diff options
| -rw-r--r-- | bin/rcp/Makefile | 4 | ||||
| -rw-r--r-- | bin/rcp/rcp.c | 24 | ||||
| -rw-r--r-- | libexec/ftpd/Makefile | 19 | ||||
| -rw-r--r-- | libexec/rlogind/Makefile | 13 | ||||
| -rw-r--r-- | libexec/rlogind/rlogind.c | 149 | ||||
| -rw-r--r-- | libexec/rshd/Makefile | 13 | ||||
| -rw-r--r-- | libexec/rshd/rshd.c | 229 | ||||
| -rw-r--r-- | sbin/mount_nfs/Makefile | 2 | ||||
| -rw-r--r-- | sbin/nfsd/Makefile | 8 | ||||
| -rw-r--r-- | usr.bin/login/Makefile | 21 | ||||
| -rw-r--r-- | usr.bin/passwd/Makefile | 4 | ||||
| -rw-r--r-- | usr.bin/passwd/krb_passwd.c | 12 | ||||
| -rw-r--r-- | usr.bin/rlogin/Makefile | 13 | ||||
| -rw-r--r-- | usr.bin/rlogin/des_rw.c | 24 | ||||
| -rw-r--r-- | usr.bin/rlogin/kcmd.c | 2 | ||||
| -rw-r--r-- | usr.bin/rlogin/krb.h | 53 | ||||
| -rw-r--r-- | usr.bin/rlogin/krcmd.c | 4 | ||||
| -rw-r--r-- | usr.bin/rlogin/rlogin.c | 22 | ||||
| -rw-r--r-- | usr.bin/rsh/Makefile | 12 | ||||
| -rw-r--r-- | usr.bin/rsh/rsh.c | 30 | ||||
| -rw-r--r-- | usr.bin/su/Makefile | 19 | ||||
| -rw-r--r-- | usr.bin/su/su.c | 3 |
22 files changed, 502 insertions, 178 deletions
diff --git a/bin/rcp/Makefile b/bin/rcp/Makefile index 3658d5deab5..b6ca5655cfe 100644 --- a/bin/rcp/Makefile +++ b/bin/rcp/Makefile @@ -7,10 +7,12 @@ BINOWN= root BINMODE=4555 #INSTALLFLAGS=-fschg +.include <bsd.own.mk> # For KERBEROS + .if defined(KERBEROS) .PATH: ${.CURDIR}/../../usr.bin/rlogin SRCS+= krcmd.c kcmd.c -CFLAGS+=-DKERBEROS -DCRYPT +CFLAGS+=-DKERBEROS LDADD+= -lkrb -ldes DPADD+= ${LIBKRB} ${LIBDES} .endif diff --git a/bin/rcp/rcp.c b/bin/rcp/rcp.c index 5f92a5139d6..2e7b51729e9 100644 --- a/bin/rcp/rcp.c +++ b/bin/rcp/rcp.c @@ -82,13 +82,9 @@ int use_kerberos = 1; CREDENTIALS cred; Key_schedule schedule; extern char *krb_realmofhost(); -#ifdef CRYPT int doencrypt = 0; #define OPTIONS "dfKk:prtx" #else -#define OPTIONS "dfKk:prt" -#endif -#else #define OPTIONS "dfprt" #endif @@ -135,13 +131,11 @@ main(argc, argv) dest_realm = dst_realm_buf; (void)strncpy(dst_realm_buf, optarg, REALM_SZ); break; -#ifdef CRYPT case 'x': doencrypt = 1; /* des_set_key(cred.session, schedule); */ break; #endif -#endif case 'p': pflag = 1; break; @@ -169,11 +163,7 @@ main(argc, argv) #ifdef KERBEROS if (use_kerberos) { -#ifdef CRYPT shell = doencrypt ? "ekshell" : "kshell"; -#else - shell = "kshell"; -#endif if ((sp = getservbyname(shell, "tcp")) == NULL) { use_kerberos = 0; oldw("can't get entry for %s/tcp service", shell); @@ -216,11 +206,7 @@ main(argc, argv) #ifdef KERBEROS (void)snprintf(cmd, sizeof(cmd), "rcp%s%s%s%s", iamrecursive ? " -r" : "", -#ifdef CRYPT (doencrypt && use_kerberos ? " -x" : ""), -#else - "", -#endif pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); #else (void)snprintf(cmd, sizeof(cmd), "rcp%s%s%s", @@ -785,11 +771,9 @@ again: if (dest_realm == NULL) dest_realm = krb_realmofhost(*host); rem = -#ifdef CRYPT doencrypt ? krcmd_mutual(host, port, user, bp, 0, dest_realm, &cred, schedule) : -#endif krcmd(host, port, user, bp, 0, dest_realm); if (rem < 0) { @@ -804,11 +788,9 @@ again: goto again; } } else { -#ifdef CRYPT if (doencrypt) errx(1, "the -x option requires Kerberos authentication"); -#endif rem = rcmd(host, port, locuser, user, bp, 0); } return (rem); @@ -852,16 +834,10 @@ void usage() { #ifdef KERBEROS -#ifdef CRYPT (void)fprintf(stderr, "%s\n\t%s\n", "usage: rcp [-Kpx] [-k realm] f1 f2", "or: rcp [-Kprx] [-k realm] f1 ... fn directory"); #else - (void)fprintf(stderr, "%s\n\t%s\n", - "usage: rcp [-Kp] [-k realm] f1 f2", - "or: rcp [-Kpr] [-k realm] f1 ... fn directory"); -#endif -#else (void)fprintf(stderr, "usage: rcp [-p] f1 f2; or: rcp [-pr] f1 ... fn directory\n"); #endif diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile index 3b0e1ca2044..8418ba7553a 100644 --- a/libexec/ftpd/Makefile +++ b/libexec/ftpd/Makefile @@ -2,20 +2,29 @@ # @(#)Makefile 8.2 (Berkeley) 4/4/94 PROG= ftpd -CFLAGS+=-DHASSETPROCTITLE -DSKEY +CFLAGS+=-DHASSETPROCTITLE SRCS= ftpd.c ftpcmd.c logwtmp.c popen.c MAN= ftpd.8 CLEANFILES+=ftpcmd.c y.tab.h -.PATH: ${.CURDIR}/../../usr.bin/ftp ${.CURDIR}/../../usr.bin/login +.PATH: ${.CURDIR}/../../usr.bin/ftp -LDADD+= -lcrypt -lskey -DPADD+= ${LIBCRYPT} ${LIBSKEY} +LDADD+= -lcrypt +DPADD+= ${LIBCRYPT} + +.include <bsd.own.mk> + +.if defined(SKEY) +CFLAGS+=-DSKEY +LDADD+= -lskey +DPADD+= ${LIBSKEY} +.endif .if defined(KERBEROS) SRCS+= klogin.c +.PATH: ${.CURDIR}/../../usr.bin/login CFLAGS+= -DKERBEROS LDADD+= -lkrb -ldes -DPADD+= ${LIBKRB} ${LIBDES} +DPADD+= ${LIBKRB} ${LIBKRB} .endif .include <bsd.prog.mk> diff --git a/libexec/rlogind/Makefile b/libexec/rlogind/Makefile index c98815a14bf..c719007b79e 100644 --- a/libexec/rlogind/Makefile +++ b/libexec/rlogind/Makefile @@ -1,9 +1,20 @@ # from: @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $Id: Makefile,v 1.1 1995/10/18 08:43:20 deraadt Exp $ +# $Id: Makefile,v 1.2 1995/12/16 22:20:19 tholo Exp $ PROG= rlogind +SRCS= rlogind.c MAN= rlogind.8 DPADD= ${LIBUTIL} LDADD= -lutil +.include <bsd.own.mk> # For KERBEROS + +.if defined(KERBEROS) +SRCS= rlogind.c des_rw.c +.PATH: ${.CURDIR}/../../usr.bin/rlogin +CFLAGS+=-DKERBEROS +DPADD+= ${LIBKRB} ${LIBKRB} +LDADD+= -lkrb -ldes +.endif + .include <bsd.prog.mk> diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c index 79469c87466..c4dd9550626 100644 --- a/libexec/rlogind/rlogind.c +++ b/libexec/rlogind/rlogind.c @@ -39,7 +39,7 @@ static char copyright[] = #ifndef lint /* from: static char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; */ -static char *rcsid = "$Id: rlogind.c,v 1.1 1995/10/18 08:43:20 deraadt Exp $"; +static char *rcsid = "$Id: rlogind.c,v 1.2 1995/12/16 22:20:20 tholo Exp $"; #endif /* not lint */ /* @@ -78,7 +78,22 @@ static char *rcsid = "$Id: rlogind.c,v 1.1 1995/10/18 08:43:20 deraadt Exp $"; #define TIOCPKT_WINDOW 0x80 #endif +#ifdef KERBEROS +#include <kerberosIV/des.h> +#include <kerberosIV/krb.h> +#define SECURE_MESSAGE "This rlogin session is using DES encryption for all transmissions.\r\n" + +AUTH_DAT *kdata; +KTEXT ticket; +u_char auth_buf[sizeof(AUTH_DAT)]; +u_char tick_buf[sizeof(KTEXT_ST)]; +Key_schedule schedule; +int doencrypt, retval, use_kerberos, vacuous; + +#define ARGSTR "alnkvx" +#else #define ARGSTR "aln" +#endif /* KERBEROS */ char *env[2]; #define NMAX 30 @@ -126,6 +141,17 @@ main(argc, argv) case 'n': keepalive = 0; break; +#ifdef KERBEROS + case 'k': + use_kerberos = 1; + break; + case 'v': + vacuous = 1; + break; + case 'x': + doencrypt = 1; + break; +#endif case '?': default: usage(); @@ -134,6 +160,12 @@ main(argc, argv) argc -= optind; argv += optind; +#ifdef KERBEROS + if (use_kerberos && vacuous) { + usage(); + fatal(STDERR_FILENO, "only one of -k and -v allowed", 0); + } +#endif fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { syslog(LOG_ERR,"Can't get peer name of remote host: %m"); @@ -173,6 +205,10 @@ doit(f, fromp) if (c != 0) exit(1); +#ifdef KERBEROS + if (vacuous) + fatal(f, "Remote host requires Kerberos authentication", 0); +#endif alarm(0); fromp->sin_port = ntohs((u_short)fromp->sin_port); @@ -183,6 +219,17 @@ doit(f, fromp) else (void)strcpy(hostname, inet_ntoa(fromp->sin_addr)); +#ifdef KERBEROS + if (use_kerberos) { + retval = do_krb_login(fromp); + if (retval == 0) + authenticated++; + else if (retval > 0) + fatal(f, krb_err_txt[retval], 0); + write(f, &c, 1); + confirmed = 1; /* we sent the null! */ + } else +#endif { if (fromp->sin_family != AF_INET || fromp->sin_port >= IPPORT_RESERVED || @@ -226,6 +273,10 @@ doit(f, fromp) write(f, "", 1); confirmed = 1; /* we sent the null! */ } +#ifdef KERBEROS + if (doencrypt) + (void) des_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE) - 1); +#endif netf = f; pid = forkpty(&master, line, NULL, &win); @@ -240,6 +291,13 @@ doit(f, fromp) (void) close(f); setup_term(0); if (authenticated) { +#ifdef KERBEROS + if (use_kerberos && (pwd->pw_uid == 0)) + syslog(LOG_INFO|LOG_AUTH, + "ROOT Kerberos login from %s.%s@%s on %s\n", + kdata->pname, kdata->pinst, kdata->prealm, + hostname); +#endif execl(_PATH_LOGIN, "login", "-p", "-h", hostname, "-f", lusername, (char *)NULL); @@ -249,6 +307,14 @@ doit(f, fromp) fatal(STDERR_FILENO, _PATH_LOGIN, 1); /*NOTREACHED*/ } +#ifdef KERBEROS + /* + * If encrypted, don't turn on NBIO or the des read/write + * routines will croak. + */ + + if (!doencrypt) +#endif ioctl(f, FIONBIO, &on); ioctl(master, FIONBIO, &on); ioctl(master, TIOCPKT, &on); @@ -355,6 +421,11 @@ protocol(f, p) } } if (FD_ISSET(f, &ibits)) { +#ifdef KERBEROS + if (doencrypt) + fcc = des_read(f, fibuf, sizeof(fibuf)); + else +#endif fcc = read(f, fibuf, sizeof(fibuf)); if (fcc < 0 && errno == EWOULDBLOCK) fcc = 0; @@ -401,6 +472,9 @@ protocol(f, p) break; else if (pibuf[0] == 0) { pbp++, pcc--; +#ifdef KERBEROS + if (!doencrypt) +#endif FD_SET(f, &obits); /* try write */ } else { if (pkcontrol(pibuf[0])) { @@ -411,6 +485,11 @@ protocol(f, p) } } if ((FD_ISSET(f, &obits)) && pcc > 0) { +#ifdef KERBEROS + if (doencrypt) + cc = des_write(f, pbp, pcc); + else +#endif cc = write(f, pbp, pcc); if (cc < 0 && errno == EWOULDBLOCK) { /* @@ -549,11 +628,79 @@ setup_term(fd) environ = env; } +#ifdef KERBEROS +#define VERSION_SIZE 9 + +/* + * Do the remote kerberos login to the named host with the + * given inet address + * + * Return 0 on valid authorization + * Return -1 on valid authentication, no authorization + * Return >0 for error conditions + */ +int +do_krb_login(dest) + struct sockaddr_in *dest; +{ + int rc; + char instance[INST_SZ], version[VERSION_SIZE]; + long authopts = 0L; /* !mutual */ + struct sockaddr_in faddr; + + kdata = (AUTH_DAT *) auth_buf; + ticket = (KTEXT) tick_buf; + + instance[0] = '*'; + instance[1] = '\0'; + + if (doencrypt) { + rc = sizeof(faddr); + if (getsockname(0, (struct sockaddr *)&faddr, &rc)) + return (-1); + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, &faddr, + kdata, "", schedule, version); + des_set_key(&kdata->session, schedule); + + } else + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, (struct sockaddr_in *) 0, + kdata, "", (bit_64 *) 0, version); + + if (rc != KSUCCESS) + return (rc); + + getstr(lusername, sizeof(lusername), "locuser"); + /* get the "cmd" in the rcmd protocol */ + getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type"); + + pwd = getpwnam(lusername); + if (pwd == NULL) + return (-1); + + /* returns nonzero for no access */ + if (kuserok(kdata, lusername) != 0) + return (-1); + + return (0); + +} +#endif /* KERBEROS */ void usage() { +#ifdef KERBEROS + syslog(LOG_ERR, "usage: rlogind [-aln] [-k | -v]"); +#else syslog(LOG_ERR, "usage: rlogind [-aln]"); +#endif } /* diff --git a/libexec/rshd/Makefile b/libexec/rshd/Makefile index 39a3eb2e302..07db1e49e19 100644 --- a/libexec/rshd/Makefile +++ b/libexec/rshd/Makefile @@ -1,7 +1,18 @@ # from: @(#)Makefile 8.1 (Berkeley) 6/4/93 -# $Id: Makefile,v 1.1 1995/10/18 08:43:22 deraadt Exp $ +# $Id: Makefile,v 1.2 1995/12/16 22:20:22 tholo Exp $ PROG= rshd +SRCS= rshd.c MAN= rshd.8 +.include <bsd.own.mk> + +.if defined(KERBEROS) +SRCS+= des_rw.c +.PATH: ${.CURDIR}/../../usr.bin/rlogin +CFLAGS+=-DKERBEROS +DPADD+= ${LIBKRB} ${LIBDES} +LDADD+= -lkrb -ldes +.endif + .include <bsd.prog.mk> diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c index 029bd5bfc12..d85fc68faa9 100644 --- a/libexec/rshd/rshd.c +++ b/libexec/rshd/rshd.c @@ -39,7 +39,7 @@ static char copyright[] = #ifndef lint /* from: static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; */ -static char *rcsid = "$Id: rshd.c,v 1.2 1995/11/20 09:38:09 deraadt Exp $"; +static char *rcsid = "$Id: rshd.c,v 1.3 1995/12/16 22:20:23 tholo Exp $"; #endif /* not lint */ /* @@ -82,7 +82,19 @@ int local_domain __P((char *)); char *topdomain __P((char *)); void usage __P((void)); +#ifdef KERBEROS +#include <kerberosIV/des.h> +#include <kerberosIV/krb.h> +#define VERSION_SIZE 9 +#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" +#define OPTIONS "alnkvxL" +char authbuf[sizeof(AUTH_DAT)]; +char tickbuf[sizeof(KTEXT_ST)]; +int doencrypt, use_kerberos, vacuous; +Key_schedule schedule; +#else #define OPTIONS "alnL" +#endif int main(argc, argv) @@ -108,6 +120,21 @@ main(argc, argv) case 'n': keepalive = 0; break; +#ifdef KERBEROS + case 'k': + use_kerberos = 1; + break; + + case 'v': + vacuous = 1; + break; + +#ifdef CRYPT + case 'x': + doencrypt = 1; + break; +#endif +#endif case 'L': log_success = 1; break; @@ -120,6 +147,18 @@ main(argc, argv) argc -= optind; argv += optind; +#ifdef KERBEROS + if (use_kerberos && vacuous) { + syslog(LOG_ERR, "only one of -k and -v allowed"); + exit(2); + } +#ifdef CRYPT + if (doencrypt && !use_kerberos) { + syslog(LOG_ERR, "-k is required for -x"); + exit(2); + } +#endif +#endif fromlen = sizeof (from); if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { @@ -164,6 +203,18 @@ doit(fromp) char remotehost[2 * MAXHOSTNAMELEN + 1]; char hostnamebuf[2 * MAXHOSTNAMELEN + 1]; +#ifdef KERBEROS + AUTH_DAT *kdata = (AUTH_DAT *) NULL; + KTEXT ticket = (KTEXT) NULL; + char instance[INST_SZ], version[VERSION_SIZE]; + struct sockaddr_in fromaddr; + int rc; + long authopts; + int pv1[2], pv2[2]; + fd_set wready, writeto; + + fromaddr = *fromp; +#endif (void) signal(SIGINT, SIG_DFL); (void) signal(SIGQUIT, SIG_DFL); @@ -210,6 +261,9 @@ doit(fromp) } #endif +#ifdef KERBEROS + if (!use_kerberos) +#endif if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) { syslog(LOG_NOTICE|LOG_AUTH, @@ -242,6 +296,9 @@ doit(fromp) syslog(LOG_ERR, "can't get stderr port: %m"); exit(1); } +#ifdef KERBEROS + if (!use_kerberos) +#endif if (port >= IPPORT_RESERVED) { syslog(LOG_ERR, "2nd port not reserved\n"); exit(1); @@ -253,6 +310,12 @@ doit(fromp) } } +#ifdef KERBEROS + if (vacuous) { + error("rshd: remote host requires Kerberos authentication\n"); + exit(1); + } +#endif #ifdef notdef /* from inetd, socket is already on 0, 1, 2 */ @@ -271,6 +334,9 @@ doit(fromp) * address corresponds to the name. */ hostname = hp->h_name; +#ifdef KERBEROS + if (!use_kerberos) +#endif if (check_all || local_domain(hp->h_name)) { strncpy(remotehost, hp->h_name, sizeof(remotehost) - 1); remotehost[sizeof(remotehost) - 1] = 0; @@ -310,6 +376,42 @@ doit(fromp) sizeof(hostnamebuf) - 1); hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; +#ifdef KERBEROS + if (use_kerberos) { + kdata = (AUTH_DAT *) authbuf; + ticket = (KTEXT) tickbuf; + authopts = 0L; + strcpy(instance, "*"); + version[VERSION_SIZE - 1] = '\0'; +#ifdef CRYPT + if (doencrypt) { + struct sockaddr_in local_addr; + rc = sizeof(local_addr); + if (getsockname(0, (struct sockaddr *)&local_addr, + &rc) < 0) { + syslog(LOG_ERR, "getsockname: %m"); + error("rlogind: getsockname: %m"); + exit(1); + } + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth(authopts, 0, ticket, + "rcmd", instance, &fromaddr, + &local_addr, kdata, "", schedule, + version); + des_set_key(kdata->session, schedule); + } else +#endif + rc = krb_recvauth(authopts, 0, ticket, "rcmd", + instance, &fromaddr, + (struct sockaddr_in *) 0, + kdata, "", (bit_64 *) 0, version); + if (rc != KSUCCESS) { + error("Kerberos authentication failure: %s\n", + krb_err_txt[rc]); + exit(1); + } + } else +#endif getstr(remuser, sizeof(remuser), "remuser"); getstr(locuser, sizeof(locuser), "locuser"); @@ -335,6 +437,19 @@ doit(fromp) #endif } +#ifdef KERBEROS + if (use_kerberos) { + if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { + if (kuserok(kdata, locuser) != 0) { + syslog(LOG_INFO|LOG_AUTH, + "Kerberos rsh denied to %s.%s@%s", + kdata->pname, kdata->pinst, kdata->prealm); + error("Permission denied.\n"); + exit(1); + } + } + } else +#endif if (errorstr || pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, @@ -368,12 +483,37 @@ fail: error("Can't make pipe.\n"); exit(1); } +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) { + if (pipe(pv1) < 0) { + error("Can't make 2nd pipe.\n"); + exit(1); + } + if (pipe(pv2) < 0) { + error("Can't make 3rd pipe.\n"); + exit(1); + } + } +#endif +#endif pid = fork(); if (pid == -1) { error("Can't fork; try again.\n"); exit(1); } if (pid) { +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) { + static char msg[] = SECURE_MESSAGE; + (void) close(pv1[1]); + (void) close(pv2[1]); + des_write(s, msg, sizeof(msg) - 1); + + } else +#endif +#endif { (void) close(0); (void) close(1); @@ -388,17 +528,47 @@ fail: nfd = pv[0]; else nfd = s; +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) { + FD_ZERO(&writeto); + FD_SET(pv2[0], &writeto); + FD_SET(pv1[0], &readfrom); + + nfd = MAX(nfd, pv2[0]); + nfd = MAX(nfd, pv1[0]); + } else +#endif +#endif ioctl(pv[0], FIONBIO, (char *)&one); /* should set s nbio! */ nfd++; do { ready = readfrom; +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) { + wready = writeto; + if (select(nfd, &ready, + &wready, (fd_set *) 0, + (struct timeval *) 0) < 0) + break; + } else +#endif +#endif if (select(nfd, &ready, (fd_set *)0, (fd_set *)0, (struct timeval *)0) < 0) break; if (FD_ISSET(s, &ready)) { int ret; +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) + ret = des_read(s, &sig, 1); + else +#endif +#endif ret = read(s, &sig, 1); if (ret <= 0) FD_CLR(s, &readfrom); @@ -412,18 +582,67 @@ fail: shutdown(s, 1+1); FD_CLR(pv[0], &readfrom); } else { +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) + (void) + des_write(s, buf, cc); + else +#endif +#endif (void) write(s, buf, cc); } } +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt && FD_ISSET(pv1[0], &ready)) { + errno = 0; + cc = read(pv1[0], buf, sizeof(buf)); + if (cc <= 0) { + shutdown(pv1[0], 1+1); + FD_CLR(pv1[0], &readfrom); + } else + (void) des_write(STDOUT_FILENO, + buf, cc); + } + + if (doencrypt && FD_ISSET(pv2[0], &wready)) { + errno = 0; + cc = des_read(STDIN_FILENO, + buf, sizeof(buf)); + if (cc <= 0) { + shutdown(pv2[0], 1+1); + FD_CLR(pv2[0], &writeto); + } else + (void) write(pv2[0], buf, cc); + } +#endif +#endif } while (FD_ISSET(s, &readfrom) || +#ifdef CRYPT +#ifdef KERBEROS + (doencrypt && FD_ISSET(pv1[0], &readfrom)) || +#endif +#endif FD_ISSET(pv[0], &readfrom)); exit(0); } setpgrp(0, getpid()); (void) close(s); (void) close(pv[0]); +#ifdef CRYPT +#ifdef KERBEROS + if (doencrypt) { + close(pv1[0]); close(pv2[0]); + dup2(pv1[1], 1); + dup2(pv2[1], 0); + close(pv1[1]); + close(pv2[1]); + } +#endif +#endif dup2(pv[1], 2); close(pv[1]); } @@ -448,6 +667,14 @@ fail: cp = pwd->pw_shell; endpwent(); if (log_success || pwd->pw_uid == 0) { +#ifdef KERBEROS + if (use_kerberos) + syslog(LOG_INFO|LOG_AUTH, + "Kerberos shell from %s.%s@%s on %s as %s, cmd='%.80s'", + kdata->pname, kdata->pinst, kdata->prealm, + hostname, locuser, cmdbuf); + else +#endif syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", remuser, hostname, locuser, cmdbuf); } diff --git a/sbin/mount_nfs/Makefile b/sbin/mount_nfs/Makefile index 09389c818a3..9d78b197d97 100644 --- a/sbin/mount_nfs/Makefile +++ b/sbin/mount_nfs/Makefile @@ -9,6 +9,8 @@ MOUNT= ${.CURDIR}/../mount CFLAGS+= -DNFS -I${MOUNT} .PATH: ${MOUNT} +.include <bsd.own.mk> # For KERBEROS + .if defined(KERBEROS) CFLAGS+=-DKERBEROS DPADD+= ${LIBKRB} ${LIBDES} diff --git a/sbin/nfsd/Makefile b/sbin/nfsd/Makefile index 700c65bf44b..4326e4e5417 100644 --- a/sbin/nfsd/Makefile +++ b/sbin/nfsd/Makefile @@ -4,4 +4,12 @@ PROG= nfsd MAN= nfsd.8 +.include <bsd.own.mk> # For KERBEROS + +.if defined(KERBEROS) +CFLAGS+=-DKERBEROS +LDADD+= -lkrb -ldes +DPADD+= ${LIBKRB} ${LIBDES} +.endif + .include <bsd.prog.mk> diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile index aa470331c52..e1f6c0243f6 100644 --- a/usr.bin/login/Makefile +++ b/usr.bin/login/Makefile @@ -3,20 +3,27 @@ PROG= login SRCS= login.c -DPADD= ${LIBUTIL} ${LIBCRYPT} ${LIBSKEY} -LDADD= -lutil -lcrypt -lskey -CFLAGS+= -DSKEY +LDADD= -lutil -lcrypt +DPADD= ${LIBUTIL} ${LIBCRYPT} + +.include <bsd.own.mk> # For SKEY, KERBEROS and KERBEROS5 + +.if defined(SKEY) +CFLAGS+=-DSKEY +LDADD+= -lskey +DPADD+= ${LIBSKEY} +.endif .if defined(KERBEROS5) +CFLAGS+= -DKERBEROS5 SRCS+= k5login.c -DPADD+= ${LIBKRB5} ${LIBCRYPTO} LDADD+= -lkrb5 -lcrypto -CFLAGS+= -DKERBEROS5 +DPADD+= ${LIBKRB5} ${LIBCRYPTO} .elif defined(KERBEROS) +CFLAGS+= -DKERBEROS SRCS+= klogin.c -DPADD+= ${LIBKRB} ${LIBDES} LDADD+= -lkrb -ldes -CFLAGS+= -DKERBEROS +DPADD+= ${LIBKRB} ${LIBDES} .endif BINOWN= root diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile index fa592b007a0..872bc73b8a0 100644 --- a/usr.bin/passwd/Makefile +++ b/usr.bin/passwd/Makefile @@ -1,5 +1,5 @@ # from: @(#)Makefile 5.11 (Berkeley) 2/19/91 -# $Id: Makefile,v 1.1 1995/10/18 08:45:53 deraadt Exp $ +# $Id: Makefile,v 1.2 1995/12/16 22:20:28 tholo Exp $ PROG= passwd SRCS= local_passwd.c yp_passwd.c passwd.c pw_copy.c pw_util.c getpwent.c @@ -16,7 +16,7 @@ DPADD+= ${LIBKRB5} ${LIBCRYPTO} LDADD+= -lkrb5 -lcrypto .elif defined(KERBEROS) SRCS+= krb_passwd.c des_rw.c -CFLAGS+= -DKERBEROS -DCRYPT +CFLAGS+= -DKERBEROS DPADD+= ${LIBKRB} ${LIBDES} LDADD+= -lkrb -ldes .endif diff --git a/usr.bin/passwd/krb_passwd.c b/usr.bin/passwd/krb_passwd.c index 2cfc032ce02..57ee41e90d3 100644 --- a/usr.bin/passwd/krb_passwd.c +++ b/usr.bin/passwd/krb_passwd.c @@ -33,7 +33,7 @@ #ifndef lint /*static char sccsid[] = "from: @(#)krb_passwd.c 5.4 (Berkeley) 3/1/91";*/ -static char rcsid[] = "$Id: krb_passwd.c,v 1.1 1995/10/18 08:45:53 deraadt Exp $"; +static char rcsid[] = "$Id: krb_passwd.c,v 1.2 1995/12/16 22:20:29 tholo Exp $"; #endif /* not lint */ #ifdef KERBEROS @@ -166,9 +166,9 @@ krb_passwd() return(1); } - (void)des_string_to_key(pass, okey); - (void)des_key_sched(okey, osched); - (void)des_set_key(okey, osched); + (void)des_string_to_key(pass, &okey); + (void)des_key_sched(&okey, osched); + (void)des_set_key(&okey, osched); /* wait on the verification string */ @@ -211,8 +211,8 @@ krb_passwd() return(1); } - (void)des_key_sched(proto_data.random_key, random_schedule); - (void)des_set_key(proto_data.random_key, random_schedule); + (void)des_key_sched(&proto_data.random_key, random_schedule); + (void)des_set_key(&proto_data.random_key, random_schedule); (void)bzero(pass, sizeof(pass)); if (des_read_pw_string(pass, diff --git a/usr.bin/rlogin/Makefile b/usr.bin/rlogin/Makefile index b53f6bd52bc..898c81b0a13 100644 --- a/usr.bin/rlogin/Makefile +++ b/usr.bin/rlogin/Makefile @@ -3,12 +3,17 @@ PROG= rlogin SRCS= rlogin.c -#SRCS+= krcmd.c kcmd.c des_rw.c -#DPADD= ${LIBKRB} ${LIBDES} -#CFLAGS+=-DKERBEROS -DCRYPT -#LDADD= -lkrb -ldes BINOWN= root BINMODE=4555 #INSTALLFLAGS=-fschg +.include <bsd.own.mk> + +.if defined(KERBEROS) +CFLAGS+=-DKERBEROS +SRCS+= krcmd.c kcmd.c des_rw.c +LDADD+= -lkrb -ldes +DPADD+= ${LIBKRB} ${LIBDES} +.endif + .include <bsd.prog.mk> diff --git a/usr.bin/rlogin/des_rw.c b/usr.bin/rlogin/des_rw.c index 592e5ba7cd7..f8a326205b7 100644 --- a/usr.bin/rlogin/des_rw.c +++ b/usr.bin/rlogin/des_rw.c @@ -41,7 +41,6 @@ static char rcsid[] = "$NetBSD: des_rw.c,v 1.2 1995/03/21 07:58:30 cgd Exp $"; #endif #endif /* not lint */ -#ifdef CRYPT #ifdef KERBEROS #include <sys/param.h> @@ -53,9 +52,9 @@ static char rcsid[] = "$NetBSD: des_rw.c,v 1.2 1995/03/21 07:58:30 cgd Exp $"; #include <time.h> #include <unistd.h> -static unsigned char des_inbuf[10240], storage[10240], *store_ptr; -static bit_64 *key; -static u_char *key_schedule; +static des_cblock des_inbuf[10240], storage[10240], *store_ptr; +static des_cblock *key; +static des_key_schedule key_schedule; /* XXX these should be in a kerberos include file */ int krb_net_read __P((int, char *, int)); @@ -80,13 +79,15 @@ int des_pcbc_encrypt __P((des_cblock *, des_cblock *, long, * and the insched is the DES Key unwrapped for faster decryption */ -void +int des_set_key(inkey, insched) - bit_64 *inkey; - u_char *insched; + des_cblock *inkey; + des_key_schedule insched; { key = inkey; - key_schedule = insched; + bcopy(insched, key_schedule, sizeof(key_schedule)); + + return 0; } void @@ -166,7 +167,7 @@ des_read(fd, buf, len) return(nreturned); } -static unsigned char des_outbuf[10240]; /* > longest write */ +static des_cblock des_outbuf[10240]; /* > longest write */ int des_write(fd, buf, len) @@ -175,7 +176,7 @@ des_write(fd, buf, len) int len; { static int seeded = 0; - static char garbage_buf[8]; + static des_cblock garbage_buf[8]; long net_len, garbage; if(len < 8) { @@ -191,7 +192,7 @@ des_write(fd, buf, len) } /* pcbc_encrypt outputs in 8-byte (64 bit) increments */ - (void) des_pcbc_encrypt((len < 8) ? garbage_buf : buf, + (void) des_pcbc_encrypt((len < 8) ? garbage_buf : (des_cblock *)buf, des_outbuf, (len < 8) ? 8 : len, key_schedule, /* DES key */ @@ -206,4 +207,3 @@ des_write(fd, buf, len) return(len); } #endif /* KERBEROS */ -#endif /* CRYPT */ diff --git a/usr.bin/rlogin/kcmd.c b/usr.bin/rlogin/kcmd.c index 16772d4e251..0863bafd2ac 100644 --- a/usr.bin/rlogin/kcmd.c +++ b/usr.bin/rlogin/kcmd.c @@ -64,8 +64,6 @@ static char rcsid[] = "$NetBSD: kcmd.c,v 1.2 1995/03/21 07:58:32 cgd Exp $"; #include <string.h> #include <unistd.h> -#include "krb.h" - #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 64 #endif diff --git a/usr.bin/rlogin/krb.h b/usr.bin/rlogin/krb.h deleted file mode 100644 index f40cdb6dd93..00000000000 --- a/usr.bin/rlogin/krb.h +++ /dev/null @@ -1,53 +0,0 @@ -/* $NetBSD: krb.h,v 1.2 1995/03/21 07:58:34 cgd Exp $ */ - -/*- - * Copyright (c) 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)krb.h 8.1 (Berkeley) 6/6/93 - */ - -/* - * XXX - * These should be in a kerberos include file. - */ -void des_clear_key __P(()); -int des_read __P((int, char *, int)); -void des_set_key __P((C_Block, Key_schedule)); -int des_write __P((int, char *, int)); -int krb_net_read __P((int, char *, int)); -char *krb_realmofhost __P((char *)); -int krb_sendauth __P((long, int, KTEXT, char *, char *, char *, - u_long, MSG_DAT *, CREDENTIALS *, Key_schedule, - struct sockaddr_in *, struct sockaddr_in *, char *)); -int krcmd __P((char **, u_short, char *, char *, int *, char *)); -int krcmd_mutual __P((char **, u_short, char *, char *, int *, - char *, CREDENTIALS *, Key_schedule)); diff --git a/usr.bin/rlogin/krcmd.c b/usr.bin/rlogin/krcmd.c index 5bcbb4c3312..f40e9e3145b 100644 --- a/usr.bin/rlogin/krcmd.c +++ b/usr.bin/rlogin/krcmd.c @@ -52,9 +52,7 @@ static char rcsid[] = "$NetBSD: krcmd.c,v 1.2 1995/03/21 07:58:36 cgd Exp $"; #ifdef KERBEROS #include <sys/types.h> -#ifdef CRYPT #include <sys/socket.h> -#endif #include <netinet/in.h> @@ -115,7 +113,6 @@ krcmd(ahost, rport, remuser, cmd, fd2p, realm) return(sock); } -#ifdef CRYPT int krcmd_mutual(ahost, rport, remuser, cmd, fd2p, realm, cred, sched) char **ahost; @@ -160,5 +157,4 @@ krcmd_mutual(ahost, rport, remuser, cmd, fd2p, realm, cred, sched) return (-1); return(sock); } -#endif /* CRYPT */ #endif /* KERBEROS */ diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c index 8c93cd8f5c1..aa75a2d14ce 100644 --- a/usr.bin/rlogin/rlogin.c +++ b/usr.bin/rlogin/rlogin.c @@ -83,8 +83,6 @@ static char rcsid[] = "$NetBSD: rlogin.c,v 1.8 1995/10/05 09:07:22 mycroft Exp $ #include <kerberosIV/des.h> #include <kerberosIV/krb.h> -#include "krb.h" - CREDENTIALS cred; Key_schedule schedule; int use_kerberos = 1, doencrypt; @@ -212,14 +210,12 @@ main(argc, argv) case 'l': user = optarg; break; -#ifdef CRYPT #ifdef KERBEROS case 'x': doencrypt = 1; - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); break; #endif -#endif case '?': default: usage(); @@ -298,12 +294,10 @@ try_connect: if (dest_realm == NULL) dest_realm = krb_realmofhost(host); -#ifdef CRYPT if (doencrypt) rem = krcmd_mutual(&host, sp->s_port, user, term, 0, dest_realm, &cred, schedule); else -#endif /* CRYPT */ rem = krcmd(&host, sp->s_port, user, term, 0, dest_realm); if (rem < 0) { @@ -321,13 +315,11 @@ try_connect: goto try_connect; } } else { -#ifdef CRYPT if (doencrypt) { (void)fprintf(stderr, "rlogin: the -x flag requires Kerberos authentication.\n"); exit(1); } -#endif /* CRYPT */ rem = rcmd(&host, sp->s_port, pw->pw_name, user, term, 0); } #else @@ -506,18 +498,15 @@ writer() continue; } if (c != escapechar) -#ifdef CRYPT #ifdef KERBEROS if (doencrypt) (void)des_write(rem, (char *)&escapechar, 1); else #endif -#endif (void)write(rem, &escapechar, 1); } -#ifdef CRYPT #ifdef KERBEROS if (doencrypt) { if (des_write(rem, &c, 1) == 0) { @@ -526,7 +515,6 @@ writer() } } else #endif -#endif if (write(rem, &c, 1) == 0) { msg("line gone"); break; @@ -610,13 +598,11 @@ sendwindow() wp->ws_xpixel = htons(winsize.ws_xpixel); wp->ws_ypixel = htons(winsize.ws_ypixel); -#ifdef CRYPT #ifdef KERBEROS if(doencrypt) (void)des_write(rem, obuf, sizeof(obuf)); else #endif -#endif (void)write(rem, obuf, sizeof(obuf)); } @@ -747,13 +733,11 @@ reader(omask) rcvcnt = 0; rcvstate = READING; -#ifdef CRYPT #ifdef KERBEROS if (doencrypt) rcvcnt = des_read(rem, rcvbuf, sizeof(rcvbuf)); else #endif -#endif rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); if (rcvcnt == 0) return (0); @@ -851,12 +835,8 @@ usage() (void)fprintf(stderr, "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n", #ifdef KERBEROS -#ifdef CRYPT "8EKLx", " [-k realm] "); #else - "8EKL", " [-k realm] "); -#endif -#else "8EL", " "); #endif exit(1); diff --git a/usr.bin/rsh/Makefile b/usr.bin/rsh/Makefile index 8528f50bed5..1938ebdd89b 100644 --- a/usr.bin/rsh/Makefile +++ b/usr.bin/rsh/Makefile @@ -1,10 +1,20 @@ # from: @(#)Makefile 5.6 (Berkeley) 9/27/90 -# $Id: Makefile,v 1.1 1995/10/18 08:46:03 deraadt Exp $ +# $Id: Makefile,v 1.2 1995/12/16 22:20:35 tholo Exp $ PROG= rsh SRCS= rsh.c BINOWN= root BINMODE=4555 + +.include <bsd.own.mk> # For KERBEROS + +.if defined(KERBEROS) +SRCS+= des_rw.c .PATH: ${.CURDIR}/../rlogin +CFLAGS+=-DKERBEROS +SRCS+= krcmd.c kcmd.c +LDADD+= -lkrb -ldes +DPADD+= ${LIBKRB} ${LIBDES} +.endif .include <bsd.prog.mk> diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c index ad7ff8e56cd..2f84e0dd489 100644 --- a/usr.bin/rsh/rsh.c +++ b/usr.bin/rsh/rsh.c @@ -39,12 +39,12 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)rsh.c 5.24 (Berkeley) 7/1/91";*/ -static char rcsid[] = "$Id: rsh.c,v 1.1 1995/10/18 08:46:03 deraadt Exp $"; +static char rcsid[] = "$Id: rsh.c,v 1.2 1995/12/16 22:20:36 tholo Exp $"; #endif /* not lint */ /* * $Source: /cvs/OpenBSD/src/usr.bin/rsh/rsh.c,v $ - * $Header: /cvs/OpenBSD/src/usr.bin/rsh/rsh.c,v 1.1 1995/10/18 08:46:03 deraadt Exp $ + * $Header: /cvs/OpenBSD/src/usr.bin/rsh/rsh.c,v 1.2 1995/12/16 22:20:36 tholo Exp $ */ #include <sys/types.h> @@ -115,12 +115,8 @@ main(argc, argv) } #ifdef KERBEROS -#ifdef CRYPT #define OPTIONS "8KLdek:l:nwx" #else -#define OPTIONS "8KLdek:l:nw" -#endif -#else #define OPTIONS "8KLdel:nw" #endif while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) @@ -151,13 +147,11 @@ main(argc, argv) nflag = 1; break; #ifdef KERBEROS -#ifdef CRYPT case 'x': doencrypt = 1; - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); break; #endif -#endif case '?': default: usage(); @@ -188,12 +182,10 @@ main(argc, argv) user = pw->pw_name; #ifdef KERBEROS -#ifdef CRYPT /* -x turns off -n */ if (doencrypt) nflag = 0; #endif -#endif args = copyargs(argv); @@ -223,12 +215,10 @@ try_connect: if (dest_realm == NULL) dest_realm = krb_realmofhost(host); -#ifdef CRYPT if (doencrypt) rem = krcmd_mutual(&host, sp->s_port, user, args, &rfd2, dest_realm, &cred, schedule); else -#endif rem = krcmd(&host, sp->s_port, user, args, &rfd2, dest_realm); if (rem < 0) { @@ -294,10 +284,8 @@ try_connect: } #ifdef KERBEROS -#ifdef CRYPT if (!doencrypt) #endif -#endif { (void)ioctl(rfd2, FIONBIO, &one); (void)ioctl(rem, FIONBIO, &one); @@ -340,12 +328,10 @@ rewrite: rembits = 1 << rem; if ((rembits & (1 << rem)) == 0) goto rewrite; #ifdef KERBEROS -#ifdef CRYPT if (doencrypt) wc = des_write(rem, bp, cc); else #endif -#endif wc = write(rem, bp, cc); if (wc < 0) { if (errno == EWOULDBLOCK) @@ -377,12 +363,10 @@ done: if (ready & (1 << rfd2)) { errno = 0; #ifdef KERBEROS -#ifdef CRYPT if (doencrypt) cc = des_read(rfd2, buf, sizeof buf); else #endif -#endif cc = read(rfd2, buf, sizeof buf); if (cc <= 0) { if (errno != EWOULDBLOCK) @@ -393,12 +377,10 @@ done: if (ready & (1 << rem)) { errno = 0; #ifdef KERBEROS -#ifdef CRYPT if (doencrypt) cc = des_read(rem, buf, sizeof buf); else #endif -#endif cc = read(rem, buf, sizeof buf); if (cc <= 0) { if (errno != EWOULDBLOCK) @@ -414,12 +396,10 @@ sendsig(signo) char signo; { #ifdef KERBEROS -#ifdef CRYPT if (doencrypt) (void)des_write(rfd2, &signo, 1); else #endif -#endif (void)write(rfd2, &signo, 1); } @@ -469,12 +449,8 @@ usage() (void)fprintf(stderr, "usage: rsh [-nd%s]%s[-l login] host [command]\n", #ifdef KERBEROS -#ifdef CRYPT "x", " [-k realm] "); #else - "", " [-k realm] "); -#endif -#else "", " "); #endif exit(1); diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile index afb7f5f2cef..adcb6a2227d 100644 --- a/usr.bin/su/Makefile +++ b/usr.bin/su/Makefile @@ -1,11 +1,24 @@ # from: @(#)Makefile 5.5 (Berkeley) 5/11/90 -# $Id: Makefile,v 1.1 1995/10/18 08:46:09 deraadt Exp $ +# $Id: Makefile,v 1.2 1995/12/16 22:20:37 tholo Exp $ PROG= su BINOWN= root BINMODE=4555 +LDADD+= -lcrypt +DPADD+= ${LIBCRYPT} + +.include <bsd.own.mk> + +.if defined(SKEY) CFLAGS+=-DSKEY -LDADD+= -lcrypt -lskey -DPADD+= ${LIBCRYPT} ${LIBSKEY} +LDADD+= -lskey +DPADD+= ${LIBSKEY} +.endif + +.if defined(KERBEROS) +CFLAGS+=-DKERBEROS +LDADD+= -lkrb -ldes +DPADD+= ${LIBKRB} ${LIBDES} +.endif .include <bsd.prog.mk> diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 715bcb5911a..f5707090ca6 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -39,7 +39,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/ -static char rcsid[] = "$Id: su.c,v 1.1 1995/10/18 08:46:10 deraadt Exp $"; +static char rcsid[] = "$Id: su.c,v 1.2 1995/12/16 22:20:38 tholo Exp $"; #endif /* not lint */ #include <sys/param.h> @@ -311,7 +311,6 @@ kerberos(username, user, uid) char *username, *user; int uid; { - extern char *krb_err_txt[]; KTEXT_ST ticket; AUTH_DAT authdata; struct hostent *hp; |