1958,7 +1969,7 @@ status(int argc, char **argv) /* * Function that gets called when SIGINFO is received. */ -void +RETSIGTYPE ayt_status(int ignore) { call(status, "status", "notmuch", 0); @@ -2048,30 +2059,15 @@ cmdrc(char *m1, char *m2) int tn(int argc, char **argv) { - struct hostent *host = 0; -#ifdef HAVE_IPV6 - struct sockaddr_in6 sin6; -#endif - struct sockaddr_in sin; - struct sockaddr *sa = NULL; - int sa_size = 0; struct servent *sp = 0; - unsigned long temp; - extern char *inet_ntoa(); -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) - char *srp = 0; - int srlen; -#endif char *cmd, *hostp = 0, *portp = 0; char *user = 0; - int family, port = 0; - char **addr_list; + int port = 0; /* clear the socket address prior to use */ if (connected) { printf("?Already connected to %s\r\n", hostname); - setuid(getuid()); return 0; } if (argc < 2) { @@ -2112,99 +2108,28 @@ tn(int argc, char **argv) } usage: printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd); - setuid(getuid()); return 0; } if (hostp == 0) goto usage; -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + strlcpy (_hostname, hostp, sizeof(_hostname)); + hostp = _hostname; if (hostp[0] == '@' || hostp[0] == '!') { - if ((hostname = strrchr(hostp, ':')) == NULL) - hostname = strrchr(hostp, '@'); - hostname++; - srp = 0; - temp = sourceroute(hostp, &srp, &srlen); - if (temp == 0) { - fprintf (stderr, "%s: %s\r\n", srp ? srp : "", hstrerror(h_errno)); - setuid(getuid()); - return 0; - } else if (temp == -1) { - printf("Bad source route option: %s\r\n", hostp); - setuid(getuid()); + char *p; + hostname = NULL; + for (p = hostp + 1; *p; p++) { + if (*p == ',' || *p == '@') + hostname = p; + } + if (hostname == NULL) { + fprintf(stderr, "%s: bad source route specification\n", hostp); return 0; - } else { - abort(); } - } else { -#endif - memset (&sin, 0, sizeof(sin)); -#ifdef HAVE_IPV6 - memset (&sin6, 0, sizeof(sin6)); - - if(inet_pton(AF_INET6, hostp, &sin6.sin6_addr)) { - sin6.sin6_family = family = AF_INET6; - sa = (struct sockaddr *)&sin6; - sa_size = sizeof(sin6); - strlcpy(_hostname, hostp, sizeof(_hostname)); - hostname =_hostname; - } else -#endif - if(inet_aton(hostp, &sin.sin_addr)){ - sin.sin_family = family = AF_INET; - sa = (struct sockaddr *)&sin; - sa_size = sizeof(sin); - strlcpy(_hostname, hostp, sizeof(_hostname)); - hostname = _hostname; - } else { -#ifdef HAVE_GETHOSTBYNAME2 -#ifdef HAVE_IPV6 - host = gethostbyname2(hostp, AF_INET6); - if(host == NULL) -#endif - host = gethostbyname2(hostp, AF_INET); -#else - host = roken_gethostbyname(hostp); -#endif - if (host) { - strlcpy(_hostname, host->h_name, sizeof(_hostname)); - family = host->h_addrtype; - addr_list = host->h_addr_list; - - switch(family) { - case AF_INET: - memset(&sin, 0, sizeof(sin)); - sa_size = sizeof(sin); - sa = (struct sockaddr *)&sin; - sin.sin_family = family; - sin.sin_addr = *((struct in_addr *)(*addr_list)); - break; -#ifdef HAVE_IPV6 - case AF_INET6: - memset(&sin6, 0, sizeof(sin6)); - sa_size = sizeof(sin6); - sa = (struct sockaddr *)&sin6; - sin6.sin6_family = family; - sin6.sin6_addr = *((struct in6_addr *)(*addr_list)); - break; -#endif - default: - fprintf(stderr, "Bad address family: %d\n", family); - return 0; - } + *hostname++ = '\0'; + } else + hostname = hostp; - _hostname[sizeof(_hostname)-1] = '\0'; - hostname = _hostname; - } else { - fprintf (stderr, "%s: %s\r\n", hostp ? hostp : "", - hstrerror(h_errno)); - setuid(getuid()); - return 0; - } - } -#if defined(IP_OPTIONS) && defined(IPPROTO_IP) - } -#endif if (portp) { if (*portp == '-') { portp++; @@ -2218,7 +2143,6 @@ tn(int argc, char **argv) port = sp->s_port; else { printf("%s: bad port number\r\n", portp); - setuid(getuid()); return 0; } } else { @@ -2229,112 +2153,106 @@ tn(int argc, char **argv) sp = roken_getservbyname("telnet", "tcp"); if (sp == 0) { fprintf(stderr, "telnet: tcp/telnet: unknown service\r\n"); - setuid(getuid()); return 0; } port = sp->s_port; } telnetport = 1; } - do { - switch(family) { - case AF_INET: - sin.sin_port = port; - printf("Trying %s...\r\n", inet_ntoa(sin.sin_addr)); - break; -#ifdef HAVE_IPV6 - case AF_INET6: { -#ifndef INET6_ADDRSTRLEN -#define INET6_ADDRSTRLEN 46 -#endif - char buf[INET6_ADDRSTRLEN]; + { + struct addrinfo *ai, *a, hints; + int error; + char portstr[NI_MAXSERV]; - sin6.sin6_port = port; -#ifdef HAVE_INET_NTOP - printf("Trying %s...\r\n", inet_ntop(AF_INET6, - &sin6.sin6_addr, - buf, - sizeof(buf))); -#endif - break; - } -#endif - default: - abort(); - } + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + hints.ai_flags = AI_CANONNAME; + snprintf (portstr, sizeof(portstr), "%u", ntohs(port)); - net = socket(family, SOCK_STREAM, 0); - setuid(getuid()); - if (net < 0) { - perror("telnet: socket"); + error = getaddrinfo (hostname, portstr, &hints, &ai); + if (error) { + fprintf (stderr, "%s: %s\r\n", hostname, gai_strerror (error)); return 0; } + + for (a = ai; a != NULL && connected == 0; a = a->ai_next) { + char addrstr[256]; + + if (a->ai_canonname != NULL) + strlcpy (_hostname, a->ai_canonname, sizeof(_hostname)); + + if (getnameinfo (a->ai_addr, a->ai_addrlen, + addrstr, sizeof(addrstr), + NULL, 0, NI_NUMERICHOST) != 0) + strlcpy (addrstr, "unknown address", sizeof(addrstr)); + + printf("Trying %s...\r\n", addrstr); + + net = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (net < 0) { + warn ("socket"); + continue; + } + #if defined(IP_OPTIONS) && defined(IPPROTO_IP) && defined(HAVE_SETSOCKOPT) - if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (void *)srp, - srlen) < 0) - perror("setsockopt (IP_OPTIONS)"); + if (hostp[0] == '@' || hostp[0] == '!') { + char *srp = 0; + int srlen; + int proto, opt; + + if ((srlen = sourceroute(a, hostp, &srp, &proto, &opt)) < 0) { + (void) NetClose(net); + net = -1; + continue; + } + if (srp && setsockopt(net, proto, opt, srp, srlen) < 0) + perror("setsockopt (source route)"); + } #endif + #if defined(IPPROTO_IP) && defined(IP_TOS) - { + if (a->ai_family == AF_INET) { # if defined(HAVE_GETTOSBYNAME) - struct tosent *tp; - if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) - tos = tp->t_tos; + struct tosent *tp; + if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) + tos = tp->t_tos; # endif - if (tos < 0) - tos = 020; /* Low Delay bit */ - if (tos - && (setsockopt(net, IPPROTO_IP, IP_TOS, - (void *)&tos, sizeof(int)) < 0) - && (errno != ENOPROTOOPT)) + if (tos < 0) + tos = 020; /* Low Delay bit */ + if (tos + && (setsockopt(net, IPPROTO_IP, IP_TOS, + (void *)&tos, sizeof(int)) < 0) + && (errno != ENOPROTOOPT)) perror("telnet: setsockopt (IP_TOS) (ignored)"); - } + } #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ - - if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { + if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { perror("setsockopt (SO_DEBUG)"); - } - - if (connect(net, sa, sa_size) < 0) { - if (host && addr_list[1]) { - int oerrno = errno; + } - switch(family) { - case AF_INET : - fprintf(stderr, "telnet: connect to address %s: ", - inet_ntoa(sin.sin_addr)); - sin.sin_addr = *((struct in_addr *)(*++addr_list)); - break; -#ifdef HAVE_IPV6 - case AF_INET6: { - char buf[INET6_ADDRSTRLEN]; - - fprintf(stderr, "telnet: connect to address %s: ", - inet_ntop(AF_INET6, &sin6.sin6_addr, buf, - sizeof(buf))); - sin6.sin6_addr = *((struct in6_addr *)(*++addr_list)); - break; - } -#endif - default: - abort(); - } - - errno = oerrno; - perror(NULL); + if (connect (net, a->ai_addr, a->ai_addrlen) < 0) { + fprintf (stderr, "telnet: connect to address %s: %s\n", + addrstr, strerror(errno)); NetClose(net); - continue; + if (a->ai_next != NULL) { + continue; + } else { + freeaddrinfo (ai); + return 0; + } } - perror("telnet: Unable to connect to remote host"); - return 0; - } - connected++; + ++connected; #if defined(AUTHENTICATION) || defined(ENCRYPTION) - auth_encrypt_connect(connected); + auth_encrypt_connect(connected); #endif - } while (connected == 0); + } + freeaddrinfo (ai); + if (connected == 0) + return 0; + } cmdrc(hostp, hostname); if (autologin && user == NULL) user = (char *)get_default_username (); @@ -2550,10 +2468,11 @@ help(int argc, char **argv) /* * Source route is handed in as - * [!]@hop1@hop2...[@|:]dst - * If the leading ! is present, it is a - * strict source route, otherwise it is - * assmed to be a loose source route. + * [!]@hop1@hop2...@dst + * + * If the leading ! is present, it is a strict source route, otherwise it is + * assmed to be a loose source route. Note that leading ! is effective + * only for IPv4 case. * * We fill in the source route option as * hop1,hop2,hop3...dest @@ -2561,133 +2480,202 @@ help(int argc, char **argv) * be the address to connect() to. * * Arguments: - * arg: pointer to route list to decipher + * ai: The address (by struct addrinfo) for the final destination. * - * cpp: If *cpp is not equal to NULL, this is a - * pointer to a pointer to a character array - * that should be filled in with the option. + * arg: Pointer to route list to decipher * + * cpp: Pointer to a pointer, so that sourceroute() can return + * the address of result buffer (statically alloc'ed). + * + * protop/optp: + * Pointer to an integer. The pointed variable * lenp: pointer to an integer that contains the * length of *cpp if *cpp != NULL. * * Return values: * - * Returns the address of the host to connect to. If the + * Returns the length of the option pointed to by *cpp. If the * return value is -1, there was a syntax error in the - * option, either unknown characters, or too many hosts. - * If the return value is 0, one of the hostnames in the - * path is unknown, and *cpp is set to point to the bad - * hostname. + * option, either arg contained unknown characters or too many hosts, + * or hostname cannot be resolved. + * + * The caller needs to pass return value (len), *cpp, *protop and *optp + * to setsockopt(2). * - * *cpp: If *cpp was equal to NULL, it will be filled - * in with a pointer to our static area that has - * the option filled in. This will be 32bit aligned. + * *cpp: Points to the result buffer. The region is statically + * allocated by the function. * - * *lenp: This will be filled in with how long the option - * pointed to by *cpp is. + * *protop: + * protocol # to be passed to setsockopt(2). + * + * *optp: option # to be passed to setsockopt(2). * */ -unsigned long -sourceroute(char *arg, char **cpp, int *lenp) +int +sourceroute(struct addrinfo *ai, + char *arg, + char **cpp, + int *protop, + int *optp) { - static char lsr[44]; char *cp, *cp2, *lsrp, *lsrep; - int tmp; - struct in_addr sin_addr; - struct hostent *host = 0; - char c; + struct addrinfo hints, *res; + int len, error; + struct sockaddr_in *sin; + register char c; + static char lsr[44]; +#ifdef INET6 + struct cmsghdr *cmsg; + struct sockaddr_in6 *sin6; + static char rhbuf[1024]; +#endif /* - * Verify the arguments, and make sure we have - * at least 7 bytes for the option. - */ - if (cpp == NULL || lenp == NULL) - return((unsigned long)-1); - if (*cpp != NULL && *lenp < 7) - return((unsigned long)-1); - /* - * Decide whether we have a buffer passed to us, - * or if we need to use our own static buffer. + * Verify the arguments. */ - if (*cpp) { - lsrp = *cpp; - lsrep = lsrp + *lenp; - } else { - *cpp = lsrp = lsr; - lsrep = lsrp + 44; - } + if (cpp == NULL) + return -1; cp = arg; - /* - * Next, decide whether we have a loose source - * route or a strict source route, and fill in - * the begining of the option. - */ - if (*cp == '!') { - cp++; - *lsrp++ = IPOPT_SSRR; - } else - *lsrp++ = IPOPT_LSRR; - - if (*cp != '@') - return((unsigned long)-1); - - lsrp++; /* skip over length, we'll fill it in later */ - *lsrp++ = 4; + *cpp = NULL; + switch (ai->ai_family) { + case AF_INET: + lsrp = lsr; + lsrep = lsrp + sizeof(lsr); - cp++; + /* + * Next, decide whether we have a loose source + * route or a strict source route, and fill in + * the begining of the option. + */ + if (*cp == '!') { + cp++; + *lsrp++ = IPOPT_SSRR; + } else + *lsrp++ = IPOPT_LSRR; + if (*cp != '@') + return -1; + lsrp++; /* skip over length, we'll fill it in later */ + *lsrp++ = 4; + cp++; + *protop = IPPROTO_IP; + *optp = IP_OPTIONS; + break; +#ifdef INET6 + case AF_INET6: +/* this needs to be updated for rfc2292bis */ +#ifdef IPV6_PKTOPTIONS + cmsg = inet6_rthdr_init(rhbuf, IPV6_RTHDR_TYPE_0); + if (*cp != '@') + return -1; + cp++; + *protop = IPPROTO_IPV6; + *optp = IPV6_PKTOPTIONS; + break; +#else + return -1; +#endif +#endif + default: + return -1; + } - sin_addr.s_addr = 0; + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = SOCK_STREAM; for (c = 0;;) { if (c == ':') cp2 = 0; - else for (cp2 = cp; (c = *cp2); cp2++) { + else for (cp2 = cp; (c = *cp2) != '\0'; cp2++) { if (c == ',') { *cp2++ = '\0'; if (*cp2 == '@') cp2++; } else if (c == '@') { *cp2++ = '\0'; - } else if (c == ':') { + } +#if 0 /*colon conflicts with IPv6 address*/ + else if (c == ':') { *cp2++ = '\0'; - } else + } +#endif + else continue; break; } if (!c) cp2 = 0; - if ((tmp = inet_addr(cp)) != -1) { - sin_addr.s_addr = tmp; - } else if ((host = roken_gethostbyname(cp))) { - memmove(&sin_addr, - host->h_addr_list[0], - sizeof(sin_addr)); - } else { - *cpp = cp; - return(0); + error = getaddrinfo(cp, NULL, &hints, &res); + if (error) { + fprintf(stderr, "%s: %s\n", cp, gai_strerror(error)); + return -1; + } + if (ai->ai_family != res->ai_family) { + freeaddrinfo(res); + return -1; } - memmove(lsrp, &sin_addr, 4); - lsrp += 4; + if (ai->ai_family == AF_INET) { + /* + * Check to make sure there is space for address + */ + if (lsrp + 4 > lsrep) { + freeaddrinfo(res); + return -1; + } + sin = (struct sockaddr_in *)res->ai_addr; + memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr)); + lsrp += sizeof(struct in_addr); + } +#ifdef INET6 + else if (ai->ai_family == AF_INET6) { + sin6 = (struct sockaddr_in6 *)res->ai_addr; + inet6_rthdr_add(cmsg, &sin6->sin6_addr, + IPV6_RTHDR_LOOSE); + } +#endif + else { + freeaddrinfo(res); + return -1; + } + freeaddrinfo(res); if (cp2) cp = cp2; else break; - /* - * Check to make sure there is space for next address - */ + } + if (ai->ai_family == AF_INET) { + /* record the last hop */ if (lsrp + 4 > lsrep) - return((unsigned long)-1); + return -1; + sin = (struct sockaddr_in *)ai->ai_addr; + memcpy(lsrp, &sin->sin_addr, sizeof(struct in_addr)); + lsrp += sizeof(struct in_addr); +#ifndef sysV88 + lsr[IPOPT_OLEN] = lsrp - lsr; + if (lsr[IPOPT_OLEN] <= 7 || lsr[IPOPT_OLEN] > 40) + return -1; + *lsrp++ = IPOPT_NOP; /*32bit word align*/ + len = lsrp - lsr; + *cpp = lsr; +#else + ipopt.io_len = lsrp - lsr; + if (ipopt.io_len <= 5) /*is 3 better?*/ + return -1; + *cpp = (char 8)&ipopt; +#endif } - if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) { - *cpp = 0; - *lenp = 0; - return((unsigned long)-1); +#ifdef INET6 + else if (ai->ai_family == AF_INET6) { + inet6_rthdr_lasthop(cmsg, IPV6_RTHDR_LOOSE); + len = cmsg->cmsg_len; + *cpp = rhbuf; } - *lsrp++ = IPOPT_NOP; /* 32 bit word align it */ - *lenp = lsrp - *cpp; - return(sin_addr.s_addr); +#endif + else + return -1; + return len; } #endif diff --git a/kerberosIV/src/appl/telnet/telnet/externs.h b/kerberosIV/src/appl/telnet/telnet/externs.h index 8837493fe53..3a6ad44a6e0 100644 --- a/kerberosIV/src/appl/telnet/telnet/externs.h +++ b/kerberosIV/src/appl/telnet/telnet/externs.h @@ -33,7 +33,7 @@ * @(#)externs.h 8.3 (Berkeley) 5/30/95 */ -/* $KTH: externs.h,v 1.18 1998/07/09 23:16:36 assar Exp $ */ +/* $KTH: externs.h,v 1.23.2.1 2002/02/06 03:40:42 assar Exp $ */ #ifndef BSD # define BSD 43 @@ -66,6 +66,7 @@ extern int localchars, /* we recognize interrupt/quit */ donelclchars, /* the user has set "localchars" */ showoptions, + wantencryption, /* User has requested encryption */ net, /* Network file descriptor */ tin, /* Terminal input file descriptor */ tout, /* Terminal output file descriptor */ @@ -81,6 +82,8 @@ extern int termdata, /* Print out terminal data flow */ debug; /* Debug level */ +extern int intr_happened, intr_waiting; /* for interrupt handling */ + extern cc_t escape; /* Escape to command mode */ extern cc_t rlogin; /* Rlogin mode escape character */ #ifdef KLUDGELINEMODE @@ -95,6 +98,8 @@ extern char dont[], will[], wont[], + do_dont_resp[], + will_wont_resp[], options[], /* All the little options */ *hostname; /* Who are we connected to? */ #if defined(ENCRYPTION) @@ -182,7 +187,7 @@ extern jmp_buf int telnet_net_write(unsigned char *str, int len); void net_encrypt(void); int telnet_spin(void); -char *telnet_getenv(char *val); +char *telnet_getenv(const char *val); char *telnet_gets(char *prompt, char *result, int length, int echo); #endif @@ -200,7 +205,8 @@ unsigned char * env_default(int init, int welldefined); unsigned char * env_getvalue(unsigned char *var); void set_escape_char(char *s); -unsigned long sourceroute(char *arg, char **cpp, int *lenp); +int sourceroute(struct addrinfo *ai, char *arg, char **cpp, + int *prototp, int *optp); #if defined(AUTHENTICATION) int auth_enable (char *); @@ -222,7 +228,7 @@ int EncryptStatus (void); #endif #ifdef SIGINFO -void ayt_status(int); +RETSIGTYPE ayt_status(int); #endif int tn(int argc, char **argv); void command(int top, char *tbuf, int cnt); @@ -427,3 +433,9 @@ extern Ring ttyoring, ttyiring; +extern int resettermname; +extern int linemode; +#ifdef KLUDGELINEMODE +extern int kludgelinemode; +#endif +extern int want_status_response; diff --git a/kerberosIV/src/appl/telnet/telnet/telnet.c b/kerberosIV/src/appl/telnet/telnet/telnet.c index 77bbf8cc560..03b92779198 100644 --- a/kerberosIV/src/appl/telnet/telnet/telnet.c +++ b/kerberosIV/src/appl/telnet/telnet/telnet.c @@ -36,7 +36,7 @@ #include <termcap.h> #endif -RCSID("$KTH: telnet.c,v 1.25 1999/03/11 13:49:34 joda Exp $"); +RCSID("$KTH: telnet.c,v 1.30.2.3 2002/02/07 17:34:51 joda Exp $"); #define strip(x) (eight ? (x) : ((x) & 0x7f)) @@ -70,6 +70,7 @@ int netdata, /* Print out network data flow */ crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */ telnetport, + wantencryption = 0, SYNCHing, /* we are in TELNET SYNCH mode */ flushout, /* flush output */ autoflush = 0, /* flush output when interrupting? */ @@ -84,6 +85,8 @@ int char *prompt = 0; +int scheduler_lockout_tty = 0; + cc_t escape; cc_t rlogin; #ifdef KLUDGELINEMODE @@ -579,7 +582,7 @@ mklist(char *buf, char *name) #define ISASCII(c) (!((c)&0x80)) if ((c == ' ') || !ISASCII(c)) n = 1; - else if (islower(c)) + else if (islower((unsigned char)c)) *cp = toupper(c); } @@ -637,15 +640,21 @@ static char termbuf[1024]; static int telnet_setupterm(const char *tname, int fd, int *errp) { - if (tgetent(termbuf, tname) == 1) { - termbuf[1023] = '\0'; - if (errp) - *errp = 1; - return(0); - } +#ifdef HAVE_TGETENT + if (tgetent(termbuf, tname) == 1) { + termbuf[1023] = '\0'; if (errp) - *errp = 0; - return(-1); + *errp = 1; + return(0); + } + if (errp) + *errp = 0; + return(-1); +#else + strlcpy(termbuf, tname, sizeof(termbuf)); + if(errp) *errp = 1; + return 0; +#endif } int resettermname = 1; @@ -1414,9 +1423,15 @@ unsigned char *opt_replyend; void env_opt_start() { - if (opt_reply) - opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE); - else + if (opt_reply) { + void *tmp = realloc (opt_reply, OPT_REPLY_SIZE); + if (tmp != NULL) { + opt_reply = tmp; + } else { + free (opt_reply); + opt_reply = NULL; + } + } else opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE); if (opt_reply == NULL) { /*@*/ printf("env_opt_start: malloc()/realloc() failed!!!\n"); @@ -1464,14 +1479,16 @@ env_opt_add(unsigned char *ep) strlen((char *)ep) + 6 > opt_replyend) { int len; + void *tmp; opt_replyend += OPT_REPLY_SIZE; len = opt_replyend - opt_reply; - opt_reply = (unsigned char *)realloc(opt_reply, len); - if (opt_reply == NULL) { + tmp = realloc(opt_reply, len); + if (tmp == NULL) { /*@*/ printf("env_opt_add: realloc() failed!!!\n"); opt_reply = opt_replyp = opt_replyend = NULL; return; } + opt_reply = tmp; opt_replyp = opt_reply + len - (opt_replyend - opt_replyp); opt_replyend = opt_reply + len; } @@ -1943,7 +1960,7 @@ telsnd() */ -static int + int Scheduler(int block) /* should we block in the select ? */ { /* One wants to be a bit careful about setting returnValue @@ -1974,6 +1991,10 @@ Scheduler(int block) /* should we block in the select ? */ /* If we have seen a signal recently, reset things */ + if (scheduler_lockout_tty) { + ttyin = ttyout = 0; + } + /* Call to system code to process rings */ returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block); @@ -1996,6 +2017,8 @@ Scheduler(int block) /* should we block in the select ? */ void my_telnet(char *user) { + int printed_encrypt = 0; + sys_telnet_init(); #if defined(AUTHENTICATION) || defined(ENCRYPTION) @@ -2034,6 +2057,68 @@ my_telnet(char *user) tel_enter_binary(binary); } +#ifdef ENCRYPTION + /* + * Note: we assume a tie to the authentication option here. This + * is necessary so that authentication fails, we don't spin + * forever. + */ + if (wantencryption) { + extern int auth_has_failed; + time_t timeout = time(0) + 60; + + send_do(TELOPT_ENCRYPT, 1); + send_will(TELOPT_ENCRYPT, 1); + while (1) { + if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) { + if (wantencryption == -1) { + break; + } else { + printf("\nServer refused to negotiate authentication,\n"); + printf("which is required for encryption.\n"); + Exit(1); + } + } + if (auth_has_failed) { + printf("\nAuthentication negotation has failed,\n"); + printf("which is required for encryption.\n"); + Exit(1); + } + if (my_want_state_is_dont(TELOPT_ENCRYPT) || + my_want_state_is_wont(TELOPT_ENCRYPT)) { + printf("\nServer refused to negotiate encryption.\n"); + Exit(1); + } + if (encrypt_is_encrypting()) + break; + if (time(0) > timeout) { + printf("\nEncryption could not be enabled.\n"); + Exit(1); + } + if (printed_encrypt == 0) { + printed_encrypt = 1; + printf("Waiting for encryption to be negotiated...\n"); + /* + * Turn on MODE_TRAPSIG and then turn off localchars + * so that ^C will cause telnet to exit. + */ + TerminalNewMode(getconnmode()|MODE_TRAPSIG); + intr_waiting = 1; + } + if (intr_happened) { + printf("\nUser interrupt.\n"); + Exit(1); + } + telnet_spin(); + } + if (printed_encrypt) { + printf("Encryption negotiated.\n"); + intr_waiting = 0; + setconnmode(0); + } + } +#endif + for (;;) { int schedValue; @@ -2272,6 +2357,7 @@ sendnaws() if (my_state_is_wont(TELOPT_NAWS)) return; +#undef PUTSHORT #define PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \ if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; } diff --git a/kerberosIV/src/appl/telnet/telnetd/state.c b/kerberosIV/src/appl/telnet/telnetd/state.c index 3bd0ff130c2..30bad600559 100644 --- a/kerberosIV/src/appl/telnet/telnetd/state.c +++ b/kerberosIV/src/appl/telnet/telnetd/state.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$KTH: state.c,v 1.13 1999/05/13 23:12:50 assar Exp $"); +RCSID("$KTH: state.c,v 1.14 2000/10/02 05:06:02 assar Exp $"); unsigned char doopt[] = { IAC, DO, '%', 'c', 0 }; unsigned char dont[] = { IAC, DONT, '%', 'c', 0 }; @@ -1016,8 +1016,7 @@ suboption(void) return; settimer(xdisplocsubopt); subpointer[SB_LEN()] = '\0'; - if(setenv("DISPLAY", (char *)subpointer, 1) != 0) - errx(1, "cannot set DISPLAY"); + esetenv("DISPLAY", (char *)subpointer, 1); break; } /* end of case TELOPT_XDISPLOC */ @@ -1184,8 +1183,7 @@ suboption(void) case ENV_USERVAR: *cp = '\0'; if (valp) - if(setenv(varp, valp, 1) != 0) - errx(1, "cannot set %s", varp); + esetenv(varp, valp, 1); else unsetenv(varp); cp = varp = (char *)subpointer; @@ -1204,8 +1202,7 @@ suboption(void) } *cp = '\0'; if (valp) - if(setenv(varp, valp, 1) != 0) - errx(1, "cannot set %s", varp); + esetenv(varp, valp, 1); else unsetenv(varp); break; diff --git a/kerberosIV/src/appl/telnet/telnetd/sys_term.c b/kerberosIV/src/appl/telnet/telnetd/sys_term.c index ca3a298179b..da981a81f12 100644 --- a/kerberosIV/src/appl/telnet/telnetd/sys_term.c +++ b/kerberosIV/src/appl/telnet/telnetd/sys_term.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$KTH: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $"); +RCSID("$KTH: sys_term.c,v 1.104 2001/09/17 02:09:04 assar Exp $"); #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) # define PARENT_DOES_UTMP @@ -102,6 +102,8 @@ char wtmpf[] = "/etc/wtmp"; #endif /* STREAMSPTY */ +#undef NOERROR + #ifdef HAVE_SYS_STREAM_H #ifdef HAVE_SYS_UIO_H #include <sys/uio.h> @@ -142,6 +144,9 @@ char wtmpf[] = "/etc/wtmp"; #ifdef HAVE_UTIL_H #include <util.h> #endif +#ifdef HAVE_LIBUTIL_H +#include <libutil.h> +#endif # ifndef TCSANOW # ifdef TCSETS @@ -398,7 +403,7 @@ int getpty(int *ptynum) #if SunOS == 40 int dummy; #endif -#if 0 /* && defined(HAVE_OPENPTY) */ +#if __linux int master; int slave; if(openpty(&master, &slave, line, 0, 0) == 0){ @@ -822,8 +827,6 @@ void getptyslave(void) int t = -1; struct winsize ws; - extern int def_row, def_col; - extern int def_tspeed, def_rspeed; /* * Opening the slave side may cause initilization of the * kernel tty structure. We need remember the state of @@ -1110,7 +1113,8 @@ make_id (char *tty) /* ARGSUSED */ void -startslave(char *host, int autologin, char *autoname) +startslave(const char *host, const char *utmp_host, + int autologin, char *autoname) { int i; @@ -1158,7 +1162,7 @@ startslave(char *host, int autologin, char *autoname) wtmp.ut_type = LOGIN_PROCESS; wtmp.ut_pid = pid; strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user)); - strncpy(wtmp.ut_host, host, sizeof(wtmp.ut_host)); + strncpy(wtmp.ut_host, utmp_host, sizeof(wtmp.ut_host)); strncpy(wtmp.ut_line, clean_ttyname(line), sizeof(wtmp.ut_line)); #ifdef HAVE_STRUCT_UTMP_UT_ID strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id)); @@ -1177,6 +1181,10 @@ startslave(char *host, int autologin, char *autoname) # endif /* PARENT_DOES_UTMP */ } else { getptyslave(); +#if defined(DCE) + /* if we authenticated via K5, try and join the PAG */ + kerberos5_dfspag(); +#endif start_login(host, autologin, autoname); /*NOTREACHED*/ } @@ -1188,7 +1196,6 @@ extern char **environ; void init_env(void) { - extern char *getenv(const char *); char **envp; envp = envinit; @@ -1255,10 +1262,10 @@ scrub_env(void) struct arg_val { int size; int argc; - char **argv; + const char **argv; }; -static int addarg(struct arg_val*, char*); +static void addarg(struct arg_val*, const char*); /* * start_login(host) @@ -1268,10 +1275,11 @@ static int addarg(struct arg_val*, char*); */ void -start_login(char *host, int autologin, char *name) +start_login(const char *host, int autologin, char *name) { struct arg_val argv; char *user; + int save_errno; #ifdef HAVE_UTMPX_H int pid = getpid(); @@ -1312,7 +1320,7 @@ start_login(char *host, int autologin, char *name) /* init argv structure */ argv.size=0; argv.argc=0; - argv.argv=(char**)malloc(0); /*so we can call realloc later */ + argv.argv=malloc(0); /*so we can call realloc later */ addarg(&argv, "login"); addarg(&argv, "-h"); addarg(&argv, host); @@ -1367,25 +1375,23 @@ start_login(char *host, int autologin, char *name) sleep(1); execv(new_login, argv.argv); - + save_errno = errno; syslog(LOG_ERR, "%s: %m\n", new_login); - fatalperror(net, new_login); + fatalperror_errno(net, new_login, save_errno); /*NOTREACHED*/ } - - -static int addarg(struct arg_val *argv, char *val) +static void +addarg(struct arg_val *argv, const char *val) { - if(argv->size <= argv->argc+1){ - argv->argv = (char**)realloc(argv->argv, sizeof(char*) * (argv->size + 10)); - if(argv->argv == NULL) - return 1; /* this should probably be handled better */ + if(argv->size <= argv->argc+1) { + argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10)); + if (argv->argv == NULL) + fatal (net, "realloc: out of memory"); argv->size+=10; } - argv->argv[argv->argc++]=val; - argv->argv[argv->argc]=NULL; - return 0; + argv->argv[argv->argc++] = val; + argv->argv[argv->argc] = NULL; } diff --git a/kerberosIV/src/appl/telnet/telnetd/telnetd.c b/kerberosIV/src/appl/telnet/telnetd/telnetd.c index 73825df7db3..855366e5e14 100644 --- a/kerberosIV/src/appl/telnet/telnetd/telnetd.c +++ b/kerberosIV/src/appl/telnet/telnetd/telnetd.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$KTH: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $"); +RCSID("$KTH: telnetd.c,v 1.67 2001/09/17 02:08:29 assar Exp $"); #ifdef _SC_CRAY_SECURE_SYS #include <sys/sysv.h> @@ -54,6 +54,8 @@ int auth_level = 0; extern int utmp_len; int registerd_host_only = 0; +#undef NOERROR + #ifdef STREAMSPTY # include <stropts.h> # include <termios.h> @@ -63,6 +65,7 @@ int registerd_host_only = 0; #ifdef HAVE_SYS_STREAM_H #include <sys/stream.h> #endif + #ifdef _AIX #include <sys/termio.h> #endif @@ -138,18 +141,22 @@ char valid_opts[] = "Bd:hklnS:u:UL:y" static void doit(struct sockaddr*, int); +#ifdef ENCRYPTION +extern int des_check_key; +#endif + int main(int argc, char **argv) { struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; - int on = 1, sa_size; + int on = 1; + socklen_t sa_size; int ch; #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; #endif #ifdef ENCRYPTION - extern int des_check_key; des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */ #endif pfrontp = pbackp = ptyobuf; @@ -288,9 +295,14 @@ main(int argc, char **argv) #endif break; - case 'u': - utmp_len = atoi(optarg); + case 'u': { + char *eptr; + + utmp_len = strtol(optarg, &eptr, 0); + if (optarg == eptr) + fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg); break; + } case 'U': registerd_host_only = 1; @@ -362,9 +374,9 @@ main(int argc, char **argv) * Get socket's security label */ if (secflag) { - int szss = sizeof(ss); + socklen_t szss = sizeof(ss); int sock_multi; - int szi = sizeof(int); + socklen_t szi = sizeof(int); memset(&dv, 0, sizeof(dv)); @@ -489,7 +501,6 @@ int getterminaltype(char *name, size_t name_sz) { int retval = -1; - void _gettermname(); settimer(baseline); #ifdef AUTHENTICATION @@ -628,7 +639,7 @@ getterminaltype(char *name, size_t name_sz) } /* end of getterminaltype */ void -_gettermname() +_gettermname(void) { /* * If the client turned off the option, @@ -652,9 +663,9 @@ terminaltypeok(char *s) } -char *hostname; char host_name[MaxHostNameLen]; char remote_host_name[MaxHostNameLen]; +char remote_utmp_name[MaxHostNameLen]; /* * Get a pty, scan input lines. @@ -662,17 +673,10 @@ char remote_host_name[MaxHostNameLen]; static void doit(struct sockaddr *who, int who_len) { - char *host = NULL; - struct hostent *hp = NULL; int level; int ptynum; char user_name[256]; int error; - char host_addr[256]; - void *addr; - int addr_sz; - const char *tmp; - int af; /* * Find an available pty to use. @@ -697,77 +701,42 @@ doit(struct sockaddr *who, int who_len) } #endif /* _SC_CRAY_SECURE_SYS */ - af = who->sa_family; - switch (af) { - case AF_INET : { - struct sockaddr_in *sin = (struct sockaddr_in *)who; - - addr = &sin->sin_addr; - addr_sz = sizeof(sin->sin_addr); - break; - } -#ifdef HAVE_IPV6 - case AF_INET6 : { - struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who; - - addr = &sin6->sin6_addr; - addr_sz = sizeof(sin6->sin6_addr); - break; - } -#endif - default : - fatal (net, "Unknown address family\r\n"); - break; - } - - hp = getipnodebyaddr (addr, addr_sz, af, &error); - - if (hp == NULL && registerd_host_only) { + error = getnameinfo_verified (who, who_len, + remote_host_name, + sizeof(remote_host_name), + NULL, 0, + registerd_host_only ? NI_NAMEREQD : 0); + if (error) fatal(net, "Couldn't resolve your address into a host name.\r\n\ Please contact your net administrator"); - } else if (hp != NULL) { - host = hp->h_name; - } - - tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr)); - if (tmp == NULL) - strlcpy (host_addr, "unknown address", sizeof(host_addr)); - - if (host == NULL) - host = host_addr; - /* - * We must make a copy because Kerberos is probably going - * to also do a gethost* and overwrite the static data... - */ - strlcpy(remote_host_name, host, sizeof(remote_host_name)); - if (hp != NULL) - freehostent (hp); - host = remote_host_name; - - /* XXX - should be k_gethostname? */ gethostname(host_name, sizeof (host_name)); - hostname = host_name; + + strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name)); /* Only trim if too long (and possible) */ - if (strlen(remote_host_name) > abs(utmp_len)) { + if (strlen(remote_utmp_name) > utmp_len) { char *domain = strchr(host_name, '.'); - char *p = strchr(remote_host_name, '.'); - if (domain && p && (strcmp(p, domain) == 0)) - *p = 0; /* remove domain part */ + char *p = strchr(remote_utmp_name, '.'); + if (domain != NULL && p != NULL && (strcmp(p, domain) == 0)) + *p = '\0'; /* remove domain part */ } - /* * If hostname still doesn't fit utmp, use ipaddr. */ - if (strlen(remote_host_name) > abs(utmp_len)) - strlcpy(remote_host_name, - host_addr, - sizeof(remote_host_name)); + if (strlen(remote_utmp_name) > utmp_len) { + error = getnameinfo (who, who_len, + remote_utmp_name, + sizeof(remote_utmp_name), + NULL, 0, + NI_NUMERICHOST); + if (error) + fatal(net, "Couldn't get numeric address\r\n"); + } #ifdef AUTHENTICATION - auth_encrypt_init(hostname, host, "TELNETD", 1); + auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1); #endif init_env(); @@ -776,8 +745,7 @@ Please contact your net administrator"); */ *user_name = 0; level = getterminaltype(user_name, sizeof(user_name)); - if(setenv("TERM", terminaltype ? terminaltype : "network", 1) != 0) - errx(1, "cannot set TERM"); + esetenv("TERM", terminaltype ? terminaltype : "network", 1); #ifdef _SC_CRAY_SECURE_SYS if (secflag) { @@ -789,7 +757,8 @@ Please contact your net administrator"); #endif /* _SC_CRAY_SECURE_SYS */ /* begin server processing */ - my_telnet(net, ourpty, host, level, user_name); + my_telnet(net, ourpty, remote_host_name, remote_utmp_name, + level, user_name); /*NOTREACHED*/ } /* end of doit */ @@ -816,7 +785,8 @@ show_issue(void) * hand data to telnet receiver finite state machine. */ void -my_telnet(int f, int p, char *host, int level, char *autoname) +my_telnet(int f, int p, const char *host, const char *utmp_host, + int level, char *autoname) { int on = 1; char *he; @@ -999,7 +969,7 @@ my_telnet(int f, int p, char *host, int level, char *autoname) indefinitely */ if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){ startslave_called = 1; - startslave(host, level, autoname); + startslave(host, utmp_host, level, autoname); } if (ncc < 0 && pcc < 0) diff --git a/kerberosIV/src/appl/telnet/telnetd/termstat.c b/kerberosIV/src/appl/telnet/telnetd/termstat.c index 9399cd4cf67..6806ed2ec0d 100644 --- a/kerberosIV/src/appl/telnet/telnetd/termstat.c +++ b/kerberosIV/src/appl/telnet/telnetd/termstat.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$KTH: termstat.c,v 1.11 1997/05/11 06:30:04 assar Exp $"); +RCSID("$KTH: termstat.c,v 1.12 2001/08/29 00:45:23 assar Exp $"); /* * local variables @@ -49,7 +49,7 @@ int def_row = 0, def_col = 0; * Check for changes to flow control */ void -flowstat() +flowstat(void) { if (his_state_is_will(TELOPT_LFLOW)) { if (tty_flowmode() != flowmode) { @@ -81,8 +81,6 @@ flowstat() void clientstat(int code, int parm1, int parm2) { - void netflush(); - /* * Get a copy of terminal characteristics. */ diff --git a/kerberosIV/src/appl/xnlock/xnlock.c b/kerberosIV/src/appl/xnlock/xnlock.c index 011f9f91d2f..deab72f8fe9 100644 --- a/kerberosIV/src/appl/xnlock/xnlock.c +++ b/kerberosIV/src/appl/xnlock/xnlock.c @@ -8,7 +8,7 @@ */ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$KTH: xnlock.c,v 1.78.2.1 2000/06/23 03:09:47 assar Exp $"); +RCSID("$KTH: xnlock.c,v 1.89 2001/09/10 14:12:43 assar Exp $"); #endif #include <stdio.h> @@ -199,7 +199,7 @@ get_words(void) static void usage(void) { - fprintf(stderr, "usage: %s [options] [message]\n", __progname); + fprintf(stderr, "usage: %s [options] [message]\n", getprogname()); fprintf(stderr, "-fg color foreground color\n"); fprintf(stderr, "-bg color background color\n"); fprintf(stderr, "-rv reverse foreground/background colors\n"); @@ -372,12 +372,22 @@ walk(int dir) lastdir = dir; } +static long +my_random (void) +{ +#ifdef HAVE_RANDOM + return random(); +#else + return rand(); +#endif +} + static int think(void) { - if (rand() & 1) + if (my_random() & 1) walk(FRONT); - if (rand() & 1) { + if (my_random() & 1) { words = get_words(); return 1; } @@ -392,21 +402,21 @@ move(XtPointer _p, XtIntervalId *_id) if (!length) { int tries = 0; dir = 0; - if ((rand() & 1) && think()) { + if ((my_random() & 1) && think()) { talk(0); /* sets timeout to itself */ return; } - if (!(rand() % 3) && (interval = look())) { + if (!(my_random() % 3) && (interval = look())) { timeout_id = XtAppAddTimeOut(app, interval, move, NULL); return; } - interval = 20 + rand() % 100; + interval = 20 + my_random() % 100; do { if (!tries) - length = Width/100 + rand() % 90, tries = 8; + length = Width/100 + my_random() % 90, tries = 8; else tries--; - switch (rand() % 8) { + switch (my_random() % 8) { case 0: if (x - X_INCR*length >= 5) dir = LEFT; @@ -568,6 +578,28 @@ verify_krb5(const char *password) NULL); if (ret == 0){ #ifdef KRB4 + if (krb5_config_get_bool(context, NULL, + "libdefaults", + "krb4_get_tickets", + NULL)) { + CREDENTIALS c; + krb5_creds mcred, cred; + + krb5_make_principal(context, &mcred.server, + client->realm, + "krbtgt", + client->realm, + NULL); + ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); + if(ret == 0) { + ret = krb524_convert_creds_kdc_ccache(context, id, &cred, &c); + if(ret == 0) + tf_setup(&c, c.pname, c.pinst); + memset(&c, 0, sizeof(c)); + krb5_free_creds_contents(context, &cred); + } + krb5_free_principal(context, mcred.server); + } if (k_hasafs()) krb5_afslog(context, id, NULL, NULL); #endif @@ -893,21 +925,21 @@ look(void) { XSetForeground(dpy, gc, White); XSetBackground(dpy, gc, Black); - if (rand() % 3) { - XCopyPlane(dpy, (rand() & 1)? down : front, XtWindow(widget), gc, + if (my_random() % 3) { + XCopyPlane(dpy, (my_random() & 1)? down : front, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); return 1000L; } - if (!(rand() % 5)) + if (!(my_random() % 5)) return 0; - if (rand() % 3) { - XCopyPlane(dpy, (rand() & 1)? left_front : right_front, + if (my_random() % 3) { + XCopyPlane(dpy, (my_random() & 1)? left_front : right_front, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); return 1000L; } - if (!(rand() % 5)) + if (!(my_random() % 5)) return 0; - XCopyPlane(dpy, (rand() & 1)? left0 : right0, XtWindow(widget), gc, + XCopyPlane(dpy, (my_random() & 1)? left0 : right0, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); return 1000L; } @@ -942,9 +974,15 @@ main (int argc, char **argv) strlcpy(login, pw->pw_name, sizeof(login)); } - srand(getpid()); +#if defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif for (i = 0; i < STRING_LENGTH; i++) - STRING[i] = ((unsigned long)rand() % ('~' - ' ')) + ' '; + STRING[i] = ((unsigned long)my_random() % ('~' - ' ')) + ' '; locked_at = time(0); @@ -956,8 +994,12 @@ main (int argc, char **argv) #endif #ifdef KRB5 { + krb5_error_code ret; char *str; - krb5_init_context(&context); + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); krb5_get_default_principal(context, &client); krb5_unparse_name(context, client, &str); snprintf(userprompt, sizeof(userprompt), "User: %s", str); diff --git a/kerberosIV/src/doc/kth-krb.texi b/kerberosIV/src/doc/kth-krb.texi index 8a1233e9d08..c03a9061ae0 100644 --- a/kerberosIV/src/doc/kth-krb.texi +++ b/kerberosIV/src/doc/kth-krb.texi @@ -1,6 +1,6 @@ \input texinfo @c -*- texinfo -*- @c %**start of header -@c $KTH: kth-krb.texi,v 1.80 1999/12/02 16:58:35 joda Exp $ +@c $KTH: kth-krb.texi,v 1.81 1999/12/31 01:14:57 assar Exp $ @setfilename kth-krb.info @settitle KTH-KRB @iftex diff --git a/kerberosIV/src/doc/setup.texi b/kerberosIV/src/doc/setup.texi index 7f7dd49678a..864584bf904 100644 --- a/kerberosIV/src/doc/setup.texi +++ b/kerberosIV/src/doc/setup.texi @@ -201,7 +201,9 @@ holds some things that are not normally used. It consists of a number of @samp{@var{variable} = @var{value}} pairs, blank lines and lines beginning with a hash (#) are ignored. -The currently defined variables are: +The currently defined variables are listed below. For the boolean/flag +variables the value should be any of the strings @samp{true} or +@samp{yes} or any non-zero integer. @table @samp @item kdc_timeout @@ -232,7 +234,8 @@ Normally the uid or tty is appended to this prefix. The file where the server keys are stored, the default is @file{/etc/kerberosIV/srvtab}. @item nat_in_use @cindex nat_in_use -If the client is behind a Network Address Translator (NAT). +A flag to indicated that the client is behind a Network Address +Translator (NAT). @cindex Network Address Translator @cindex NAT @item reverse_lsb_test @@ -702,7 +705,7 @@ Zephyr Andrew File System @end table -To create these keys you will use the the @code{ksrvutil} program. +To create these keys you will use the @code{ksrvutil} program. Perform the @pindex ksrvutil following: diff --git a/kerberosIV/src/kadmin/admin_server.c b/kerberosIV/src/kadmin/admin_server.c index 5aeeedc8e0e..ca6adf8e2f7 100644 --- a/kerberosIV/src/kadmin/admin_server.c +++ b/kerberosIV/src/kadmin/admin_server.c @@ -30,7 +30,7 @@ or implied warranty. #include "kadm_locl.h" -RCSID("$KTH: admin_server.c,v 1.49.2.2 2000/10/18 20:24:57 assar Exp $"); +RCSID("$KTH: admin_server.c,v 1.54.2.1 2002/02/01 16:15:49 assar Exp $"); /* Almost all procs and such need this, so it is global */ admin_params prm; /* The command line parameters struct */ @@ -272,7 +272,7 @@ static void accept_client (int admin_fd) { int pipe_fd[2]; - int addrlen; + socklen_t addrlen; struct sockaddr_in peer; pid_t pid; int peer_fd; @@ -291,7 +291,11 @@ accept_client (int admin_fd) if (nunauth == 0) return; +#ifdef HAVE_RANDOM + victim = random() % nchildren; +#else victim = rand() % nchildren; +#endif if (children[victim].authenticated == 0) { kill(children[victim].pid, SIGINT); close(children[victim].pipe_fd); @@ -527,6 +531,7 @@ main(int argc, char **argv) /* admin_server main routine */ int errval; int c; struct in_addr i_addr; + int port = 0; umask(077); /* Create protected files */ @@ -537,7 +542,15 @@ main(int argc, char **argv) /* admin_server main routine */ memset(krbrlm, 0, sizeof(krbrlm)); - while ((c = getopt(argc, argv, "f:hmnd:a:r:i:")) != -1) +#if defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif + + while ((c = getopt(argc, argv, "f:hmnd:a:r:i:p:")) != -1) switch(c) { case 'f': /* Syslog file name change */ prm.sysfile = optarg; @@ -567,9 +580,26 @@ main(int argc, char **argv) /* admin_server main routine */ exit (1); } break; + case 'p' : { + struct servent *sp; + + sp = getservbyname(optarg, "tcp"); + if (sp != NULL) { + port = sp->s_port; + } else { + char *end; + + port = htons(strtol(optarg, &end, 0)); + if (port == 0 && end == optarg) { + fprintf(stderr, "Bad port: %s\n", optarg); + exit (1); + } + } + break; + } case 'h': /* get help on using admin_server */ default: - errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on]"); + errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir] [-i address_to_listen_on] [-p port]"); } if (krbrlm[0] == 0) @@ -590,8 +620,14 @@ main(int argc, char **argv) /* admin_server main routine */ close_syslog(); byebye(); } + if (port == 0) + port = k_getportbyname (KADM_SNAME, + "tcp", + htons(751)); + /* set up the server_parm struct */ - if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr))==KADM_SUCCESS) { + if ((errval = kadm_ser_init(prm.inter, krbrlm, i_addr, + port))==KADM_SUCCESS) { kerb_fini(); /* Close the Kerberos database-- will re-open later */ errval = kadm_listen(); /* listen for calls to server from diff --git a/kerberosIV/src/kadmin/kadm_locl.h b/kerberosIV/src/kadmin/kadm_locl.h index e9cdb641558..c864e262c33 100644 --- a/kerberosIV/src/kadmin/kadm_locl.h +++ b/kerberosIV/src/kadmin/kadm_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $KTH: kadm_locl.h,v 1.31 1999/12/02 16:58:36 joda Exp $ */ +/* $KTH: kadm_locl.h,v 1.32.2.1 2002/02/01 16:16:57 assar Exp $ */ #include "config.h" #include "protos.h" @@ -112,7 +112,11 @@ struct hostent *gethostbyname(const char *); #include <com_err.h> #include <sl.h> +#ifdef HAVE_OPENSSL +#include <openssl/des.h> +#else #include <des.h> +#endif #include <krb.h> #include <krb_err.h> #include <krb_db.h> @@ -125,6 +129,10 @@ struct hostent *gethostbyname(const char *); #include "kadm_server.h" #include "pw_check.h" +#ifdef HAVE_OPENSSL +#define des_new_random_key des_random_key +#endif + /* from libacl */ /* int acl_check(char *acl, char *principal); */ @@ -143,7 +151,7 @@ int kadm_ser_add (u_char *, int, AUTH_DAT *, u_char **, int *); int kadm_ser_mod (u_char *, int, AUTH_DAT *, u_char **, int *); int kadm_ser_get (u_char *, int, AUTH_DAT *, u_char **, int *); int kadm_ser_delete (u_char *, int, AUTH_DAT *, u_char **, int *); -int kadm_ser_init (int inter, char realm[], struct in_addr); +int kadm_ser_init (int inter, char realm[], struct in_addr, int port); int kadm_ser_in (u_char **, int *, u_char *); int get_pw_new_pwd (char *pword, int pwlen, krb_principal *pr, int print_realm); diff --git a/kerberosIV/src/kadmin/kadmin.c b/kerberosIV/src/kadmin/kadmin.c index 74e3e9090a8..5a98e46c054 100644 --- a/kerberosIV/src/kadmin/kadmin.c +++ b/kerberosIV/src/kadmin/kadmin.c @@ -31,7 +31,7 @@ or implied warranty. #include "getarg.h" #include "parse_time.h" -RCSID("$KTH: kadmin.c,v 1.62 1999/11/02 17:02:14 bg Exp $"); +RCSID("$KTH: kadmin.c,v 1.67 2001/08/26 01:40:41 assar Exp $"); static int change_password(int argc, char **argv); static int change_key(int argc, char **argv); @@ -80,11 +80,6 @@ static SL_cmd cmds[] = { #define PE_YES 1 #define PE_UNSURE 2 -/* for get_password, whether it should do the swapping...necessary for - using vals structure, unnecessary for change_pw requests */ -#define DONTSWAP 0 -#define SWAP 1 - static krb_principal pr; static char default_realm[REALM_SZ]; /* default kerberos realm */ static char krbrlm[REALM_SZ]; /* current realm being administered */ @@ -203,7 +198,7 @@ princ_exists(char *name, char *instance, char *realm) } static void -passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) +passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password) { des_cblock newkey; @@ -231,20 +226,18 @@ passwd_to_lowhigh(u_int32_t *low, u_int32_t *high, char *password, int byteswap) *low = 1; #endif - if (byteswap != DONTSWAP) { - *low = htonl(*low); - *high = htonl(*high); - } + *low = htonl(*low); + *high = htonl(*high); } static int -get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap) +get_password(u_int32_t *low, u_int32_t *high, char *prompt) { char new_passwd[MAX_KPW_LEN]; /* new password */ if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) return(BAD_PW); - passwd_to_lowhigh (low, high, new_passwd, byteswap); + passwd_to_lowhigh (low, high, new_passwd); memset (new_passwd, 0, sizeof(new_passwd)); return(GOOD_PW); } @@ -288,7 +281,9 @@ get_admin_password(void) /* Initialize non shared random sequence from session key. */ memset(&c, 0, sizeof(c)); krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); +#ifndef HAVE_OPENSSL des_init_random_number_generator(&c.session); +#endif } else status = KDC_PR_UNKNOWN; @@ -580,7 +575,7 @@ change_password(int argc, char **argv) "New password for %s:", user); if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) != GOOD_PW) { + pw_prompt) != GOOD_PW) { printf("Error reading password; password unchanged\n"); return 0; } @@ -605,6 +600,20 @@ change_password(int argc, char **argv) } static int +gethexkey(unsigned char *k) +{ + int i; + for (i = 0; i < 8; i++) { + int tmp; + + if (scanf ("%02x", &tmp) != 1) + return 0; + k[i] = tmp; + } + return 1; +} + +static int getkey(unsigned char *k) { int i, c; @@ -621,7 +630,13 @@ getkey(unsigned char *k) return 0; k[i] = oct; } - else if (!isalpha(c)) + else if (c == '0') { + c = getchar (); + if (c == 'x') + return gethexkey(k); + ungetc (c, stdin); + k[i] = c; + } else if (!isalpha(c)) return 0; else k[i] = c; @@ -673,7 +688,9 @@ change_key(int argc, char **argv) if (getkey(newkey)) { memcpy(&new.key_low, newkey, 4); + new.key_low = htonl(new.key_low); memcpy(&new.key_high, ((char *)newkey) + 4, 4); + new.key_high = htonl(new.key_high); printf("Entered key for %s: ", argv[1]); printkey(newkey); memset(newkey, 0, sizeof(newkey)); @@ -894,13 +911,13 @@ add_new_key(int argc, char **argv) argv[i]); if (get_password(&new.key_low, &new.key_high, - pw_prompt, SWAP) != GOOD_PW) { + pw_prompt) != GOOD_PW) { printf("Error reading password: %s not added\n", argv[i]); memset(&new, 0, sizeof(new)); return 0; } } else { - passwd_to_lowhigh (&new.key_low, &new.key_high, password, SWAP); + passwd_to_lowhigh (&new.key_low, &new.key_high, password); memset (password, 0, strlen(password)); } diff --git a/kerberosIV/src/kadmin/kpasswd.c b/kerberosIV/src/kadmin/kpasswd.c index ed32b39e81a..0a50de6ce79 100644 --- a/kerberosIV/src/kadmin/kpasswd.c +++ b/kerberosIV/src/kadmin/kpasswd.c @@ -25,7 +25,7 @@ or implied warranty. #include "kadm_locl.h" -RCSID("$KTH: kpasswd.c,v 1.29 1999/11/13 06:33:20 assar Exp $"); +RCSID("$KTH: kpasswd.c,v 1.30 2001/02/20 23:07:55 assar Exp $"); static void usage(int value) diff --git a/kerberosIV/src/kadmin/ksrvutil.c b/kerberosIV/src/kadmin/ksrvutil.c index 3416e2630ff..c72b9d7c3a1 100644 --- a/kerberosIV/src/kadmin/ksrvutil.c +++ b/kerberosIV/src/kadmin/ksrvutil.c @@ -30,7 +30,7 @@ or implied warranty. #include "kadm_locl.h" -RCSID("$KTH: ksrvutil.c,v 1.50 1999/11/13 06:33:59 assar Exp $"); +RCSID("$KTH: ksrvutil.c,v 1.52 2001/08/26 01:40:42 assar Exp $"); #include "ksrvutil.h" @@ -497,12 +497,14 @@ main(int argc, char **argv) * key has been compromised so we also use a * random sequence number! */ +#ifndef HAVE_OPENSSL des_init_random_number_generator(&old_key); { des_cblock seqnum; des_generate_random_block(&seqnum); des_set_sequence_number((unsigned char *)&seqnum); } +#endif /* * Pick a new key and determine whether or not * it is safe to change @@ -535,7 +537,7 @@ main(int argc, char **argv) dest_tkt(); } else { - com_err(__progname, status, + com_err(getprogname(), status, " attempting to change password."); dest_tkt(); /* XXX This knows the format of a keyfile */ diff --git a/kerberosIV/src/kuser/kdestroy.c b/kerberosIV/src/kuser/kdestroy.c index 45583209636..7b00e6a0887 100644 --- a/kerberosIV/src/kuser/kdestroy.c +++ b/kerberosIV/src/kuser/kdestroy.c @@ -35,15 +35,10 @@ #include <kafs.h> #include <getarg.h> -RCSID("$KTH: kdestroy.c,v 1.17 1999/12/02 16:58:36 joda Exp $"); +RCSID("$KTH: kdestroy.c,v 1.19 2001/02/20 23:07:55 assar Exp $"); -#ifdef LEGACY_KDESTROY -int ticket_flag = 1; -int unlog_flag = 0; -#else int ticket_flag = -1; int unlog_flag = -1; -#endif int quiet_flag; int help_flag; int version_flag; @@ -75,20 +70,30 @@ main(int argc, char **argv) int optind = 0; int ret = RET_TKFIL; - if(getarg(args, num_args, argc, argv, &optind)) + if (getarg(args, num_args, argc, argv, &optind)) usage(1); - if(help_flag) + if (unlog_flag == -1 && ticket_flag == -1) { + ticket_flag = 1; +#ifdef LEGACY_KDESTROY + unlog_flag = 0; +#else + unlog_flag = (getenv("LEGACY_KDESTROY") != 0) ? 0 : 1; +#endif + } + else if (unlog_flag == -1) + unlog_flag = 0; + else if (ticket_flag == -1) + ticket_flag = 0; + + if (help_flag) usage(0); - if(version_flag) { + if (version_flag) { print_version(NULL); exit(0); } - if (unlog_flag == -1 && ticket_flag == -1) - unlog_flag = ticket_flag = 1; - if (ticket_flag) ret = dest_tkt(); diff --git a/kerberosIV/src/kuser/kinit.c b/kerberosIV/src/kuser/kinit.c index c03d7170f13..4da551379dd 100644 --- a/kerberosIV/src/kuser/kinit.c +++ b/kerberosIV/src/kuser/kinit.c @@ -19,7 +19,7 @@ #include "kuser_locl.h" -RCSID("$KTH: kinit.c,v 1.17 1997/12/12 04:48:44 assar Exp $"); +RCSID("$KTH: kinit.c,v 1.18 2001/02/20 23:07:56 assar Exp $"); #define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */ #define CHPASSLIFE 2 @@ -39,7 +39,7 @@ get_input(char *s, int size, FILE *stream) static void usage(void) { - fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname); + fprintf(stderr, "Usage: %s [-irvlp] [name]\n", getprogname()); exit(1); } diff --git a/kerberosIV/src/kuser/klist.c b/kerberosIV/src/kuser/klist.c index 1d2c057ec3b..4b7c2e8a9dc 100644 --- a/kerberosIV/src/kuser/klist.c +++ b/kerberosIV/src/kuser/klist.c @@ -22,7 +22,7 @@ #include <parse_time.h> -RCSID("$KTH: klist.c,v 1.44.2.3 2000/10/18 20:38:29 assar Exp $"); +RCSID("$KTH: klist.c,v 1.47 2001/02/20 23:07:56 assar Exp $"); static int option_verbose = 0; @@ -55,7 +55,7 @@ print_time_diff(void) static int -display_tktfile(char *file, int tgt_test, int long_form) +display_tktfile(const char *file, int tgt_test, int long_form) { krb_principal pr; char buf1[20], buf2[20]; @@ -80,7 +80,7 @@ display_tktfile(char *file, int tgt_test, int long_form) */ /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { + if ((k_errno = tf_init((char *)file, R_TKT_FIL))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); return 1; @@ -94,7 +94,7 @@ display_tktfile(char *file, int tgt_test, int long_form) * really stored in the principal section of the file, the * routine we use must itself call tf_init and tf_close. */ - if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) { + if ((k_errno = krb_get_tf_realm((char *)file, pr.realm)) != KSUCCESS) { if (!tgt_test) warnx("can't find realm of ticket file: %s", krb_get_err_text(k_errno)); @@ -102,7 +102,7 @@ display_tktfile(char *file, int tgt_test, int long_form) } /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { + if ((k_errno = tf_init((char *)file, R_TKT_FIL))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); return 1; @@ -181,7 +181,7 @@ display_tktfile(char *file, int tgt_test, int long_form) printf("-----\nNAT addresses\n"); /* Open ticket file (again) */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { + if ((k_errno = tf_init((char *)file, R_TKT_FIL))) { if (!tgt_test) warnx("%s", krb_get_err_text(k_errno)); return 1; @@ -283,7 +283,7 @@ display_tokens(void) } static void -display_srvtab(char *file) +display_srvtab(const char *file) { int stab; char serv[SNAME_SZ]; @@ -326,7 +326,7 @@ usage(void) { fprintf(stderr, "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n", - __progname); + getprogname()); exit(1); } @@ -338,7 +338,7 @@ main(int argc, char **argv) int tgt_test = 0; int do_srvtab = 0; int do_tokens = 0; - char *tkt_file = NULL; + const char *tkt_file = NULL; int eval; while (*(++argv)) { @@ -373,7 +373,7 @@ main(int argc, char **argv) if (!strcmp(*argv, "-srvtab")) { if (tkt_file == NULL) /* if no other file spec'ed, set file to default srvtab */ - tkt_file = (char *)KEYFILE; + tkt_file = KEYFILE; do_srvtab = 1; continue; } diff --git a/kerberosIV/src/lib/auth/afskauthlib/verify.c b/kerberosIV/src/lib/auth/afskauthlib/verify.c index 272e3016d08..16703fd00fd 100644 --- a/kerberosIV/src/lib/auth/afskauthlib/verify.c +++ b/kerberosIV/src/lib/auth/afskauthlib/verify.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$KTH: verify.c,v 1.20 1999/12/02 16:58:37 joda Exp $"); +RCSID("$KTH: verify.c,v 1.25 2001/06/18 13:11:33 assar Exp $"); #endif #include <unistd.h> #include <sys/types.h> @@ -123,7 +123,11 @@ verify_krb5(struct passwd *pwd, krb5_ccache ccache; krb5_principal principal; - krb5_init_context(&context); + ret = krb5_init_context(&context); + if (ret) { + syslog(LOG_AUTH|LOG_DEBUG, "krb5_init_context failed: %d", ret); + goto out; + } ret = krb5_parse_name (context, pwd->pw_name, &principal); if (ret) { @@ -175,7 +179,7 @@ verify_krb5(struct passwd *pwd, free (realm); ret = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); if(ret == 0) { - ret = krb524_convert_creds_kdc(context, ccache, &cred, &c); + ret = krb524_convert_creds_kdc_ccache(context, ccache, &cred, &c); if(ret) krb5_warn(context, ret, "converting creds"); else { @@ -193,9 +197,11 @@ verify_krb5(struct passwd *pwd, if (!pag_set && k_hasafs()) { k_setpag(); pag_set = 1; + } + + if (pag_set) krb5_afslog_uid_home(context, ccache, NULL, NULL, pwd->pw_uid, pwd->pw_dir); - } #endif out: if(ret && !quiet) @@ -222,8 +228,9 @@ verify_krb4(struct passwd *pwd, if (!pag_set && k_hasafs()) { k_setpag (); pag_set = 1; + } + if (pag_set) krb_afslog_uid_home (0, 0, pwd->pw_uid, pwd->pw_dir); - } } else if (!quiet) printf ("%s\n", krb_get_err_text (ret)); } @@ -242,6 +249,12 @@ afs_verify(char *name, if(pwd == NULL) return 1; + + if (!pag_set && k_hasafs()) { + k_setpag(); + pag_set=1; + } + if (ret) ret = unix_verify_user (name, password); #ifdef KRB5 @@ -277,12 +290,10 @@ afs_gettktstring (void) } } #ifdef KRB5 - if(setenv("KRB5CCNAME",krb5ccname,1) != 0) - errx(1, "cannot set KRB5CCNAME"); + esetenv("KRB5CCNAME",krb5ccname,1); #endif #ifdef KRB4 - if(setenv("KRBTKFILE",krbtkfile,1) != 0) - errx(1, "cannot set KRBTKFILE"); + esetenv("KRBTKFILE",krbtkfile,1); return krbtkfile; #else return ""; diff --git a/kerberosIV/src/lib/auth/sia/sia.c b/kerberosIV/src/lib/auth/sia/sia.c index e74524ad055..71baa8f1fd5 100644 --- a/kerberosIV/src/lib/auth/sia/sia.c +++ b/kerberosIV/src/lib/auth/sia/sia.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "sia_locl.h" -RCSID("$KTH: sia.c,v 1.32.2.1 1999/12/20 09:49:30 joda Exp $"); +RCSID("$KTH: sia.c,v 1.36 2001/09/13 01:19:14 assar Exp $"); int siad_init(void) @@ -52,12 +52,18 @@ int siad_ses_init(SIAENTITY *entity, int pkgind) { struct state *s = malloc(sizeof(*s)); + SIA_DEBUG(("DEBUG", "siad_ses_init")); if(s == NULL) return SIADFAIL; memset(s, 0, sizeof(*s)); #ifdef SIA_KRB5 - krb5_init_context(&s->context); + { + krb5_error_code ret; + ret = krb5_init_context(&s->context); + if (ret) + return SIADFAIL; + } #endif entity->mech[pkgind] = (int*)s; return SIADSUCCESS; diff --git a/kerberosIV/src/lib/com_err/compile_et.c b/kerberosIV/src/lib/com_err/compile_et.c index ccdd445e6cf..751c617c036 100644 --- a/kerberosIV/src/lib/com_err/compile_et.c +++ b/kerberosIV/src/lib/com_err/compile_et.c @@ -35,7 +35,7 @@ #include "compile_et.h" #include <getarg.h> -RCSID("$KTH: compile_et.c,v 1.13 1999/12/02 16:58:38 joda Exp $"); +RCSID("$KTH: compile_et.c,v 1.14 2001/02/20 01:44:53 assar Exp $"); #include <roken.h> #include <err.h> diff --git a/kerberosIV/src/lib/des/rnd_keys.c b/kerberosIV/src/lib/des/rnd_keys.c index f352e0475c7..e2247a5dbac 100644 --- a/kerberosIV/src/lib/des/rnd_keys.c +++ b/kerberosIV/src/lib/des/rnd_keys.c @@ -34,7 +34,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" -RCSID("$KTH: rnd_keys.c,v 1.56 1999/12/02 16:58:39 joda Exp $"); +RCSID("$KTH: rnd_keys.c,v 1.58 2001/08/21 15:32:07 assar Exp $"); #endif #include <des.h> @@ -74,10 +74,6 @@ RCSID("$KTH: rnd_keys.c,v 1.56 1999/12/02 16:58:39 joda Exp $"); #include <fcntl.h> #endif -#ifdef HAVE_WINSOCK_H -#include <winsock.h> -#endif - /* * Generate "random" data by checksumming a file. * @@ -194,6 +190,19 @@ sigALRM(int sig) #endif #endif +#ifndef HAVE_SETITIMER +static void +des_not_rand_data(unsigned char *data, int size) +{ + int i; + + srandom (time (NULL)); + + for(i = 0; i < size; ++i) + data[i] ^= random() % 0x100; +} +#endif + #if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) #ifndef HAVE_SETITIMER diff --git a/kerberosIV/src/lib/kadm/kadm.h b/kerberosIV/src/lib/kadm/kadm.h index 1354f12eda2..fc8f7eaba24 100644 --- a/kerberosIV/src/lib/kadm/kadm.h +++ b/kerberosIV/src/lib/kadm/kadm.h @@ -1,5 +1,5 @@ /* - * $KTH: kadm.h,v 1.17 1998/10/23 14:25:55 joda Exp $ + * $KTH: kadm.h,v 1.18 2001/08/26 01:46:12 assar Exp $ * * Copyright 1988 by the Massachusetts Institute of Technology. * @@ -24,7 +24,7 @@ typedef struct { struct sockaddr_in admin_addr; struct sockaddr_in my_addr; - int my_addr_len; + socklen_t my_addr_len; int admin_fd; /* file descriptor for link to admin server */ char sname[ANAME_SZ]; /* the service name */ char sinst[INST_SZ]; /* the services instance */ diff --git a/kerberosIV/src/lib/kafs/afssys.c b/kerberosIV/src/lib/kafs/afssys.c index 2e9fc38a0f7..01e131f5b54 100644 --- a/kerberosIV/src/lib/kafs/afssys.c +++ b/kerberosIV/src/lib/kafs/afssys.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 200 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$KTH: afssys.c,v 1.65.2.1 2000/06/23 03:27:23 assar Exp $"); +RCSID("$KTH: afssys.c,v 1.67 2000/07/08 12:06:03 assar Exp $"); int _kafs_debug; /* this should be done in a better way */ @@ -283,7 +283,7 @@ int k_hasafs(void) { #if !defined(NO_AFS) && defined(SIGSYS) - RETSIGTYPE (*saved_func)(); + RETSIGTYPE (*saved_func)(int); #endif int saved_errno; char *env = getenv ("AFS_SYSCALL"); diff --git a/kerberosIV/src/lib/kafs/common.c b/kerberosIV/src/lib/kafs/common.c index 3a8145c584e..8a17be91f3b 100644 --- a/kerberosIV/src/lib/kafs/common.c +++ b/kerberosIV/src/lib/kafs/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "kafs_locl.h" -RCSID("$KTH: common.c,v 1.19 1999/12/02 16:58:40 joda Exp $"); +RCSID("$KTH: common.c,v 1.22 2001/09/10 16:08:17 assar Exp $"); #define AUTH_SUPERUSER "afs" @@ -241,6 +241,10 @@ _kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir) find_cells(_PATH_THISCELL, &cells, &index); find_cells(_PATH_ARLA_THESECELLS, &cells, &index); find_cells(_PATH_ARLA_THISCELL, &cells, &index); + find_cells(_PATH_OPENAFS_DEBIAN_THESECELLS, &cells, &index); + find_cells(_PATH_OPENAFS_DEBIAN_THISCELL, &cells, &index); + find_cells(_PATH_ARLA_DEBIAN_THESECELLS, &cells, &index); + find_cells(_PATH_ARLA_DEBIAN_THISCELL, &cells, &index); ret = afslog_cells(data, cells, index, uid, homedir); while(index > 0) @@ -250,18 +254,8 @@ _kafs_afslog_all_local_cells(kafs_data *data, uid_t uid, const char *homedir) } -/* Find the realm associated with cell. Do this by opening - /usr/vice/etc/CellServDB and getting the realm-of-host for the - first VL-server for the cell. - - This does not work when the VL-server is living in one realm, but - the cell it is serving is living in another realm. - - Return 0 on success, -1 otherwise. - */ - -int -_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) +static int +file_find_cell(kafs_data *data, const char *cell, char **realm, int exact) { FILE *F; char buf[1024]; @@ -269,11 +263,23 @@ _kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) int ret = -1; if ((F = fopen(_PATH_CELLSERVDB, "r")) - || (F = fopen(_PATH_ARLA_CELLSERVDB, "r"))) { + || (F = fopen(_PATH_ARLA_CELLSERVDB, "r")) + || (F = fopen(_PATH_OPENAFS_DEBIAN_CELLSERVDB, "r")) + || (F = fopen(_PATH_ARLA_DEBIAN_CELLSERVDB, "r"))) { while (fgets(buf, sizeof(buf), F)) { + int cmp; + if (buf[0] != '>') continue; /* Not a cell name line, try next line */ - if (strncmp(buf + 1, cell, strlen(cell)) == 0) { + p = buf; + strsep(&p, " \t\n#"); + + if (exact) + cmp = strcmp(buf + 1, cell); + else + cmp = strncmp(buf + 1, cell, strlen(cell)); + + if (cmp == 0) { /* * We found the cell name we're looking for. * Read next line on the form ip-address '#' hostname @@ -294,12 +300,34 @@ _kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) } fclose(F); } - if (*realm == NULL && dns_find_cell(cell, buf, sizeof(buf)) == 0) { - *realm = strdup(krb_realmofhost(buf)); + return ret; +} + +/* Find the realm associated with cell. Do this by opening + /usr/vice/etc/CellServDB and getting the realm-of-host for the + first VL-server for the cell. + + This does not work when the VL-server is living in one realm, but + the cell it is serving is living in another realm. + + Return 0 on success, -1 otherwise. + */ + +int +_kafs_realm_of_cell(kafs_data *data, const char *cell, char **realm) +{ + char buf[1024]; + int ret; + + ret = file_find_cell(data, cell, realm, 1); + if (ret == 0) + return ret; + if (dns_find_cell(cell, buf, sizeof(buf)) == 0) { + *realm = (*data->get_realm)(data, buf); if(*realm != NULL) - ret = 0; + return 0; } - return ret; + return file_find_cell(data, cell, realm, 0); } int diff --git a/kerberosIV/src/lib/kafs/kafs.h b/kerberosIV/src/lib/kafs/kafs.h index fb6422dd714..a46ea9793c0 100644 --- a/kerberosIV/src/lib/kafs/kafs.h +++ b/kerberosIV/src/lib/kafs/kafs.h @@ -1,8 +1,8 @@ -/* $OpenBSD: kafs.h,v 1.2 2000/02/25 16:12:38 hin Exp $ */ +/* $OpenBSD: kafs.h,v 1.3 2002/06/08 21:49:01 hin Exp $ */ /* $KTH: kafs.h,v 1.28 1998/04/26 18:20:09 joda Exp $ */ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -39,6 +39,8 @@ * SUCH DAMAGE. */ +/* $KTH: kafs.h,v 1.35 2001/09/10 16:05:31 assar Exp $ */ + #ifndef __KAFS_H #define __KAFS_H @@ -98,6 +100,16 @@ krb5_error_code krb5_afslog __P((krb5_context, krb5_ccache, #define _PATH_ARLA_CELLSERVDB _PATH_ARLA_VICE "CellServDB" #define _PATH_ARLA_THESECELLS _PATH_ARLA_VICE "TheseCells" +#define _PATH_OPENAFS_DEBIAN_VICE "/etc/openafs/" +#define _PATH_OPENAFS_DEBIAN_THISCELL _PATH_OPENAFS_DEBIAN_VICE "ThisCell" +#define _PATH_OPENAFS_DEBIAN_CELLSERVDB _PATH_OPENAFS_DEBIAN_VICE "CellServDB" +#define _PATH_OPENAFS_DEBIAN_THESECELLS _PATH_OPENAFS_DEBIAN_VICE "TheseCells" + +#define _PATH_ARLA_DEBIAN_VICE "/etc/arla/" +#define _PATH_ARLA_DEBIAN_THISCELL _PATH_ARLA_DEBIAN_VICE "ThisCell" +#define _PATH_ARLA_DEBIAN_CELLSERVDB _PATH_ARLA_DEBIAN_VICE "CellServDB" +#define _PATH_ARLA_DEBIAN_THESECELLS _PATH_ARLA_DEBIAN_VICE "TheseCells" + extern int _kafs_debug; #endif /* __KAFS_H */ diff --git a/kerberosIV/src/lib/krb/get_krbrlm.c b/kerberosIV/src/lib/krb/get_krbrlm.c index 884c1177e4f..c722b740221 100644 --- a/kerberosIV/src/lib/krb/get_krbrlm.c +++ b/kerberosIV/src/lib/krb/get_krbrlm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$KTH: get_krbrlm.c,v 1.25 1999/12/02 16:58:41 joda Exp $"); +RCSID("$KTH: get_krbrlm.c,v 1.26 2001/08/28 10:14:33 assar Exp $"); /* * krb_get_lrealm takes a pointer to a string, and a number, n. It fills @@ -52,9 +52,10 @@ krb_get_lrealm_f(char *r, int n, const char *fname) { char buf[1024]; char *p; - int nchar; + int rlen, tlen; FILE *f; int ret = KFAILURE; + char *rstart; if (n < 0) return KFAILURE; @@ -70,21 +71,21 @@ krb_get_lrealm_f(char *r, int n, const char *fname) goto done; /* We now have the n:th line, remove initial white space. */ - p = buf + strspn(buf, " \t"); + rstart = p = buf + strspn(buf, " \t"); /* Collect realmname. */ - nchar = strcspn(p, " \t\n"); - if (nchar == 0 || nchar > REALM_SZ) + rlen = strcspn(p, " \t\n"); + if (rlen == 0 || rlen > REALM_SZ) goto done; /* No realmname */ - strncpy(r, p, nchar); - r[nchar] = 0; /* Does more junk follow? */ - p += nchar; - nchar = strspn(p, " \t\n"); - if ((r[0] != '#') && (p[nchar] == 0)) + p += rlen; + tlen = strspn(p, " \t\n"); + if ((rstart[0] != '#') && (p[tlen] == 0)) { + strncpy(r, rstart, rlen); + r[rlen] = 0; ret = KSUCCESS; /* This was a realm name only line. */ - + } done: fclose(f); return ret; diff --git a/kerberosIV/src/lib/krb/getfile.c b/kerberosIV/src/lib/krb/getfile.c index 42e6c89a9f3..424cc9c270c 100644 --- a/kerberosIV/src/lib/krb/getfile.c +++ b/kerberosIV/src/lib/krb/getfile.c @@ -33,7 +33,7 @@ #include "krb_locl.h" -RCSID("$KTH: getfile.c,v 1.5.2.1 2000/12/07 17:04:48 assar Exp $"); +RCSID("$KTH: getfile.c,v 1.6 2000/12/07 17:00:49 assar Exp $"); static int is_suid(void) diff --git a/kerberosIV/src/lib/krb/send_to_kdc.c b/kerberosIV/src/lib/krb/send_to_kdc.c index 936189f6fdf..b4429ed8073 100644 --- a/kerberosIV/src/lib/krb/send_to_kdc.c +++ b/kerberosIV/src/lib/krb/send_to_kdc.c @@ -22,7 +22,7 @@ or implied warranty. #include "krb_locl.h" #include <base64.h> -RCSID("$KTH: send_to_kdc.c,v 1.71.2.1 2000/10/10 12:47:21 assar Exp $"); +RCSID("$KTH: send_to_kdc.c,v 1.73 2000/11/30 07:14:34 assar Exp $"); struct host { struct sockaddr_in addr; diff --git a/kerberosIV/src/lib/krb/tf_util.c b/kerberosIV/src/lib/krb/tf_util.c index 7b8d3e39eac..75abfe900ab 100644 --- a/kerberosIV/src/lib/krb/tf_util.c +++ b/kerberosIV/src/lib/krb/tf_util.c @@ -21,7 +21,7 @@ or implied warranty. #include "krb_locl.h" -RCSID("$KTH: tf_util.c,v 1.39.2.2 2000/06/23 04:03:58 assar Exp $"); +RCSID("$KTH: tf_util.c,v 1.43 2000/11/30 07:15:26 assar Exp $"); #define TOO_BIG -1 @@ -133,104 +133,104 @@ static int tf_read(void *s, int n); int tf_init(char *tf_name, int rw) { - /* Unix implementation */ - int wflag; - struct stat stat_buf; - int i_retry; - - switch (rw) { - case R_TKT_FIL: - wflag = 0; - break; - case W_TKT_FIL: - wflag = 1; - break; - default: - if (krb_debug) - krb_warning("tf_init: illegal parameter\n"); - return TKT_FIL_ACC; - } - if (lstat(tf_name, &stat_buf) < 0) - switch (errno) { - case ENOENT: - return NO_TKT_FIL; + /* Unix implementation */ + int wflag; + struct stat stat_buf; + int i_retry; + + switch (rw) { + case R_TKT_FIL: + wflag = 0; + break; + case W_TKT_FIL: + wflag = 1; + break; default: - return TKT_FIL_ACC; + if (krb_debug) + krb_warning("tf_init: illegal parameter\n"); + return TKT_FIL_ACC; } - if (!S_ISREG(stat_buf.st_mode)) - return TKT_FIL_ACC; - - /* The code tries to guess when the calling program is running - * set-uid and prevent unauthorized access. - * - * All library functions now assume that the right set of userids - * are set upon entry, therefore it's not strictly necessary to - * perform these test for programs adhering to these assumptions. - * - * This doesn't work on cygwin because getuid() returns a different - * uid than the owner of files that are created. - */ + if (lstat(tf_name, &stat_buf) < 0) + switch (errno) { + case ENOENT: + return NO_TKT_FIL; + default: + return TKT_FIL_ACC; + } + if (!S_ISREG(stat_buf.st_mode)) + return TKT_FIL_ACC; + + /* The code tries to guess when the calling program is running + * set-uid and prevent unauthorized access. + * + * All library functions now assume that the right set of userids + * are set upon entry, therefore it's not strictly necessary to + * perform these test for programs adhering to these assumptions. + * + * This doesn't work on cygwin because getuid() returns a different + * uid than the owner of files that are created. + */ #ifndef __CYGWIN__ - { - uid_t me = getuid(); - if (stat_buf.st_uid != me && me != 0) - return TKT_FIL_ACC; - } + { + uid_t me = getuid(); + if (stat_buf.st_uid != me && me != 0) + return TKT_FIL_ACC; + } #endif - /* - * If "wflag" is set, open the ticket file in append-writeonly mode - * and lock the ticket file in exclusive mode. If unable to lock - * the file, sleep and try again. If we fail again, return with the - * proper error message. - */ + /* + * If "wflag" is set, open the ticket file in append-writeonly mode + * and lock the ticket file in exclusive mode. If unable to lock + * the file, sleep and try again. If we fail again, return with the + * proper error message. + */ - curpos = sizeof(tfbfr); + curpos = sizeof(tfbfr); - if (wflag) { - fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (wflag) { + fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of write lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + close (fd); + fd = -1; + return TKT_FIL_LCK; + } + /* + * Otherwise "wflag" is not set and the ticket file should be opened + * for read-only operations and locked for shared access. + */ + + fd = open(tf_name, O_RDONLY | O_BINARY, 0600); if (fd < 0) { - return TKT_FIL_ACC; + return TKT_FIL_ACC; } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - if (krb_debug) - krb_warning("tf_init: retry %d of write lock of `%s'.\n", - i_retry, tf_name); - sleep (TF_LCK_RETRY); - } else { - return KSUCCESS; /* all done */ - } + if (flock(fd, LOCK_SH | LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of read lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } } - close (fd); + /* failure */ + close(fd); fd = -1; return TKT_FIL_LCK; - } - /* - * Otherwise "wflag" is not set and the ticket file should be opened - * for read-only operations and locked for shared access. - */ - - fd = open(tf_name, O_RDONLY | O_BINARY, 0600); - if (fd < 0) { - return TKT_FIL_ACC; - } - - for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { - if (flock(fd, LOCK_SH | LOCK_NB) < 0) { - if (krb_debug) - krb_warning("tf_init: retry %d of read lock of `%s'.\n", - i_retry, tf_name); - sleep (TF_LCK_RETRY); - } else { - return KSUCCESS; /* all done */ - } - } - /* failure */ - close(fd); - fd = -1; - return TKT_FIL_LCK; } /* @@ -249,21 +249,21 @@ tf_init(char *tf_name, int rw) int tf_create(char *tf_name) { - if (unlink (tf_name) && errno != ENOENT) - return TKT_FIL_ACC; - - fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); - if (fd < 0) - return TKT_FIL_ACC; - if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - sleep(TF_LCK_RETRY); + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + + fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) + return TKT_FIL_ACC; if (flock(fd, LOCK_EX | LOCK_NB) < 0) { - close(fd); - fd = -1; - return TKT_FIL_LCK; + sleep(TF_LCK_RETRY); + if (flock(fd, LOCK_EX | LOCK_NB) < 0) { + close(fd); + fd = -1; + return TKT_FIL_LCK; + } } - } - return KSUCCESS; + return KSUCCESS; } /* @@ -278,18 +278,18 @@ tf_create(char *tf_name) int tf_get_pname(char *p) { - if (fd < 0) { - if (krb_debug) - krb_warning("tf_get_pname called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ - { - if (krb_debug) - krb_warning ("tf_get_pname: pname < 2.\n"); - return TKT_FIL_FMT; + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pname called before tf_init.\n"); + return TKT_FIL_INI; } - return KSUCCESS; + if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ + { + if (krb_debug) + krb_warning ("tf_get_pname: pname < 2.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; } /* @@ -300,17 +300,17 @@ tf_get_pname(char *p) int tf_put_pname(const char *p) { - unsigned count; - - if (fd < 0) { - if (krb_debug) - krb_warning("tf_put_pname called before tf_create.\n"); - return TKT_FIL_INI; - } - count = strlen(p)+1; - if (write(fd,p,count) != count) - return(KFAILURE); - return KSUCCESS; + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pname called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(p)+1; + if (write(fd,p,count) != count) + return(KFAILURE); + return KSUCCESS; } /* @@ -326,18 +326,18 @@ tf_put_pname(const char *p) int tf_get_pinst(char *inst) { - if (fd < 0) { - if (krb_debug) - krb_warning("tf_get_pinst called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(inst, INST_SZ) < 1) - { - if (krb_debug) - krb_warning("tf_get_pinst: inst_sz < 1.\n"); - return TKT_FIL_FMT; + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pinst called before tf_init.\n"); + return TKT_FIL_INI; } - return KSUCCESS; + if (tf_gets(inst, INST_SZ) < 1) + { + if (krb_debug) + krb_warning("tf_get_pinst: inst_sz < 1.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; } /* @@ -348,17 +348,17 @@ tf_get_pinst(char *inst) int tf_put_pinst(const char *inst) { - unsigned count; - - if (fd < 0) { - if (krb_debug) - krb_warning("tf_put_pinst called before tf_create.\n"); - return TKT_FIL_INI; - } - count = strlen(inst)+1; - if (write(fd,inst,count) != count) - return(KFAILURE); - return KSUCCESS; + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pinst called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(inst)+1; + if (write(fd,inst,count) != count) + return(KFAILURE); + return KSUCCESS; } /* @@ -373,132 +373,135 @@ tf_put_pinst(const char *inst) */ static int -real_tf_get_cred(CREDENTIALS *c) +real_tf_get_cred(CREDENTIALS *c, off_t *pos) { - KTEXT ticket = &c->ticket_st; /* pointer to ticket */ - int k_errno; - - if (fd < 0) { - if (krb_debug) - krb_warning ("tf_get_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) - switch (k_errno) { - case TOO_BIG: - if (krb_debug) - krb_warning("tf_get_cred: too big service cred.\n"); - case 1: /* can't be just a null */ - tf_close(); - if (krb_debug) - krb_warning("tf_get_cred: null service cred.\n"); - return TKT_FIL_FMT; - case 0: - return EOF; - } - if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) - switch (k_errno) { - case TOO_BIG: - if (krb_debug) - krb_warning ("tf_get_cred: too big instance cred.\n"); - return TKT_FIL_FMT; - case 0: - return EOF; + KTEXT ticket = &c->ticket_st; /* pointer to ticket */ + int k_errno; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_get_cred called before tf_init.\n"); + return TKT_FIL_INI; } - if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) - switch (k_errno) { - case TOO_BIG: - if (krb_debug) - krb_warning ("tf_get_cred: too big realm cred.\n"); - case 1: /* can't be just a null */ - tf_close(); - if (krb_debug) - krb_warning ("tf_get_cred: null realm cred.\n"); - return TKT_FIL_FMT; - case 0: - return EOF; + if(pos) + *pos = lseek(fd, 0, SEEK_CUR) - lastpos + curpos; + if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning("tf_get_cred: too big service cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning("tf_get_cred: null service cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big instance cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big realm cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: null realm cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ( + tf_read((c->session), DES_KEY_SZ) < 1 || + tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || + tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || + tf_read(&(ticket->length), sizeof(ticket->length)) + < 1 || + /* don't try to read a silly amount into ticket->dat */ + ticket->length > MAX_KTXT_LEN || + tf_read((ticket->dat), ticket->length) < 1 || + tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 + ) { + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: failed tf_read.\n"); + return TKT_FIL_FMT; } - if ( - tf_read((c->session), DES_KEY_SZ) < 1 || - tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || - tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || - tf_read(&(ticket->length), sizeof(ticket->length)) - < 1 || - /* don't try to read a silly amount into ticket->dat */ - ticket->length > MAX_KTXT_LEN || - tf_read((ticket->dat), ticket->length) < 1 || - tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 - ) { - tf_close(); - if (krb_debug) - krb_warning ("tf_get_cred: failed tf_read.\n"); - return TKT_FIL_FMT; - } - return KSUCCESS; + return KSUCCESS; } int tf_get_cred(CREDENTIALS *c) { - int ret; - int fake; - - do { - fake = 0; - - ret = real_tf_get_cred (c); - if (ret) - return ret; + int ret; + int fake; - if(strcmp(c->service, MAGIC_TICKET_NAME) == 0) { - if(strcmp(c->instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { - /* we found the magic `time diff' ticket; update the kdc time - differential, and then get the next ticket */ - u_int32_t d; + do { + fake = 0; - krb_get_int(c->ticket_st.dat, &d, 4, 0); - krb_set_kdc_time_diff(d); - fake = 1; - } else if (strcmp(c->instance, MAGIC_TICKET_ADDR_INST) == 0) { - fake = 1; - } - } - } while (fake); - return ret; + ret = real_tf_get_cred (c, NULL); + if (ret) + return ret; + + if(strcmp(c->service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(c->instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time + differential, and then get the next ticket */ + u_int32_t d; + + krb_get_int(c->ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + fake = 1; + } else if (strcmp(c->instance, MAGIC_TICKET_ADDR_INST) == 0) { + fake = 1; + } + } + } while (fake); + return ret; } int tf_get_cred_addr(char *realm, size_t realm_sz, struct in_addr *addr) { - int ret; - int fake; - CREDENTIALS cred; + int ret; + int fake; + CREDENTIALS cred; - do { - fake = 1; + do { + fake = 1; - ret = real_tf_get_cred (&cred); - if (ret) - return ret; - - if(strcmp(cred.service, MAGIC_TICKET_NAME) == 0) { - if(strcmp(cred.instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { - /* we found the magic `time diff' ticket; update the kdc time - differential, and then get the next ticket */ - u_int32_t d; - - krb_get_int(cred.ticket_st.dat, &d, 4, 0); - krb_set_kdc_time_diff(d); - } else if (strcmp(cred.instance, MAGIC_TICKET_ADDR_INST) == 0) { - strlcpy(realm, cred.realm, realm_sz); - memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); - fake = 0; - } - } - } while (fake); - return ret; + ret = real_tf_get_cred (&cred, NULL); + if (ret) + return ret; + + if(strcmp(cred.service, MAGIC_TICKET_NAME) == 0) { + if(strcmp(cred.instance, MAGIC_TICKET_TIME_DIFF_INST) == 0) { + /* we found the magic `time diff' ticket; update the kdc time + differential, and then get the next ticket */ + u_int32_t d; + + krb_get_int(cred.ticket_st.dat, &d, 4, 0); + krb_set_kdc_time_diff(d); + } else if (strcmp(cred.instance, MAGIC_TICKET_ADDR_INST) == 0) { + strlcpy(realm, cred.realm, realm_sz); + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + fake = 0; + } + } + } while (fake); + return ret; } + /* * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is * not a valid file descriptor, it just returns. It also clears the @@ -510,12 +513,12 @@ tf_get_cred_addr(char *realm, size_t realm_sz, struct in_addr *addr) void tf_close(void) { - if (!(fd < 0)) { - flock(fd, LOCK_UN); - close(fd); - fd = -1; /* see declaration of fd above */ - } - memset(tfbfr, 0, sizeof(tfbfr)); + if (fd >= 0) { + flock(fd, LOCK_UN); + close(fd); + fd = -1; /* see declaration of fd above */ + } + memset(tfbfr, 0, sizeof(tfbfr)); } /* @@ -539,28 +542,28 @@ tf_close(void) static int tf_gets(char *s, int n) { - int count; - - if (fd < 0) { - if (krb_debug) - krb_warning ("tf_gets called before tf_init.\n"); - return TKT_FIL_INI; - } - for (count = n - 1; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; + int count; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_gets called before tf_init.\n"); + return TKT_FIL_INI; } - if (curpos == lastpos) { - tf_close(); - return 0; + for (count = n - 1; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s = tfbfr[curpos++]; + if (*s++ == '\0') + return (n - count); } - *s = tfbfr[curpos++]; - if (*s++ == '\0') - return (n - count); - } - tf_close(); - return TOO_BIG; + tf_close(); + return TOO_BIG; } /* @@ -579,23 +582,76 @@ tf_gets(char *s, int n) static int tf_read(void *v, int n) { - char *s = (char *)v; - int count; + char *s = (char *)v; + int count; - for (count = n; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; - } - if (curpos == lastpos) { - tf_close(); - return 0; + for (count = n; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s++ = tfbfr[curpos++]; } - *s++ = tfbfr[curpos++]; - } - return n; + return n; } +/* write a cred at the current position in the ticket file */ + +static int +tf_write_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + int count; /* count for write */ + + /* Write the ticket and associated data */ + /* Service */ + count = strlen(service) + 1; + if (write(fd, service, count) != count) + goto bad; + /* Instance */ + count = strlen(instance) + 1; + if (write(fd, instance, count) != count) + goto bad; + /* Realm */ + count = strlen(realm) + 1; + if (write(fd, realm, count) != count) + goto bad; + /* Session key */ + if (write(fd, session, 8) != 8) + goto bad; + /* Lifetime */ + if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) + goto bad; + /* Key vno */ + if (write(fd, &kvno, sizeof(int)) != sizeof(int)) + goto bad; + /* Tkt length */ + if (write(fd, &(ticket->length), sizeof(int)) != + sizeof(int)) + goto bad; + /* Ticket */ + count = ticket->length; + if (write(fd, ticket->dat, count) != count) + goto bad; + /* Issue date */ + if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) + goto bad; + + return (KSUCCESS); + bad: + return (KFAILURE); +} + /* * tf_save_cred() appends an incoming ticket to the end of the ticket * file. You must call tf_init() before calling tf_save_cred(). @@ -620,53 +676,65 @@ tf_save_cred(char *service, /* Service name */ KTEXT ticket, /* The ticket itself */ u_int32_t issue_date) /* The issue time */ { - int count; /* count for write */ - - if (fd < 0) { /* fd is ticket file as set by tf_init */ - if (krb_debug) - krb_warning ("tf_save_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - /* Find the end of the ticket file */ - lseek(fd, 0L, SEEK_END); - - /* Write the ticket and associated data */ - /* Service */ - count = strlen(service) + 1; - if (write(fd, service, count) != count) - goto bad; - /* Instance */ - count = strlen(instance) + 1; - if (write(fd, instance, count) != count) - goto bad; - /* Realm */ - count = strlen(realm) + 1; - if (write(fd, realm, count) != count) - goto bad; - /* Session key */ - if (write(fd, session, 8) != 8) - goto bad; - /* Lifetime */ - if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) - goto bad; - /* Key vno */ - if (write(fd, &kvno, sizeof(int)) != sizeof(int)) - goto bad; - /* Tkt length */ - if (write(fd, &(ticket->length), sizeof(int)) != - sizeof(int)) - goto bad; - /* Ticket */ - count = ticket->length; - if (write(fd, ticket->dat, count) != count) - goto bad; - /* Issue date */ - if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) - goto bad; - - return (KSUCCESS); -bad: - return (KFAILURE); + if (fd < 0) { /* fd is ticket file as set by tf_init */ + if (krb_debug) + krb_warning ("tf_save_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + /* Find the end of the ticket file */ + lseek(fd, 0L, SEEK_END); + + return tf_write_cred(service, instance, realm, session, + lifetime, kvno, ticket, issue_date); +} + +/* replace the cred in the cache that matches `cred' */ +int +tf_replace_cred(CREDENTIALS *cred) +{ + char dummy[ANAME_SZ]; + CREDENTIALS c; + int ret; + off_t pos; + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_replace_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + if(lseek(fd, 0, SEEK_SET) < 0) + return errno; + curpos = sizeof(tfbfr); + ret = tf_get_pname(dummy); + if(ret) + return ret; + ret = tf_get_pinst(dummy); + if(ret) + return ret; + while(1) { + ret = real_tf_get_cred(&c, &pos); + if(ret == EOF) + break; + else if(ret) + return ret; + if(strcmp(c.service, cred->service) == 0 && + strcmp(c.instance, cred->instance) == 0 && + strcmp(c.realm, cred->realm) == 0) { + memset(&c, 0, sizeof(c)); + if(lseek(fd, pos, SEEK_SET) < 0) + return errno; + return tf_write_cred(cred->service, + cred->instance, + cred->realm, + cred->session, + cred->lifetime, + cred->kvno, + &cred->ticket_st, + cred->issue_date); + } + } + /* at this point tf_get_cred has closed(!) the ticket file, so + it's safe to call save_credentials */ + return save_credentials_cred(cred); } int @@ -707,11 +775,11 @@ tf_setup(CREDENTIALS *cred, const char *pname, const char *pinst) int in_tkt(char *pname, char *pinst) { - int ret; + int ret; - ret = tf_create (tkt_string()); - if (ret != KSUCCESS) - return ret; + ret = tf_create (tkt_string()); + if (ret != KSUCCESS) + return ret; if (tf_put_pname(pname) != KSUCCESS || tf_put_pinst(pinst) != KSUCCESS) { @@ -732,34 +800,34 @@ in_tkt(char *pname, char *pinst) int tf_get_addr (const char *realm, struct in_addr *addr) { - CREDENTIALS cred; - krb_principal princ; - int ret; + CREDENTIALS cred; + krb_principal princ; + int ret; - ret = tf_init (tkt_string (), R_TKT_FIL); - if (ret) - return ret; + ret = tf_init (tkt_string (), R_TKT_FIL); + if (ret) + return ret; - ret = tf_get_pname (princ.name); - if (ret) - goto out; - ret = tf_get_pinst (princ.name); - if (ret) - goto out; - while ((ret = real_tf_get_cred (&cred)) == KSUCCESS) { - if (strcmp (cred.service, MAGIC_TICKET_NAME) == 0 - && strcmp (cred.instance, MAGIC_TICKET_ADDR_INST) == 0 - && (realm == NULL - || strcmp (cred.realm, realm) == 0)) { - memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); - goto out; + ret = tf_get_pname (princ.name); + if (ret) + goto out; + ret = tf_get_pinst (princ.name); + if (ret) + goto out; + while ((ret = real_tf_get_cred (&cred, NULL)) == KSUCCESS) { + if (strcmp (cred.service, MAGIC_TICKET_NAME) == 0 + && strcmp (cred.instance, MAGIC_TICKET_ADDR_INST) == 0 + && (realm == NULL + || strcmp (cred.realm, realm) == 0)) { + memcpy (addr, cred.ticket_st.dat, sizeof(*addr)); + goto out; + } } - } - ret = KFAILURE; + ret = KFAILURE; -out: - tf_close (); - return ret; + out: + tf_close (); + return ret; } /* @@ -769,21 +837,21 @@ out: int tf_store_addr (const char *realm, struct in_addr *addr) { - int ret; - des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 }; - KTEXT_ST t; + int ret; + des_cblock s = { 0, 0, 0, 0, 0, 0, 0, 0 }; + KTEXT_ST t; - ret = tf_init (tkt_string (), W_TKT_FIL); - if (ret) - return ret; + ret = tf_init (tkt_string (), W_TKT_FIL); + if (ret) + return ret; - t.length = sizeof(*addr); - memcpy (t.dat, addr, sizeof(*addr)); + t.length = sizeof(*addr); + memcpy (t.dat, addr, sizeof(*addr)); - ret = tf_save_cred (MAGIC_TICKET_NAME, MAGIC_TICKET_ADDR_INST, - (char *)realm, s, 0, /* lifetime */ - 0, /* kvno */ - &t, time(NULL)); - tf_close (); - return ret; + ret = tf_save_cred (MAGIC_TICKET_NAME, MAGIC_TICKET_ADDR_INST, + (char *)realm, s, 0, /* lifetime */ + 0, /* kvno */ + &t, time(NULL)); + tf_close (); + return ret; } diff --git a/kerberosIV/src/lib/roken/glob.c b/kerberosIV/src/lib/roken/glob.c index 1613fe12939..962a328b016 100644 --- a/kerberosIV/src/lib/roken/glob.c +++ b/kerberosIV/src/lib/roken/glob.c @@ -88,12 +88,16 @@ #include <unistd.h> #endif #ifdef HAVE_LIMITS_H -#include <limits.h> /* Solaris ARG_MAX */ +#include <limits.h> #endif #include "glob.h" #include "roken.h" +#ifndef ARG_MAX +#define ARG_MAX _POSIX_ARG_MAX +#endif + #define CHAR_DOLLAR '$' #define CHAR_DOT '.' #define CHAR_EOS '\0' diff --git a/kerberosIV/src/lib/sl/make_cmds.c b/kerberosIV/src/lib/sl/make_cmds.c index ee14ef2a387..8b1bc4cbbfc 100644 --- a/kerberosIV/src/lib/sl/make_cmds.c +++ b/kerberosIV/src/lib/sl/make_cmds.c @@ -34,7 +34,7 @@ #include "make_cmds.h" #include <getarg.h> -RCSID("$KTH: make_cmds.c,v 1.6 1999/12/02 16:58:55 joda Exp $"); +RCSID("$KTH: make_cmds.c,v 1.7 2001/02/20 01:44:55 assar Exp $"); #include <roken.h> #include <err.h> diff --git a/kerberosIV/src/server/kerberos.c b/kerberosIV/src/server/kerberos.c index 6ddc31365ee..d87a2c575ef 100644 --- a/kerberosIV/src/server/kerberos.c +++ b/kerberosIV/src/server/kerberos.c @@ -9,7 +9,7 @@ #include "config.h" #include "protos.h" -RCSID("$KTH: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $"); +RCSID("$KTH: kerberos.c,v 1.99 2001/09/17 04:42:50 assar Exp $"); /* * If support for really large numbers of network interfaces is @@ -79,7 +79,11 @@ RCSID("$KTH: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $"); #include <roken.h> #include <base64.h> +#ifdef HAVE_OPENSSL +#include <openssl/des.h> +#else #include <des.h> +#endif #include <krb.h> #include <krb_db.h> #include <prot.h> @@ -89,6 +93,10 @@ RCSID("$KTH: kerberos.c,v 1.87.2.3 2000/10/18 20:24:13 assar Exp $"); #include <kdc.h> +#ifdef HAVE_OPENSSL +#define des_new_random_key des_random_key +#endif + static des_key_schedule master_key_schedule; static des_cblock master_key; @@ -103,9 +111,6 @@ static int nflag; /* don't check max age */ static int rflag; /* alternate realm specified */ /* fields within the received request packet */ -static char *req_name_ptr; -static char *req_inst_ptr; -static char *req_realm_ptr; static u_int32_t req_time_ws; static char local_realm[REALM_SZ]; @@ -123,7 +128,7 @@ usage(void) fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]" " [-a max_age] [-l log_file] [-i address_to_listen_on]" " [-r realm] [database_pathname]\n", - __progname); + getprogname()); exit(1); } @@ -141,8 +146,7 @@ kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string) snprintf (e_msg, sizeof(e_msg), "\nKerberos error -- %s", string); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); + cr_err_reply(e_pkt, "", "", "", req_time_ws, err, e_msg); sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client, sizeof(*client)); } @@ -303,7 +307,6 @@ kerberos(unsigned char *buf, int len, msg_type &= ~1; switch(msg_type){ case AUTH_MSG_KDC_REQUEST: - /* XXX range check */ p += krb_get_nir(p, name, sizeof(name), inst, sizeof(inst), realm, sizeof(realm)); @@ -559,7 +562,7 @@ static void mksocket(struct descr *d, struct in_addr addr, int type, const char *service, int port) { - int on = 1; + int on = 1; int sock; memset(d, 0, sizeof(struct descr)); @@ -719,6 +722,14 @@ main(int argc, char **argv) umask(077); /* Create protected files */ +#if defined(HAVE_SRANDOMDEV) + srandomdev(); +#elif defined(HAVE_RANDOM) + srandom(time(NULL)); +#else + srand (time(NULL)); +#endif + while ((c = getopt(argc, argv, "snmp:P:a:l:r:i:")) != -1) { switch(c) { case 's': @@ -856,7 +867,9 @@ main(int argc, char **argv) fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", master_key_version); +#ifndef HAVE_OPENSSL des_init_random_number_generator(&master_key); +#endif if (!rflag) { /* Look up our local realm */ @@ -893,7 +906,8 @@ read_socket(struct descr *n) { int b; struct sockaddr_in from; - int fromlen = sizeof(from); + socklen_t fromlen = sizeof(from); + b = recvfrom(n->s, n->buf.dat + n->buf.length, MAX_PKT_LEN - n->buf.length, 0, (struct sockaddr *)&from, &fromlen); @@ -925,13 +939,13 @@ read_socket(struct descr *n) if(n->buf.length <= 0){ const char *msg = "HTTP/1.1 404 Not found\r\n" - "Server: KTH-KRB/1\r\n" + "Server: KTH-KRB/" VERSION "\r\n" "Content-type: text/html\r\n" "Content-transfer-encoding: 8bit\r\n\r\n" "<TITLE>404 Not found</TITLE>\r\n" "<H1>404 Not found</H1>\r\n" "That page does not exist. Information about " - "<A HREF=\"http://www.pdc.kth.se/kth-krb\">KTH-KRB</A> " + "<A HREF=\"http://www.pdc.kth.se/kth-krb/\">KTH-KRB</A> " "is available elsewhere.\r\n"; fromlen = sizeof(from); if(getpeername(n->s,(struct sockaddr*)&from, &fromlen) == 0) @@ -1041,7 +1055,11 @@ loop(struct descr *fds, int base_nfds) * We are possibly the subject of a DOS attack, pick a TCP * connection at random and drop it. */ +#ifdef HAVE_RANDOM + int r = random() % (nfds - base_nfds); +#else int r = rand() % (nfds - base_nfds); +#endif r = r + base_nfds; FD_CLR(fds[r].s, &readfds); close(fds[r].s); @@ -1078,7 +1096,7 @@ loop(struct descr *fds, int base_nfds) minfree->buf.length = 0; memcpy(&minfree->addr, &n->addr, sizeof(minfree->addr)); } - }else + } else read_socket(n); } } diff --git a/kerberosIV/src/slave/kprop.c b/kerberosIV/src/slave/kprop.c index 9cadbc44cba..23e372610b3 100644 --- a/kerberosIV/src/slave/kprop.c +++ b/kerberosIV/src/slave/kprop.c @@ -19,7 +19,7 @@ provided "as is" without express or implied warranty. #include "slav_locl.h" -RCSID("$KTH: kprop.c,v 1.37 1999/09/16 20:41:59 assar Exp $"); +RCSID("$KTH: kprop.c,v 1.39 2001/08/26 01:46:15 assar Exp $"); #include "kprop.h" @@ -141,6 +141,7 @@ prop_to_slaves(struct slave_host *sl, u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */ struct sockaddr_in sin, my_sin; int i, n, s; + socklen_t sock_len; struct slave_host *cs; /* current slave */ char my_host_name[MaxHostNameLen], *p_my_host_name; char kprop_service_instance[INST_SZ]; @@ -178,13 +179,15 @@ prop_to_slaves(struct slave_host *sl, /* for krb_mk_{priv, safe} */ memset(&my_sin, 0, sizeof my_sin); - n = sizeof my_sin; - if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { + sock_len = sizeof my_sin; + if (getsockname (s, + (struct sockaddr *) &my_sin, + &sock_len) != 0) { warn ("getsockname(%s)", cs->name); close (s); continue; /*** NEXT SLAVE ***/ } - if (n != sizeof (my_sin)) { + if (sock_len != sizeof (my_sin)) { warnx ("can't get socketname %s length", cs->name); close (s); continue; /*** NEXT SLAVE ***/ |