Subject: misc/157: Most kerberos support has been removed from the tree
To: None <gnats-admin>
From: Thorsten Lockert <tholo@SigmaSoft.COM>
List: netbsd-bugs
Date: 03/06/1994 00:35:02
>Number: 157
>Category: misc
>Synopsis: Most kerberos support has been removed from the tree
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: gnats-admin (Misc Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Sun Mar 6 00:35:01 1994
>Originator: Thorsten Lockert
>Organization:
Thorsten Lockert | postmaster@bbb.no |
Postbox 435 | hostmaster@bbb.no | Universe, n.:
N-5001 Bergen | tholo@bbb.no | The problem.
Norway | tholo@sigmasoft.com |
>Release: 0.9-current
>Environment:
System: NetBSD gandalf.bbb.no 0.9a GANDALF#1 i386
>Description:
Most Kerberos support that was present in the BNR/2 has been
removed (or, rather, has not been reinstalled). This makes it
a bit harder for many to build/install NetBSD with Kerberos
support.
>How-To-Repeat:
Install the kerberos elements from Net2 and a working DES
library. System utilities won't build with Kerberos support.
>Fix:
This patch will make selected utilities build with Kerberos support if
Kerberos is installed and, in some cases, it is made for non-export.
--- bin/rcp/Makefile.orig Sat Mar 5 11:12:44 1994
+++ bin/rcp/Makefile Sat Mar 5 12:52:23 1994
@@ -7,4 +7,17 @@
BINMODE=4555
.PATH: ${.CURDIR}/../../usr.bin/rlogin
+.if exists(/usr/lib/libkrb.a)
+CFLAGS+=-DKERBEROS
+LDADD+= -lkrb
+DPADD+= /usr/lib/libkrb.a
+SRCS+= kcmd.c krcmd.c
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+CFLAGS+=-DCRYPT
+LDADD+= -ldes
+DPADD+= /usr/lib/libdes.a
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- bin/rcp/Makefile.orig Sat Mar 5 11:12:44 1994
+++ bin/rcp/Makefile Sat Mar 5 12:52:23 1994
@@ -7,4 +7,17 @@
BINMODE=4555
.PATH: ${.CURDIR}/../../usr.bin/rlogin
+.if exists(/usr/lib/libkrb.a)
+CFLAGS+=-DKERBEROS
+LDADD+= -lkrb
+DPADD+= /usr/lib/libkrb.a
+SRCS+= kcmd.c krcmd.c
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+CFLAGS+=-DCRYPT
+LDADD+= -ldes
+DPADD+= /usr/lib/libdes.a
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- usr.bin/login/Makefile.orig Sat Mar 5 11:31:58 1994
+++ usr.bin/login/Makefile Sat Mar 5 14:56:25 1994
@@ -1,11 +1,16 @@
# from: @(#)Makefile 5.6 (Berkeley) 6/24/90
# $Id: Makefile,v 1.6 1993/10/07 02:19:25 cgd Exp $
-CFLAGS+=#-DKERBEROS
PROG= login
SRCS= klogin.c login.c
-DPADD= ${LIBUTIL} ${LIBCRYPT} #${LIBKRB} ${LIBDES}
-LDADD= -lutil -lcrypt #-lkrb -ldes
+DPADD+= ${LIBUTIL} ${LIBCRYPT}
+LDADD+= -lutil -lcrypt
+
+.if exists(/usr/lib/libkrb.a) && exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+DPADD+= ${LIBKRB} ${LIBDES}
+LDADD+= -lkrb -ldes
+CFLAGS+=-DKERBEROS -DCRYPT
+.endif
BINOWN= root
BINMODE=4555
--- usr.bin/passwd/Makefile.orig Sat Mar 5 11:35:34 1994
+++ usr.bin/passwd/Makefile Sat Mar 5 13:32:38 1994
@@ -11,6 +11,13 @@
DPADD+= ${LIBRPCSVC} ${LIBCRYPT}
LDADD+= -lrpcsvc -lcrypt
+.if exists(/usr/lib/libkrb.a) && exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+CFLAGS+=-DKERBEROS -DCRYPT
+DPADD+= ${LIBKRB} ${LIBDES}
+LDADD+= -lkrb -ldes
+SRCS+= krb_passwd.c des_rw.c
+.endif
+
.include <bsd.prog.mk>
getpwent.o: getpwent.c
--- usr.bin/rlogin/Makefile.orig Sat Mar 5 11:42:16 1994
+++ usr.bin/rlogin/Makefile Sat Mar 5 12:49:37 1994
@@ -6,4 +6,17 @@
BINOWN= root
BINMODE=4555
+.if exists(/usr/lib/libkrb.a)
+CFLAGS+=-DKERBEROS
+DPADD+= ${LIBKRB}
+LDADD+= -lkrb
+SRCS+= kcmd.c krcmd.c
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+CFLAGS+=-DCRYPT
+DPADD+= ${LIBDES}
+LDADD+= -ldes
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- usr.bin/rsh/Makefile.orig Sat Mar 5 11:42:35 1994
+++ usr.bin/rsh/Makefile Sat Mar 5 12:51:23 1994
@@ -7,4 +7,17 @@
BINMODE=4555
.PATH: ${.CURDIR}/../rlogin
+.if exists(/usr/lib/libkrb.a)
+CFLAGS+=-DKERBEROS
+DPADD+= ${LIBKRB}
+LDADD+= -lkrb
+SRCS+= kcmd.c krcmd.c
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+CFLAGS+=-DCRYPT
+DPADD+= ${LIBDES}
+LDADD+= -ldes
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- usr.bin/su/Makefile.orig Sat Mar 5 11:45:50 1994
+++ usr.bin/su/Makefile Sat Mar 5 11:46:24 1994
@@ -7,4 +7,10 @@
LDADD+= -lcrypt
DPADD+= ${LIBCRYPT}
+.if exists(/usr/lib/libkrb.a)
+CFLAGS+=-DKERBEROS
+DPADD+= ${LIBKRB}
+LDADD+= -lkrb
+.endif
+
.include <bsd.prog.mk>
--- libexec/Makefile.orig Sat Mar 5 13:53:13 1994
+++ libexec/Makefile Sat Mar 5 13:55:05 1994
@@ -5,4 +5,8 @@
mail.local makekey makewhatis rexecd rlogind rshd rpc.rstatd \
rpc.rusersd rpc.rwalld talkd telnetd tftpd uucpd
+.if exists(/usr/lib/libkrb.a) && exists(/usr/lib/libdes.a) && exists(kpasswdd) && !defined(EXPORTABLE_SYSTEM)
+SUBDIR+=kpasswdd
+.endif
+
.include <bsd.subdir.mk>
--- libexec/rlogind/Makefile.orig Sat Mar 5 11:20:45 1994
+++ libexec/rlogind/Makefile Sat Mar 5 13:21:38 1994
@@ -8,4 +8,16 @@
LDADD= -lutil
.PATH: ${.CURDIR}/../../usr.bin/rlogin
+.if exists(/usr/lib/libkrb.a)
+DPADD+= /usr/lib/libkrb.a
+LDADD+= -lkrb
+CFLAGS+=-DKERBEROS
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+DPADD+= /usr/lib/libdes.a
+LDADD+= -ldes
+CFLAGS+=-DCRYPT
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- libexec/rshd/Makefile.orig Sat Mar 5 11:27:42 1994
+++ libexec/rshd/Makefile Sat Mar 5 13:22:00 1994
@@ -6,4 +6,16 @@
MAN8= rshd.0
.PATH: ${.CURDIR}/../../usr.bin/rlogin
+.if exists(/usr/lib/libkrb.a)
+DPADD+= /usr/lib/libkrb.a
+LDADD+= -lkrb
+CFLAGS+=-DKERBEROS
+.if exists(/usr/lib/libdes.a) && !defined(EXPORTABLE_SYSTEM)
+DPADD+= /usr/lib/libdes.a
+LDADD+= -ldes
+CFLAGS+=-DCRYPT
+SRCS+= des_rw.c
+.endif
+.endif
+
.include <bsd.prog.mk>
--- /dev/null Sun Mar 6 02:06:51 1994
+++ usr.bin/rlogin/des_rw.c Sat Mar 5 12:48:53 1994
@@ -0,0 +1,193 @@
+/*-
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)des_rw.c 5.8 (Berkeley) 2/25/91";
+#endif /* not lint */
+
+#ifdef CRYPT
+#ifdef KERBEROS
+#include <sys/param.h>
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+#include <time.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern long random();
+static unsigned char des_inbuf[10240], storage[10240], *store_ptr;
+static bit_64 *key;
+static u_char *key_schedule;
+
+/*
+ * NB: These routines will not function properly if NBIO
+ * is set
+ */
+
+/*
+ * des_set_key
+ *
+ * Set des encryption/decryption key for use by the des_read and
+ * des_write routines
+ *
+ * The inkey parameter is actually the DES initial vector,
+ * and the insched is the DES Key unwrapped for faster decryption
+ */
+
+void
+des_set_key(inkey, insched)
+ bit_64 *inkey;
+ u_char *insched;
+{
+ key = inkey;
+ key_schedule = insched;
+}
+
+void
+des_clear_key()
+{
+ bzero((char *) key, sizeof(C_Block));
+ bzero((char *) key_schedule, sizeof(Key_schedule));
+}
+
+
+int
+des_read(fd, buf, len)
+ int fd;
+ register char *buf;
+ int len;
+{
+ int nreturned = 0;
+ long net_len, rd_len;
+ int nstored = 0;
+
+ if (nstored >= len) {
+ (void) bcopy(store_ptr, buf, len);
+ store_ptr += len;
+ nstored -= len;
+ return(len);
+ } else if (nstored) {
+ (void) bcopy(store_ptr, buf, nstored);
+ nreturned += nstored;
+ buf += nstored;
+ len -= nstored;
+ nstored = 0;
+ }
+
+ if (krb_net_read(fd, &net_len, sizeof(net_len)) != sizeof(net_len)) {
+ /* XXX can't read enough, pipe
+ must have closed */
+ return(0);
+ }
+ net_len = ntohl(net_len);
+ if (net_len <= 0 || net_len > sizeof(des_inbuf)) {
+ /* preposterous length; assume out-of-sync; only
+ recourse is to close connection, so return 0 */
+ return(0);
+ }
+ /* the writer tells us how much real data we are getting, but
+ we need to read the pad bytes (8-byte boundary) */
+ rd_len = roundup(net_len, 8);
+ if (krb_net_read(fd, des_inbuf, rd_len) != rd_len) {
+ /* pipe must have closed, return 0 */
+ return(0);
+ }
+ (void) des_pcbc_encrypt(des_inbuf, /* inbuf */
+ storage, /* outbuf */
+ net_len, /* length */
+ key_schedule, /* DES key */
+ key, /* IV */
+ DECRYPT); /* direction */
+
+ if(net_len < 8)
+ store_ptr = storage + 8 - net_len;
+ else
+ store_ptr = storage;
+
+ nstored = net_len;
+ if (nstored > len) {
+ (void) bcopy(store_ptr, buf, len);
+ nreturned += len;
+ store_ptr += len;
+ nstored -= len;
+ } else {
+ (void) bcopy(store_ptr, buf, nstored);
+ nreturned += nstored;
+ nstored = 0;
+ }
+
+ return(nreturned);
+}
+
+static unsigned char des_outbuf[10240]; /* > longest write */
+
+int
+des_write(fd, buf, len)
+ int fd;
+ char *buf;
+ int len;
+{
+ static int seeded = 0;
+ static char garbage_buf[8];
+ long net_len, garbage;
+
+ if(len < 8) {
+ if(!seeded) {
+ seeded = 1;
+ srandom((int) time((long *)0));
+ }
+ garbage = random();
+ /* insert random garbage */
+ (void) bcopy(&garbage, garbage_buf, MIN(sizeof(long),8));
+ /* this "right-justifies" the data in the buffer */
+ (void) bcopy(buf, garbage_buf + 8 - len, len);
+ }
+ /* pcbc_encrypt outputs in 8-byte (64 bit) increments */
+
+ (void) des_pcbc_encrypt((len < 8) ? garbage_buf : buf,
+ des_outbuf,
+ (len < 8) ? 8 : len,
+ key_schedule, /* DES key */
+ key, /* IV */
+ ENCRYPT);
+
+ /* tell the other end the real amount, but send an 8-byte padded
+ packet */
+ net_len = htonl(len);
+ (void) write(fd, &net_len, sizeof(net_len));
+ (void) write(fd, des_outbuf, roundup(len,8));
+ return(len);
+}
+#endif /* KERBEROS */
+#endif /* CRYPT */
--- /dev/null Sun Mar 6 02:06:51 1994
+++ usr.bin/rlogin/kcmd.c Sat Mar 5 12:49:03 1994
@@ -0,0 +1,305 @@
+/*
+ * Copyright (c) 1983 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
+static char sccsid[] = "@(#)kcmd.c 5.6 (Berkeley) 6/1/90";
+#endif /* not lint */
+
+/*
+ * $Source: /mit/kerberos/src/appl/bsd/RCS/kcmd.c,v $
+ * $Header: kcmd.c,v 4.16 89/05/17 10:54:31 jtkohl Exp $
+ *
+ * static char *rcsid_kcmd_c =
+ * "$Header: kcmd.c,v 4.16 89/05/17 10:54:31 jtkohl Exp $";
+ */
+
+#include <sys/param.h>
+#include <sys/file.h>
+#include <sys/signal.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+
+#include <netinet/in.h>
+
+#include <netdb.h>
+#include <errno.h>
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+#include <kerberosIV/kparse.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <ctype.h>
+
+#ifndef MAXHOSTNAMELEN
+#define MAXHOSTNAMELEN 64
+#endif
+
+extern errno;
+char *index(), *malloc(), *krb_realmofhost();
+
+#define START_PORT 5120 /* arbitrary */
+
+kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
+ cred, schedule, msg_data, laddr, faddr, authopts)
+int *sock;
+char **ahost;
+u_short rport;
+char *locuser, *remuser, *cmd;
+int *fd2p;
+KTEXT ticket;
+char *service;
+char *realm;
+CREDENTIALS *cred;
+Key_schedule schedule;
+MSG_DAT *msg_data;
+struct sockaddr_in *laddr, *faddr;
+long authopts;
+{
+ int s, timo = 1, pid;
+ long oldmask;
+ struct sockaddr_in sin, from;
+ char c;
+#ifdef ATHENA_COMPAT
+ int lport = IPPORT_RESERVED - 1;
+#else
+ int lport = START_PORT;
+#endif ATHENA_COMPAT
+ struct hostent *hp;
+ int rc;
+ char *host_save;
+ int status;
+
+ pid = getpid();
+ hp = gethostbyname(*ahost);
+ if (hp == 0) {
+ /* fprintf(stderr, "%s: unknown host\n", *ahost); */
+ return (-1);
+ }
+
+ host_save = malloc(strlen(hp->h_name) + 1);
+ strcpy(host_save, hp->h_name);
+ *ahost = host_save;
+
+ /* If realm is null, look up from table */
+ if ((realm == NULL) || (realm[0] == '\0')) {
+ realm = krb_realmofhost(host_save);
+ }
+
+ oldmask = sigblock(sigmask(SIGURG));
+ for (;;) {
+ s = getport(&lport);
+ if (s < 0) {
+ if (errno == EAGAIN)
+ fprintf(stderr,
+ "kcmd(socket): All ports in use\n");
+ else
+ perror("kcmd: socket");
+ sigsetmask(oldmask);
+ return (-1);
+ }
+ fcntl(s, F_SETOWN, pid);
+ sin.sin_family = hp->h_addrtype;
+#if defined(ultrix) || defined(sun)
+ bcopy(hp->h_addr, (caddr_t)&sin.sin_addr, hp->h_length);
+#else
+ bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, hp->h_length);
+#endif /* defined(ultrix) || defined(sun) */
+ sin.sin_port = rport;
+ if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
+ break;
+ (void) close(s);
+ if (errno == EADDRINUSE) {
+ lport--;
+ continue;
+ }
+ /*
+ * don't wait very long for Kerberos rcmd.
+ */
+ if (errno == ECONNREFUSED && timo <= 4) {
+ /* sleep(timo); don't wait at all here */
+ timo *= 2;
+ continue;
+ }
+#if !(defined(ultrix) || defined(sun))
+ if (hp->h_addr_list[1] != NULL) {
+ int oerrno = errno;
+
+ fprintf(stderr,
+ "kcmd: connect to address %s: ",
+ inet_ntoa(sin.sin_addr));
+ errno = oerrno;
+ perror(0);
+ hp->h_addr_list++;
+ bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr,
+ hp->h_length);
+ fprintf(stderr, "Trying %s...\n",
+ inet_ntoa(sin.sin_addr));
+ continue;
+ }
+#endif /* !(defined(ultrix) || defined(sun)) */
+ if (errno != ECONNREFUSED)
+ perror(hp->h_name);
+ sigsetmask(oldmask);
+ return (-1);
+ }
+ lport--;
+ if (fd2p == 0) {
+ write(s, "", 1);
+ lport = 0;
+ } else {
+ char num[8];
+ int s2 = getport(&lport), s3;
+ int len = sizeof (from);
+
+ if (s2 < 0) {
+ status = -1;
+ goto bad;
+ }
+ listen(s2, 1);
+ (void) sprintf(num, "%d", lport);
+ if (write(s, num, strlen(num)+1) != strlen(num)+1) {
+ perror("kcmd(write): setting up stderr");
+ (void) close(s2);
+ status = -1;
+ goto bad;
+ }
+ s3 = accept(s2, (struct sockaddr *)&from, &len);
+ (void) close(s2);
+ if (s3 < 0) {
+ perror("kcmd:accept");
+ lport = 0;
+ status = -1;
+ goto bad;
+ }
+ *fd2p = s3;
+ from.sin_port = ntohs((u_short)from.sin_port);
+ if (from.sin_family != AF_INET ||
+ from.sin_port >= IPPORT_RESERVED) {
+ fprintf(stderr,
+ "kcmd(socket): protocol failure in circuit setup.\n");
+ goto bad2;
+ }
+ }
+ /*
+ * Kerberos-authenticated service. Don't have to send locuser,
+ * since its already in the ticket, and we'll extract it on
+ * the other side.
+ */
+ /* (void) write(s, locuser, strlen(locuser)+1); */
+
+ /* set up the needed stuff for mutual auth, but only if necessary */
+ if (authopts & KOPT_DO_MUTUAL) {
+ int sin_len;
+ *faddr = sin;
+
+ sin_len = sizeof (struct sockaddr_in);
+ if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
+ perror("kcmd(getsockname)");
+ status = -1;
+ goto bad2;
+ }
+ }
+ if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
+ realm, (unsigned long) getpid(), msg_data,
+ cred, schedule,
+ laddr,
+ faddr,
+ "KCMDV0.1")) != KSUCCESS)
+ goto bad2;
+
+ (void) write(s, remuser, strlen(remuser)+1);
+ (void) write(s, cmd, strlen(cmd)+1);
+
+ if ((rc=read(s, &c, 1)) != 1) {
+ if (rc==-1) {
+ perror(*ahost);
+ } else {
+ fprintf(stderr,"kcmd: bad connection with remote host\n");
+ }
+ status = -1;
+ goto bad2;
+ }
+ if (c != 0) {
+ while (read(s, &c, 1) == 1) {
+ (void) write(2, &c, 1);
+ if (c == '\n')
+ break;
+ }
+ status = -1;
+ goto bad2;
+ }
+ sigsetmask(oldmask);
+ *sock = s;
+ return (KSUCCESS);
+bad2:
+ if (lport)
+ (void) close(*fd2p);
+bad:
+ (void) close(s);
+ sigsetmask(oldmask);
+ return (status);
+}
+
+getport(alport)
+ int *alport;
+{
+ struct sockaddr_in sin;
+ int s;
+
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = INADDR_ANY;
+ s = socket(AF_INET, SOCK_STREAM, 0);
+ if (s < 0)
+ return (-1);
+ for (;;) {
+ sin.sin_port = htons((u_short)*alport);
+ if (bind(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
+ return (s);
+ if (errno != EADDRINUSE) {
+ (void) close(s);
+ return (-1);
+ }
+ (*alport)--;
+#ifdef ATHENA_COMPAT
+ if (*alport == IPPORT_RESERVED/2) {
+#else
+ if (*alport == IPPORT_RESERVED) {
+#endif ATHENA_COMPAT
+ (void) close(s);
+ errno = EAGAIN; /* close */
+ return (-1);
+ }
+ }
+}
+
--- /dev/null Sun Mar 6 02:06:51 1994
+++ usr.bin/rlogin/krcmd.c Sat Mar 5 12:49:03 1994
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 1989 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)krcmd.c 1.6 (Berkeley) 9/27/90";
+#endif /* not lint */
+
+/*
+ * $Source: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v $
+ * $Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1
+ * 89/07/25 15:38:44 kfall Exp Locker: kfall $
+ * static char *rcsid_kcmd_c =
+ * "$Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1 89/07/25 15:38:44
+ * kfall Exp Locker: kfall $";
+ */
+
+#ifdef KERBEROS
+#include <sys/types.h>
+#include <stdio.h>
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+
+#define SERVICE_NAME "rcmd"
+
+/*
+ * krcmd: simplified version of Athena's "kcmd"
+ * returns a socket attached to the destination, -1 or krb error on error
+ * if fd2p is non-NULL, another socket is filled in for it
+ */
+
+int
+krcmd(ahost, rport, remuser, cmd, fd2p, realm)
+ char **ahost;
+ u_short rport;
+ char *remuser, *cmd;
+ int *fd2p;
+ char *realm;
+{
+ int sock = -1, err = 0;
+ KTEXT_ST ticket;
+ long authopts = 0L;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ (CREDENTIALS *) NULL, /* credentials not used */
+ (bit_64 *) NULL, /* key schedule not used */
+ (MSG_DAT *) NULL, /* MSG_DAT not used */
+ (struct sockaddr_in *) NULL, /* local addr not used */
+ (struct sockaddr_in *) NULL, /* foreign addr not used */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ fprintf(stderr, "krcmd: %s\n", krb_err_txt[err]);
+ return(-1);
+ }
+ if (err < 0)
+ return(-1);
+ return(sock);
+}
+
+#ifdef CRYPT
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int
+krcmd_mutual(ahost, rport, remuser, cmd, fd2p, realm, cred, sched)
+ char **ahost;
+ u_short rport;
+ char *remuser, *cmd;
+ int *fd2p;
+ char *realm;
+ CREDENTIALS *cred;
+ Key_schedule sched;
+{
+ int sock, err;
+ KTEXT_ST ticket;
+ MSG_DAT msg_dat;
+ struct sockaddr_in laddr, faddr;
+ long authopts = KOPT_DO_MUTUAL;
+
+ err = kcmd(
+ &sock,
+ ahost,
+ rport,
+ NULL, /* locuser not used */
+ remuser,
+ cmd,
+ fd2p,
+ &ticket,
+ SERVICE_NAME,
+ realm,
+ cred, /* filled in */
+ sched, /* filled in */
+ &msg_dat, /* filled in */
+ &laddr, /* filled in */
+ &faddr, /* filled in */
+ authopts
+ );
+
+ if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
+ fprintf(stderr, "krcmd_mutual: %s\n", krb_err_txt[err]);
+ return(-1);
+ }
+
+ if (err < 0)
+ return (-1);
+ return(sock);
+}
+#endif /* CRYPT */
+#endif /* KERBEROS */
>Audit-Trail:
>Unformatted:
------------------------------------------------------------------------------