upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

import of heimdal 0.3f

Browse source
This commit is contained in:
Assar Westerlund 2001-06-21 02:12:07 +00:00
parent 45524cd79e
commit adb0ddaeac
495 changed files with 40190 additions and 7763 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

330
crypto/heimdal/ChangeLog
View file

@ -1,3 +1,333 @@
2001-05-17 Assar Westerlund <assar@sics.se>
* Release 0.3f
2001-05-17 Assar Westerlund <assar@sics.se>
* lib/krb5/Makefile.am: bump version to 16:0:0
* lib/hdb/Makefile.am: bump version to 7:1:0
* lib/asn1/Makefile.am: bump version to 5:0:0
* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
* lib/krb5/codec.c: remove dead code
2001-05-15 Assar Westerlund <assar@sics.se>
* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
parenthesis
* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
`errno' (called system_error) to allow callers to make sure they
pass the current and relevant value. update callers
2001-05-14 Johan Danielsson <joda@pdc.kth.se>
* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
2001-05-14 Assar Westerlund <assar@sics.se>
* kpasswd/kpasswdd.c: adapt to new address functions
* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
* kdc/connect.c: adapt to changing address functions
* kdc/config.c: new krb5_config_parse_file
* kdc/524.c: new krb5_sockaddr2address
* lib/krb5/*: add some krb5_{set,clear}_error_string
* lib/asn1/k5.asn1 (LR_TYPE): add
* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
2001-05-11 Assar Westerlund <assar@sics.se>
* kdc/kerberos5.c (tsg_rep): fix typo in variable name
* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
types and send two prompts at once when changning password
* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
* lib/krb5/krb5.h (krb5_prompt): add type
(krb5_prompter_fct): add anem
* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
paramaters to krb5_cc_next_cred (as MIT does, and not as they
document). From "Jacques A. Vidrine" <n@nectar.com>
2001-05-11 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/Makefile.am: store-test
* lib/krb5/store-test.c: simple bit storage test
* lib/krb5/store.c: add more byteorder storage flags
* lib/krb5/krb5.h: add more byteorder storage flags
* kdc/kerberos5.c: don't use NULL where we mean 0
* kdc/kerberos5.c: put referral test code in separate function,
and test for KRB5_NT_SRV_INST
2001-05-10 Assar Westerlund <assar@sics.se>
* admin/list.c (do_list): do not close the keytab if opening it
failed
* admin/list.c (do_list): always print complete names. print
everything to stdout.
* admin/list.c: print both v5 and v4 list by default
* admin/remove.c (kt_remove): reorganize some. open the keytab
(defaulting to the modify one).
* admin/purge.c (kt_purge): reorganize some. open the keytab
(defaulting to the modify one). correct usage strings
* admin/list.c (kt_list): reorganize some. open the keytab
* admin/get.c (kt_get): reorganize some. open the keytab
(defaulting to the modify one)
* admin/copy.c (kt_copy): default to modify key name. re-organise
* admin/change.c (kt_change): reorganize some. open the keytab
(defaulting to the modify one)
* admin/add.c (kt_add): reorganize some. open the keytab
(defaulting to the modify one)
* admin/ktutil.c (main): do not open the keytab, let every
sub-function handle it
* kdc/config.c (configure): call free_getarg_strings
* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
a few more errors
* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
`use_dns' parameter boolean
* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
* lib/krb5/context.c (init_context_from_config_file): set
default_keytab_modify
* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
(KEYTAB_DEFAULT_MODIFY): add
* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
(krb5_kt_resolve): set error string for failed keytab type
2001-05-08 Assar Westerlund <assar@sics.se>
* lib/krb5/crypto.c (encryption_type): make field names more
consistent
(create_checksum): separate usage and type
(krb5_create_checksum): add a separate type parameter
(encrypt_internal): only free once on mismatched checksum length
* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
realm we didn't manage to reach any KDC for in the error string
* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
the entire subkey. from <tmartin@mirapoint.com>
2001-05-07 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
KT_NOTFOUND if the file is empty
2001-05-07 Assar Westerlund <assar@sics.se>
* lib/krb5/fcache.c: call krb5_set_error_string when open fails
fatally
* lib/krb5/keytab_file.c: call krb5_set_error_string when open
fails fatally
* lib/krb5/warn.c (_warnerr): print error_string in context in
preference to error string derived from error code
* kuser/kinit.c (main): try to print the error string
* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
error strings for errors
* lib/krb5/krb5.h (krb5_context_data): add error_string and
error_buf
* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
* lib/krb5/error_string.c: new file
2001-05-02 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/time.c: krb5_string_to_deltat
* lib/krb5/sock_principal.c: one less data copy
* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
* lib/krb5/get_default_principal.c: change this slightly
* lib/krb5/crypto.c: make checksum_types into an array of pointers
* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
ticket
2001-04-29 Assar Westerlund <assar@sics.se>
* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
the right realm if we fail to find a non-krbtgt service in the
database and the second component does a succesful non-dns lookup
to get the real realm (which has to be different from the
originally-supplied realm). this should help windows 2000 clients
that always start their lookups in `their' realm and do not have
any idea of how to map hostnames into realms
* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
2001-04-27 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
parameter to request use of dns or not
2001-04-25 Assar Westerlund <assar@sics.se>
* admin/get.c (kt_get): allow specification of encryption types
* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
close an unopened ccache, noted by <marc@mit.edu>
* lib/krb5/krb5.h (krb5_any_ops): add declaration
* lib/krb5/context.c (init_context_from_config_file): register
krb5_any_ops
* lib/krb5/keytab_any.c: new file, implementing union of keytabs
* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
== NULL. noted by <marc@mit.edu>
2001-04-19 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
else, from Jacques Vidrine
2001-04-18 Johan Danielsson <joda@pdc.kth.se>
* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
* lib/krb5/krb5.h: adapt to asn1 changes
* lib/asn1/k5.asn1: move enctypes here
* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
conflicts
* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
conflicts
* lib/asn1/lex.l: use strtol to parse constants
2001-04-06 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.c: add simple support for running commands
2001-03-26 Assar Westerlund <assar@sics.se>
* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
with more versions of openldap
* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
replies
(*): update callers of krb5_km_error
(check_tgs_flags): handle renews requesting non-renewable tickets
* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
and cusec
* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
compatibility names
* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
means pick from the `crypto' (context) and otherwise use that
type. this is not a large change in practice and allows callers
to specify the exact checksum algorithm to use
2001-03-13 Assar Westerlund <assar@sics.se>
* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
integrity'. this helps for talking to old (pre 0.3d) KDCs
2001-03-12 Assar Westerlund <assar@pdc.kth.se>
* lib/krb5/crypto.c (krb5_derive_key): new function, used by
derived-key-test.c
* lib/krb5/string-to-key-test.c: add new test vectors posted by
Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
ietf-krb-wg@anl.gov
* lib/krb5/n-fold-test.c: more test vectors from same source
* lib/krb5/derived-key-test.c: more tests from same source
2001-03-06 Assar Westerlund <assar@sics.se>
* acconfig.h: include roken_rename.h when appropriate
2001-03-06 Assar Westerlund <assar@sics.se>
* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
2001-03-04 Assar Westerlund <assar@sics.se>
* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
compatibility with MIT krb5
2001-03-02 Assar Westerlund <assar@sics.se>
* kuser/kinit.c (main): only request a renewable ticket when
explicitly requested. it still gets a renewable one if the renew
life is specified
* kuser/kinit.c (renew_validate): treat -1 as flags not being set
2001-02-28 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
2001-02-27 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
2001-02-25 Assar Westerlund <assar@sics.se>
* configure.in: do not use -R when testing for des functions
2001-02-14 Assar Westerlund <assar@sics.se>
* configure.in: test for lber.h when trying to link against
openldap to handle openldap v1, from Sumit Bose
<sumit.bose@suse.de>
2001-02-19 Assar Westerlund <assar@sics.se>
* lib/asn1/libasn1.h: add string.h (for memset)
2001-02-15 Assar Westerlund <assar@sics.se>
* lib/krb5/warn.c (_warnerr): add printf attributes
* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
returned by getaddrinfo before trying the next kdc. from
thorpej@netbsd.org
* lib/krb5/krb5.conf.5: fix default_realm in example
* kdc/connect.c: fix a few kdc_log format types
* configure.in: try to handle libdes/libcrypto ont requiring -L
2001-02-10 Assar Westerlund <assar@sics.se>
* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
the beginning of the generated function, and add a label `fail'
that the code jumps to in case of errors that frees all allocated
data
2001-02-07 Assar Westerlund <assar@sics.se>
* configure.in: aix dce: fix misquotes, from Ake Sandgren
<ake@cs.umu.se>
* configure.in (dpagaix_LDFLAGS): try to add export file
2001-02-05 Assar Westerlund <assar@sics.se>
* lib/krb5/krb5_keytab.3: new man page, contributed by
<lha@stacken.kth.se>
* kdc/kaserver.c: update to new db_fetch4
2001-02-05 Assar Westerlund <assar@assaris.sics.se>
* Release 0.3e

30
crypto/heimdal/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
SUBDIRS = include lib kuser kdc admin kadmin kpasswd appl doc tools
@ -212,9 +215,10 @@ configure.in install-sh ltconfig ltmain.sh missing mkinstalldirs
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
DIST_SUBDIRS = $(SUBDIRS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile
@ -284,11 +288,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
rev="$$subdir $$rev"; \
if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
rev=''; for subdir in $$list; do \
if test "$$subdir" = "."; then :; else \
rev="$$subdir $$rev"; \
fi; \
done; \
test "$$dot_seen" = "no" && rev=". $$rev"; \
rev="$$rev ."; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
@ -334,6 +343,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

25
crypto/heimdal/NEWS
View file

@ -1,3 +1,28 @@
Changes in release 0.3f
* change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
the new keytab type that tries both of these in order (SRVTAB is
also an alias for krb4:)
* improve error reporting and error handling (error messages should
be more detailed and more useful)
* improve building with openssl
* add kadmin -K, rcp -F
* fix two incorrect weak DES keys
* fix building of kaserver compat in KDC
* the API is closer to what MIT krb5 is using
* more compatible with windows 2000
* removed some memory leaks
* bug fixes
Changes in release 0.3e
* rcp program included

4
crypto/heimdal/acconfig.h
View file

@ -98,3 +98,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
# define WORDS_BIGENDIAN 1
# endif
#endif
#ifdef ROKEN_RENAME
#include "roken_rename.h"
#endif

224
crypto/heimdal/aclocal.m4 vendored
View file

@ -1,14 +1,15 @@
dnl ./aclocal.m4 generated automatically by aclocal 1.4a
# ./aclocal.m4 generated automatically by aclocal 1.4b
dnl Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
dnl This program is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
dnl $Id: acinclude.m4,v 1.15 1998/05/23 14:54:53 joda Exp $
dnl
@ -49,32 +50,40 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
])])
# Like AC_CONFIG_HEADER, but automatically create stamp file.
AC_DEFUN(AM_CONFIG_HEADER,
[AC_PREREQ([2.12])
AC_CONFIG_HEADER([$1])
dnl When config.status generates a header, we must update the stamp-h file.
dnl This file resides in the same directory as the config header
dnl that is generated. We must strip everything past the first ":",
dnl and everything past the last "/".
AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl
ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>,
<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>,
<<am_indx=1
for am_file in <<$1>>; do
case " <<$>>CONFIG_HEADERS " in
*" <<$>>am_file "*<<)>>
echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx
;;
esac
am_indx=`expr "<<$>>am_indx" + 1`
done<<>>dnl>>)
changequote([,]))])
# serial 3
# When config.status generates a header, we must update the stamp-h file.
# This file resides in the same directory as the config header
# that is generated. We must strip everything past the first ":",
# and everything past the last "/".
AC_PREREQ([2.12])
AC_DEFUN([AM_CONFIG_HEADER],
[AC_CONFIG_HEADER([$1])
AC_OUTPUT_COMMANDS(
ifelse(patsubst([$1], [[^ ]], []),
[],
[test -z "$CONFIG_HEADERS" || echo timestamp >dnl
patsubst([$1], [^\([^:]*/\)?.*], [\1])stamp-h]),
[am_indx=1
for am_file in $1; do
case " $CONFIG_HEADERS " in
*" $am_file "*)
echo timestamp > `echo $am_file | sed 's%:.*%%;s%[^/]*$%%'`stamp-h$am_indx
;;
esac
am_indx=\`expr \$am_indx + 1\`
done])
])
# Do all the work for Automake. This macro actually does too much --
# some checks are only needed if your package does certain things.
# But this isn't really a big deal.
# serial 2
# serial 3
AC_PREREQ([2.13])
# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)
# -----------------------------------------------------------
@ -92,12 +101,11 @@ ifdef([AC_PROVIDE_IFELSE],
# AM_INIT_AUTOMAKE(PACKAGE,VERSION, [NO-DEFINE])
# ----------------------------------------------
AC_DEFUN(AM_INIT_AUTOMAKE,
AC_DEFUN([AM_INIT_AUTOMAKE],
[dnl We require 2.13 because we rely on SHELL being computed by configure.
AC_PREREQ([2.13])dnl
AC_REQUIRE([AC_PROG_INSTALL])dnl
# test to see if srcdir already configured
if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" &&
if test "`CDPATH=:; cd $srcdir && pwd`" != "`pwd`" &&
test -f $srcdir/config.status; then
AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
fi
@ -121,8 +129,8 @@ AM_MISSING_PROG(AUTOHEADER, autoheader)
AM_MISSING_PROG(MAKEINFO, makeinfo)
AM_MISSING_PROG(AMTAR, tar)
AM_MISSING_INSTALL_SH
dnl We need awk for the "check" target. The system "awk" is bad on
dnl some platforms.
# We need awk for the "check" target. The system "awk" is bad on
# some platforms.
AC_REQUIRE([AC_PROG_AWK])dnl
AC_REQUIRE([AC_PROG_MAKE_SET])dnl
AC_REQUIRE([AM_DEP_TRACK])dnl
@ -141,7 +149,7 @@ AC_PROVIDE_IFELSE([AC_PROG_CXX],
# Check to make sure that the build environment is sane.
#
AC_DEFUN(AM_SANITY_CHECK,
AC_DEFUN([AM_SANITY_CHECK],
[AC_MSG_CHECKING([whether build environment is sane])
# Just in case
sleep 1
@ -180,15 +188,15 @@ fi
rm -f conftest*
AC_MSG_RESULT(yes)])
dnl AM_MISSING_PROG(NAME, PROGRAM)
AC_DEFUN(AM_MISSING_PROG, [
# AM_MISSING_PROG(NAME, PROGRAM)
AC_DEFUN([AM_MISSING_PROG], [
AC_REQUIRE([AM_MISSING_HAS_RUN])
$1=${$1-"${am_missing_run}$2"}
AC_SUBST($1)])
dnl Like AM_MISSING_PROG, but only looks for install-sh.
dnl AM_MISSING_INSTALL_SH()
AC_DEFUN(AM_MISSING_INSTALL_SH, [
# Like AM_MISSING_PROG, but only looks for install-sh.
# AM_MISSING_INSTALL_SH()
AC_DEFUN([AM_MISSING_INSTALL_SH], [
AC_REQUIRE([AM_MISSING_HAS_RUN])
if test -z "$install_sh"; then
install_sh="$ac_aux_dir/install-sh"
@ -200,13 +208,13 @@ if test -z "$install_sh"; then
fi
AC_SUBST(install_sh)])
dnl AM_MISSING_HAS_RUN.
dnl Define MISSING if not defined so far and test if it supports --run.
dnl If it does, set am_missing_run to use it, otherwise, to nothing.
# AM_MISSING_HAS_RUN.
# Define MISSING if not defined so far and test if it supports --run.
# If it does, set am_missing_run to use it, otherwise, to nothing.
AC_DEFUN([AM_MISSING_HAS_RUN], [
test x"${MISSING+set}" = xset || \
MISSING="\${SHELL} `CDPATH=: && cd $ac_aux_dir && pwd`/missing"
dnl Use eval to expand $SHELL
MISSING="\${SHELL} `CDPATH=:; cd $ac_aux_dir && pwd`/missing"
# Use eval to expand $SHELL
if eval "$MISSING --run :"; then
am_missing_run="$MISSING --run "
else
@ -216,14 +224,14 @@ else
fi
])
dnl See how the compiler implements dependency checking.
dnl Usage:
dnl AM_DEPENDENCIES(NAME)
dnl NAME is "CC", "CXX" or "OBJC".
# See how the compiler implements dependency checking.
# Usage:
# AM_DEPENDENCIES(NAME)
# NAME is "CC", "CXX" or "OBJC".
dnl We try a few techniques and use that to set a single cache variable.
# We try a few techniques and use that to set a single cache variable.
AC_DEFUN(AM_DEPENDENCIES,[
AC_DEFUN([AM_DEPENDENCIES],[
AC_REQUIRE([AM_SET_DEPDIR])
AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])
ifelse([$1],CC,[
@ -259,10 +267,13 @@ if test -z "$AMDEP"; then
;;
none) break ;;
esac
# We check with `-c' and `-o' for the sake of the "dashmstdout"
# mode. It turns out that the SunPro C++ compiler does not properly
# handle `-M -o', and we need to detect this.
if depmode="$depmode" \
source=conftest.c object=conftest.o \
depfile=conftest.Po tmpdepfile=conftest.TPo \
$SHELL $am_depcomp $depcc -c conftest.c 2>/dev/null &&
$SHELL $am_depcomp $depcc -c conftest.c -o conftest.o >/dev/null 2>&1 &&
grep conftest.h conftest.Po > /dev/null 2>&1; then
am_cv_[$1]_dependencies_compiler_type="$depmode"
break
@ -279,19 +290,22 @@ AC_MSG_RESULT($am_cv_[$1]_dependencies_compiler_type)
AC_SUBST([$1]DEPMODE)
])
dnl Choose a directory name for dependency files.
dnl This macro is AC_REQUIREd in AM_DEPENDENCIES
# Choose a directory name for dependency files.
# This macro is AC_REQUIREd in AM_DEPENDENCIES
AC_DEFUN(AM_SET_DEPDIR,[
AC_DEFUN([AM_SET_DEPDIR],[
if test -d .deps || mkdir .deps 2> /dev/null || test -d .deps; then
DEPDIR=.deps
# We redirect because .deps might already exist and be populated.
# In this situation we don't want to see an error.
rmdir .deps > /dev/null 2>&1
else
DEPDIR=_deps
fi
AC_SUBST(DEPDIR)
])
AC_DEFUN(AM_DEP_TRACK,[
AC_DEFUN([AM_DEP_TRACK],[
AC_ARG_ENABLE(dependency-tracking,
[ --disable-dependency-tracking Speeds up one-time builds
--enable-dependency-tracking Do not reject slow dependency extractors])
@ -316,16 +330,16 @@ subst(AMDEPBACKSLASH)
popdef([subst])
])
dnl Generate code to set up dependency tracking.
dnl This macro should only be invoked once -- use via AC_REQUIRE.
dnl Usage:
dnl AM_OUTPUT_DEPENDENCY_COMMANDS
# Generate code to set up dependency tracking.
# This macro should only be invoked once -- use via AC_REQUIRE.
# Usage:
# AM_OUTPUT_DEPENDENCY_COMMANDS
dnl
dnl This code is only required when automatic dependency tracking
dnl is enabled. FIXME. This creates each `.P' file that we will
dnl need in order to bootstrap the dependency handling code.
AC_DEFUN(AM_OUTPUT_DEPENDENCY_COMMANDS,[
#
# This code is only required when automatic dependency tracking
# is enabled. FIXME. This creates each `.P' file that we will
# need in order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],[
AC_OUTPUT_COMMANDS([
test x"$AMDEP" != x"" ||
for mf in $CONFIG_FILES; do
@ -368,9 +382,9 @@ done
ac_aux_dir="$ac_aux_dir"])])
dnl AM_PROG_LEX
dnl Look for flex, lex or missing, then run AC_PROG_LEX and AC_DECL_YYTEXT
AC_DEFUN(AM_PROG_LEX,
# AM_PROG_LEX
# Look for flex, lex or missing, then run AC_PROG_LEX and AC_DECL_YYTEXT
AC_DEFUN([AM_PROG_LEX],
[AC_REQUIRE([AM_MISSING_HAS_RUN])
AC_CHECK_PROGS(LEX, flex lex, [${am_missing_run}flex])
AC_PROG_LEX
@ -1371,7 +1385,7 @@ dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra
AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
dnl $Id: roken-frag.m4,v 1.19 2000/12/15 14:29:54 assar Exp $
dnl $Id: roken-frag.m4,v 1.21 2001/05/11 13:58:21 joda Exp $
dnl
dnl some code to get roken working
dnl
@ -1445,6 +1459,7 @@ AC_CHECK_HEADERS([\
rpcsvc/dbm.h \
rpcsvc/ypclnt.h \
shadow.h \
sys/bswap.h \
sys/ioctl.h \
sys/param.h \
sys/proc.h \
@ -1536,8 +1551,10 @@ AC_CHECK_FUNCS([ \
asprintf \
cgetent \
getconfattr \
getprogname \
getrlimit \
getspnam \
setprogname \
strsvis \
strunvis \
strvis \
@ -1614,6 +1631,16 @@ AC_NEED_PROTO([
vasnprintf)dnl
fi
AC_FIND_FUNC_NO_LIBS(bswap16,,
[#ifdef HAVE_SYS_BSWAP_H
#include <sys/bswap.h>
#endif],0)
AC_FIND_FUNC_NO_LIBS(bswap32,,
[#ifdef HAVE_SYS_BSWAP_H
#include <sys/bswap.h>
#endif],0)
AC_FIND_FUNC_NO_LIBS(pidfile,util,
[#ifdef HAVE_UTIL_H
#include <util.h>
@ -2066,7 +2093,7 @@ fi
# Define a conditional.
AC_DEFUN(AM_CONDITIONAL,
AC_DEFUN([AM_CONDITIONAL],
[AC_SUBST($1_TRUE)
AC_SUBST($1_FALSE)
if $2; then
@ -2077,7 +2104,7 @@ else
$1_FALSE=
fi])
dnl $Id: krb-ipv6.m4,v 1.9 2000/12/26 20:27:30 assar Exp $
dnl $Id: krb-ipv6.m4,v 1.10 2001/03/26 03:28:03 assar Exp $
dnl
dnl test for IPv6
dnl
@ -2087,6 +2114,7 @@ AC_ARG_WITH(ipv6,
if test "$withval" = "no"; then
ac_cv_lib_ipv6=no
fi])
save_CFLAGS="${CFLAGS}"
AC_CACHE_VAL(ac_cv_lib_ipv6,
[dnl check for different v6 implementations (by itojun)
v6type=unknown
@ -2197,6 +2225,8 @@ AC_MSG_CHECKING(for IPv6)
AC_MSG_RESULT($ac_cv_lib_ipv6)
if test "$ac_cv_lib_ipv6" = yes; then
AC_DEFINE(HAVE_IPV6, 1, [Define if you have IPv6.])
else
CFLAGS="${save_CFLAGS}"
fi
])
@ -2295,7 +2325,7 @@ undefine([foo])
fi
])
dnl $Id: broken-glob.m4,v 1.2 1999/03/01 09:52:15 joda Exp $
dnl $Id: broken-glob.m4,v 1.3 2001/03/26 11:40:24 assar Exp $
dnl
dnl check for glob(3)
dnl
@ -2305,12 +2335,13 @@ ac_cv_func_glob_working=yes
AC_TRY_LINK([
#include <stdio.h>
#include <glob.h>],[
glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE, NULL, NULL);
glob(NULL, GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT,
NULL, NULL);
],:,ac_cv_func_glob_working=no,:))
if test "$ac_cv_func_glob_working" = yes; then
AC_DEFINE(HAVE_GLOB, 1, [define if you have a glob() that groks
GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, and GLOB_TILDE])
GLOB_BRACE, GLOB_NOCHECK, GLOB_QUOTE, GLOB_TILDE, and GLOB_LIMIT])
fi
if test "$ac_cv_func_glob_working" = yes; then
AC_NEED_PROTO([#include <stdio.h>
@ -2486,49 +2517,6 @@ AH_BOTTOM([#ifdef BROKEN_REALLOC
#endif])
])
dnl $Id: krb-func-getcwd-broken.m4,v 1.2 1999/03/01 13:03:32 joda Exp $
dnl
dnl
dnl test for broken getcwd in (SunOS braindamage)
dnl
AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [
if test "$ac_cv_func_getcwd" = yes; then
AC_MSG_CHECKING(if getcwd is broken)
AC_CACHE_VAL(ac_cv_func_getcwd_broken, [
ac_cv_func_getcwd_broken=no
AC_TRY_RUN([
#include <errno.h>
char *getcwd(char*, int);
void *popen(char *cmd, char *mode)
{
errno = ENOTTY;
return 0;
}
int main()
{
char *ret;
ret = getcwd(0, 1024);
if(ret == 0 && errno == ENOTTY)
return 0;
return 1;
}
], ac_cv_func_getcwd_broken=yes,:,:)
])
if test "$ac_cv_func_getcwd_broken" = yes; then
AC_DEFINE(BROKEN_GETCWD, 1, [Define if getcwd is broken (like in SunOS 4).])dnl
LIBOBJS="$LIBOBJS getcwd.o"
AC_SUBST(LIBOBJS)dnl
AC_MSG_RESULT($ac_cv_func_getcwd_broken)
else
AC_MSG_RESULT([seems ok])
fi
fi
])
dnl $Id: proto-compat.m4,v 1.3 1999/03/01 13:03:48 joda Exp $
dnl
dnl

16
crypto/heimdal/admin/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
man_MANS = ktutil.8
@ -254,7 +257,7 @@ OBJECTS = $(am_ktutil_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign admin/Makefile
@ -387,6 +390,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

55
crypto/heimdal/admin/add.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,12 +33,13 @@
#include "ktutil_locl.h"
RCSID("$Id: add.c,v 1.1 2000/01/02 04:41:00 assar Exp $");
RCSID("$Id: add.c,v 1.2 2001/05/10 15:39:15 assar Exp $");
int
kt_add(int argc, char **argv)
{
krb5_error_code ret;
krb5_keytab keytab;
krb5_keytab_entry entry;
char buf[128];
char *principal_string = NULL;
@ -71,30 +72,47 @@ kt_add(int argc, char **argv)
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil add", "");
return 0;
return 1;
}
if(help_flag) {
arg_printusage(args, num_args, "ktutil add", "");
return 0;
return 1;
}
if (keytab_string == NULL) {
ret = krb5_kt_default_modify_name (context, keytab_buf,
sizeof(keytab_buf));
if (ret) {
krb5_warn(context, ret, "krb5_kt_default_modify_name");
return 1;
}
keytab_string = keytab_buf;
}
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 1;
}
if (verbose_flag)
fprintf (stderr, "Using keytab %s\n", keytab_string);
memset(&entry, 0, sizeof(entry));
if(principal_string == NULL) {
printf("Principal: ");
if (fgets(buf, sizeof(buf), stdin) == NULL)
return 0;
return 1;
buf[strcspn(buf, "\r\n")] = '\0';
principal_string = buf;
}
ret = krb5_parse_name(context, principal_string, &entry.principal);
if(ret) {
krb5_warn(context, ret, "%s", principal_string);
return 0;
goto out;
}
if(enctype_string == NULL) {
printf("Encryption type: ");
if (fgets(buf, sizeof(buf), stdin) == NULL) {
krb5_free_principal (context, entry.principal);
return 0;
}
if (fgets(buf, sizeof(buf), stdin) == NULL)
goto out;
buf[strcspn(buf, "\r\n")] = '\0';
enctype_string = buf;
}
@ -105,24 +123,19 @@ kt_add(int argc, char **argv)
enctype = t;
else {
krb5_warn(context, ret, "%s", enctype_string);
krb5_free_principal(context, entry.principal);
return 0;
goto out;
}
}
if(kvno == -1) {
printf("Key version: ");
if (fgets(buf, sizeof(buf), stdin) == NULL) {
krb5_free_principal (context, entry.principal);
return 0;
}
if (fgets(buf, sizeof(buf), stdin) == NULL)
goto out;
buf[strcspn(buf, "\r\n")] = '\0';
kvno = atoi(buf);
}
if(password_string == NULL && random_flag == 0) {
if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
krb5_free_principal (context, entry.principal);
return 0;
}
if(des_read_pw_string(buf, sizeof(buf), "Password: ", 1))
goto out;
password_string = buf;
}
if(password_string) {
@ -150,6 +163,8 @@ kt_add(int argc, char **argv)
ret = krb5_kt_add_entry(context, keytab, &entry);
if(ret)
krb5_warn(context, ret, "add");
out:
krb5_kt_free_entry(context, &entry);
krb5_kt_close(context, keytab);
return 0;
}

41
crypto/heimdal/admin/change.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,10 +33,11 @@
#include "ktutil_locl.h"
RCSID("$Id: change.c,v 1.2 2000/06/03 12:24:03 assar Exp $");
RCSID("$Id: change.c,v 1.3 2001/05/10 15:40:07 assar Exp $");
static void
change_entry (krb5_context context, krb5_keytab_entry *entry,
change_entry (krb5_context context, krb5_keytab keytab,
krb5_keytab_entry *entry,
const char *realm, const char *admin_server, int server_port)
{
krb5_error_code ret;
@ -49,7 +50,7 @@ change_entry (krb5_context context, krb5_keytab_entry *entry,
ret = krb5_unparse_name (context, entry->principal, &client_name);
if (ret) {
krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx");
krb5_warn (context, ret, "krb5_unparse_name");
return;
}
@ -113,6 +114,7 @@ int
kt_change (int argc, char **argv)
{
krb5_error_code ret;
krb5_keytab keytab;
krb5_kt_cursor cursor;
krb5_keytab_entry entry;
char *realm = NULL;
@ -145,21 +147,39 @@ kt_change (int argc, char **argv)
|| help_flag) {
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil change", "principal...");
return 0;
return 1;
}
if (keytab_string == NULL) {
ret = krb5_kt_default_modify_name (context, keytab_buf,
sizeof(keytab_buf));
if (ret) {
krb5_warn(context, ret, "krb5_kt_default_modify_name");
return 1;
}
keytab_string = keytab_buf;
}
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 1;
}
if (verbose_flag)
fprintf (stderr, "Using keytab %s\n", keytab_string);
j = 0;
max = 10;
princs = malloc (max * sizeof(*princs));
if (princs == NULL) {
krb5_warnx (context, "malloc: out of memory");
return 1;
goto out;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
return 1;
goto out;
}
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@ -174,7 +194,8 @@ kt_change (int argc, char **argv)
continue;
if (optind == argc) {
change_entry (context, &entry, realm, admin_server, server_port);
change_entry (context, keytab, &entry, realm, admin_server,
server_port);
done = 1;
} else {
for (i = optind; i < argc; ++i) {
@ -186,7 +207,7 @@ kt_change (int argc, char **argv)
continue;
}
if (krb5_principal_compare (context, princ, entry.principal)) {
change_entry (context, &entry,
change_entry (context, keytab, &entry,
realm, admin_server, server_port);
done = 1;
}
@ -220,5 +241,7 @@ kt_change (int argc, char **argv)
krb5_free_principal (context, princs[j]);
free (princs);
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
out:
krb5_kt_close(context, keytab);
return 0;
}

23
crypto/heimdal/admin/copy.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: copy.c,v 1.5 2000/12/16 00:45:29 joda Exp $");
RCSID("$Id: copy.c,v 1.7 2001/05/11 00:54:01 assar Exp $");
static krb5_boolean
@ -57,22 +57,25 @@ kt_copy_int (const char *from, const char *to)
ret = krb5_kt_resolve (context, from, &src_keytab);
if (ret) {
krb5_warn (context, ret, "resolving src keytab `%s'", from);
return 0;
return 1;
}
ret = krb5_kt_resolve (context, to, &dst_keytab);
if (ret) {
krb5_kt_close (context, src_keytab);
krb5_warn (context, ret, "resolving dst keytab `%s'", to);
return 0;
return 1;
}
ret = krb5_kt_start_seq_get (context, src_keytab, &cursor);
if (ret) {
krb5_warn (context, ret, "krb5_kt_start_seq_get %s", keytab_string);
goto fail;
goto out;
}
if (verbose_flag)
fprintf(stderr, "copying %s to %s\n", from, to);
while((ret = krb5_kt_next_entry(context, src_keytab,
&entry, &cursor)) == 0) {
char *name_str;
@ -121,7 +124,7 @@ kt_copy_int (const char *from, const char *to)
}
krb5_kt_end_seq_get (context, src_keytab, &cursor);
fail:
out:
krb5_kt_close (context, src_keytab);
krb5_kt_close (context, dst_keytab);
return 0;
@ -146,12 +149,12 @@ kt_copy (int argc, char **argv)
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
return 0;
return 1;
}
if (help_flag) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
return 0;
return 1;
}
argv += optind;
@ -160,7 +163,7 @@ kt_copy (int argc, char **argv)
if (argc != 2) {
arg_printusage(args, num_args, "ktutil copy",
"keytab-src keytab-dest");
return 0;
return 1;
}
return kt_copy_int(argv[0], argv[1]);
@ -220,7 +223,7 @@ conv(int srvconv, int argc, char **argv)
if(keytab_string != NULL)
return kt_copy_int(kt4, keytab_string);
else {
krb5_kt_default_name(context, kt5, sizeof(kt5));
krb5_kt_default_modify_name(context, kt5, sizeof(kt5));
return kt_copy_int(kt4, kt5);
}
} else {

99
crypto/heimdal/admin/get.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,14 +33,15 @@
#include "ktutil_locl.h"
RCSID("$Id: get.c,v 1.16 2000/12/31 02:51:43 assar Exp $");
RCSID("$Id: get.c,v 1.18 2001/05/10 15:42:01 assar Exp $");
int
kt_get(int argc, char **argv)
{
krb5_error_code ret;
krb5_error_code ret = 0;
krb5_keytab keytab;
kadm5_config_params conf;
void *kadm_handle;
void *kadm_handle = NULL;
char *principal = NULL;
char *realm = NULL;
char *admin_server = NULL;
@ -48,11 +49,16 @@ kt_get(int argc, char **argv)
int help_flag = 0;
int optind = 0;
int i, j;
struct getarg_strings etype_strs = {0, NULL};
krb5_enctype *etypes = NULL;
size_t netypes = 0;
struct getargs args[] = {
{ "principal", 'p', arg_string, NULL,
"admin principal", "principal"
},
{ "enctypes", 'e', arg_strings, NULL,
"encryption types to use", "enctypes" },
{ "realm", 'r', arg_string, NULL,
"realm to use", "realm"
},
@ -66,10 +72,11 @@ kt_get(int argc, char **argv)
};
args[0].value = &principal;
args[1].value = &realm;
args[2].value = &admin_server;
args[3].value = &server_port;
args[4].value = &help_flag;
args[1].value = &etype_strs;
args[2].value = &realm;
args[3].value = &admin_server;
args[4].value = &server_port;
args[5].value = &help_flag;
memset(&conf, 0, sizeof(conf));
@ -77,9 +84,45 @@ kt_get(int argc, char **argv)
|| help_flag) {
arg_printusage(args, sizeof(args) / sizeof(args[0]),
"ktutil get", "principal...");
return 0;
return 1;
}
if (keytab_string == NULL) {
ret = krb5_kt_default_modify_name (context, keytab_buf,
sizeof(keytab_buf));
if (ret) {
krb5_warn(context, ret, "krb5_kt_default_modify_name");
return 1;
}
keytab_string = keytab_buf;
}
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 1;
}
if (etype_strs.num_strings) {
int i;
etypes = malloc (etype_strs.num_strings * sizeof(*etypes));
if (etypes == NULL) {
krb5_warnx(context, "malloc failed");
goto out;
}
netypes = etype_strs.num_strings;
for(i = 0; i < netypes; i++) {
ret = krb5_string_to_enctype(context,
etype_strs.strings[i],
&etypes[i]);
if(ret) {
krb5_warnx(context, "unrecognized enctype: %s",
etype_strs.strings[i]);
goto out;
}
}
}
if(realm) {
krb5_set_default_realm(context, realm); /* XXX should be fixed
some other way */
@ -105,10 +148,9 @@ kt_get(int argc, char **argv)
&kadm_handle);
if(ret) {
krb5_warn(context, ret, "kadm5_init_with_password");
return 0;
goto out;
}
for(i = optind; i < argc; i++){
krb5_principal princ_ent;
kadm5_principal_ent_rec princ;
@ -166,17 +208,38 @@ kt_get(int argc, char **argv)
continue;
}
for(j = 0; j < n_keys; j++) {
entry.principal = princ_ent;
entry.vno = princ.kvno;
entry.keyblock = keys[j];
entry.timestamp = time (NULL);
ret = krb5_kt_add_entry(context, keytab, &entry);
int do_add = TRUE;
if (netypes) {
int i;
do_add = FALSE;
for (i = 0; i < netypes; ++i)
if (keys[j].keytype == etypes[i]) {
do_add = TRUE;
break;
}
}
if (do_add) {
entry.principal = princ_ent;
entry.vno = princ.kvno;
entry.keyblock = keys[j];
entry.timestamp = time (NULL);
ret = krb5_kt_add_entry(context, keytab, &entry);
if (ret)
krb5_warn(context, ret, "krb5_kt_add_entry");
}
krb5_free_keyblock_contents(context, &keys[j]);
}
kadm5_free_principal_ent(kadm_handle, &princ);
krb5_free_principal(context, princ_ent);
}
kadm5_destroy(kadm_handle);
return 0;
out:
free_getarg_strings(&etype_strs);
free(etypes);
if (kadm_handle)
kadm5_destroy(kadm_handle);
krb5_kt_close(context, keytab);
return ret != 0;
}

6
crypto/heimdal/admin/ktutil.8
View file

@ -1,4 +1,4 @@
.\" $Id: ktutil.8,v 1.9 2000/12/16 00:58:49 joda Exp $
.\" $Id: ktutil.8,v 1.12 2001/06/08 21:35:31 joda Exp $
.\"
.Dd December 16, 2000
.Dt KTUTIL 8
@ -63,6 +63,10 @@ to
.It get Xo
.Op Fl p Ar admin principal
.Op Fl -principal= Ns Ar admin principal
.Oo Fl e Ar enctype \*(Ba Xo
.Fl -enctypes= Ns Ar enctype
.Xc
.Oc
.Op Fl r Ar realm
.Op Fl -realm= Ns Ar realm
.Op Fl a Ar admin server

20
crypto/heimdal/admin/ktutil.c
View file

@ -34,14 +34,13 @@
#include "ktutil_locl.h"
#include <err.h>
RCSID("$Id: ktutil.c,v 1.30 2001/01/25 12:44:37 assar Exp $");
RCSID("$Id: ktutil.c,v 1.33 2001/05/10 16:04:27 assar Exp $");
static int help_flag;
static int version_flag;
int verbose_flag;
char *keytab_string;
static char keytab_buf[256];
char keytab_buf[256];
static int help(int argc, char **argv);
@ -108,7 +107,6 @@ static struct getargs args[] = {
static int num_args = sizeof(args) / sizeof(args[0]);
krb5_context context;
krb5_keytab keytab;
static int
help(int argc, char **argv)
@ -129,7 +127,7 @@ main(int argc, char **argv)
{
int optind = 0;
krb5_error_code ret;
set_progname(argv[0]);
setprogname(argv[0]);
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
@ -145,20 +143,8 @@ main(int argc, char **argv)
argv += optind;
if(argc == 0)
usage(1);
if(keytab_string) {
ret = krb5_kt_resolve(context, keytab_string, &keytab);
} else {
if(krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)))
strlcpy (keytab_buf, "unknown", sizeof(keytab_buf));
keytab_string = keytab_buf;
ret = krb5_kt_default(context, &keytab);
}
if(ret)
krb5_err(context, 1, ret, "resolving keytab");
ret = sl_command(cmds, argc, argv);
if(ret == -1)
krb5_warnx (context, "unrecognized command: %s", argv[0]);
krb5_kt_close(context, keytab);
return ret;
}

71
crypto/heimdal/admin/ktutil.cat8 Normal file
View file

@ -0,0 +1,71 @@
KTUTIL(8) UNIX System Manager's Manual KTUTIL(8)
NNAAMMEE
kkttuuttiill - manage Kerberos keytabs
SSYYNNOOPPSSIISS
kkttuuttiill [--kk _k_e_y_t_a_b | ----kkeeyyttaabb==_k_e_y_t_a_b] [--vv | ----vveerrbboossee] [----vveerrssiioonn] [--hh |
----hheellpp] _c_o_m_m_a_n_d [_a_r_g_s]
DDEESSCCRRIIPPTTIIOONN
kkttuuttiill is a program for managing keytabs. _c_o_m_m_a_n_d can be one of the fol-
lowing:
add [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV _k_v_n_o] [----kkvvnnoo==_k_v_n_o] [--ee
_e_n_c_y_p_e] [----eennccttyyppee==_e_n_c_t_y_p_e] [--ww _p_a_s_s_w_o_r_d] [----ppaasssswwoorrdd==_p_a_s_s_w_o_r_d]
[--rr] [----rraannddoomm] [--ss] [----nnoo--ssaalltt]
Adds a key to the keytab. Options that are not specified will be
prompted for.
change [--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [----aa _h_o_s_t] [----aaddmmiinn--sseerrvveerr==_h_o_s_t] [----ss
_p_o_r_t] [----sseerrvveerr--ppoorrtt==_p_o_r_t]
Update one or several keys to new versions. By default, use the
admin server for the realm of an keytab entry. Otherwise it will
use the values specified by the options.
If no principals are given, all the ones in the keytab are updat-
ed.
copy _k_e_y_t_a_b_-_s_r_c _k_e_y_t_a_b_-_d_e_s_t
Copies all the entries from _k_e_y_t_a_b_-_s_r_c to _k_e_y_t_a_b_-_d_e_s_t.
get [--pp _a_d_m_i_n _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_a_d_m_i_n _p_r_i_n_c_i_p_a_l] [--ee _e_n_c_t_y_p_e |
----eennccttyyppeess==_e_n_c_t_y_p_e
sseerrvveerr==_a_d_m_i_n _s_e_r_v_e_r] [--ss _s_e_r_v_e_r _p_o_r_t] [----sseerrvveerr--ppoorrtt==_s_e_r_v_e_r _p_o_r_t]
_p_r_i_n_c_i_p_a_l ][--rr _r_e_a_l_m] [----rreeaallmm==_r_e_a_l_m] [--aa _a_d_m_i_n _s_e_r_v_e_r]
[----aaddmmiinn-- Get a key for pprriinncciippaall and store it in a keytab.
list [----kkeeyyss] [----ttiimmeessttaammpp]
List the keys stored in the keytab.
remove [--pp _p_r_i_n_c_i_p_a_l] [----pprriinncciippaall==_p_r_i_n_c_i_p_a_l] [--VV --kkvvnnoo] [----kkvvnnoo==_k_v_n_o]
[--ee --eennccttyyppee] [----eennccttyyppee==_e_n_c_t_y_p_e]
Removes the specified key or keys. Not specifying a _k_v_n_o removes
keys with any version number. Not specifying a _e_n_c_t_y_p_e removes
keys of any type.
purge [----aaggee==_a_g_e]
Removes all old entries (for which there is a newer version) that
are older than _a_g_e (default one week).
srvconvert
srv2keytab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
Converts the version 4 srvtab in _s_r_v_t_a_b to a version 5 keytab and
stores it in _k_e_y_t_a_b. Identical to:
ktutil copy krb4:_s_r_v_t_a_b _k_e_y_t_a_b
srvcreate
key2srvtab [--ss _s_r_v_t_a_b] [----ssrrvvttaabb==_s_r_v_t_a_b]
Converts the version 5 keytab in _k_e_y_t_a_b to a version 4 srvtab and
stores it in _s_r_v_t_a_b. Identical to:
ktutil copy _k_e_y_t_a_b krb4:_s_r_v_t_a_b
SSEEEE AALLSSOO
kadmin(8)
HEIMDAL December 16, 2000 2

10
crypto/heimdal/admin/ktutil_locl.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
/*
* $Id: ktutil_locl.h,v 1.12 2000/07/19 13:58:19 assar Exp $
* $Id: ktutil_locl.h,v 1.14 2001/05/10 15:42:45 assar Exp $
*/
#ifndef __KTUTIL_LOCL_H__
@ -54,7 +54,11 @@
#include <parse_time.h>
#include <roken.h>
#ifdef HAVE_OPENSSL_DES_H
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <krb5.h>
#include <kadm5/admin.h>
@ -64,10 +68,10 @@
#include <getarg.h>
extern krb5_context context;
extern krb5_keytab keytab;
extern int verbose_flag;
extern char *keytab_string;
extern char keytab_buf[256];
int kt_add (int argc, char **argv);
int kt_change (int argc, char **argv);

68
crypto/heimdal/admin/list.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: list.c,v 1.3 2000/06/29 08:21:40 joda Exp $");
RCSID("$Id: list.c,v 1.8 2001/05/11 00:54:01 assar Exp $");
static int help_flag;
static int list_keys;
@ -56,13 +56,13 @@ struct key_info {
struct key_info *next;
};
int
kt_list(int argc, char **argv)
static int
do_list(const char *keytab_string)
{
krb5_error_code ret;
krb5_kt_cursor cursor;
krb5_keytab keytab;
krb5_keytab_entry entry;
int optind = 0;
krb5_kt_cursor cursor;
struct key_info *ki, **kie = &ki, *kp;
int max_version = sizeof("Vno") - 1;
@ -71,27 +71,30 @@ kt_list(int argc, char **argv)
int max_timestamp = sizeof("Date") - 1;
int max_key = sizeof("Key") - 1;
if(verbose_flag)
list_timestamp = 1;
if(getarg(args, num_args, argc, argv, &optind)){
arg_printusage(args, num_args, "ktutil list", "");
return 1;
}
if(help_flag){
arg_printusage(args, num_args, "ktutil list", "");
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 0;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
return 1;
goto out;
}
printf ("%s:\n\n", keytab_string);
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){
#define CHECK_MAX(F) if(max_##F < strlen(kp->F)) max_##F = strlen(kp->F)
kp = malloc(sizeof(*kp));
if (kp == NULL) {
krb5_kt_free_entry(context, &entry);
krb5_kt_end_seq_get(context, keytab, &cursor);
krb5_warn(context, ret, "malloc failed");
goto out;
}
asprintf(&kp->version, "%d", entry.vno);
CHECK_MAX(version);
@ -100,7 +103,7 @@ kt_list(int argc, char **argv)
if (ret != 0)
asprintf(&kp->etype, "unknown (%d)", entry.keyblock.keytype);
CHECK_MAX(etype);
krb5_unparse_name_short(context, entry.principal, &kp->principal);
krb5_unparse_name(context, entry.principal, &kp->principal);
CHECK_MAX(principal);
if (list_timestamp) {
char tstamp[256];
@ -159,5 +162,36 @@ kt_list(int argc, char **argv)
kp = kp->next;
free(ki);
}
out:
krb5_kt_close(context, keytab);
return 0;
}
int
kt_list(int argc, char **argv)
{
int optind = 0;
if(verbose_flag)
list_timestamp = 1;
if(getarg(args, num_args, argc, argv, &optind)){
arg_printusage(args, num_args, "ktutil list", "");
return 1;
}
if(help_flag){
arg_printusage(args, num_args, "ktutil list", "");
return 0;
}
if (keytab_string == NULL) {
do_list("FILE:/etc/krb5.keytab");
#ifdef KRB4
printf ("\n");
do_list("krb4:/etc/srvtab");
#endif
} else {
do_list(keytab_string);
}
return 0;
}

43
crypto/heimdal/admin/purge.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: purge.c,v 1.3 2000/06/29 08:31:47 joda Exp $");
RCSID("$Id: purge.c,v 1.5 2001/05/11 00:54:01 assar Exp $");
/*
* keep track of the highest version for every principal.
@ -97,8 +97,9 @@ delete_list (struct e *head)
int
kt_purge(int argc, char **argv)
{
krb5_error_code ret;
krb5_error_code ret = 0;
krb5_kt_cursor cursor;
krb5_keytab keytab;
krb5_keytab_entry entry;
int help_flag = 0;
char *age_str = "1 week";
@ -117,26 +118,44 @@ kt_purge(int argc, char **argv)
args[i++].value = &help_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil remove", "");
return 0;
arg_printusage(args, num_args, "ktutil purge", "");
return 1;
}
if(help_flag) {
arg_printusage(args, num_args, "ktutil remove", "");
return 0;
arg_printusage(args, num_args, "ktutil purge", "");
return 1;
}
age = parse_time(age_str, "s");
if(age < 0) {
krb5_warnx(context, "unparasable time `%s'", age_str);
return 0;
return 1;
}
if (keytab_string == NULL) {
ret = krb5_kt_default_modify_name (context, keytab_buf,
sizeof(keytab_buf));
if (ret) {
krb5_warn(context, ret, "krb5_kt_default_modify_name");
return 1;
}
keytab_string = keytab_buf;
}
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 1;
}
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get %s", keytab_string);
return 1;
goto out;
}
if (verbose_flag)
fprintf (stderr, "Using keytab %s\n", keytab_string);
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
add_entry (entry.principal, entry.vno, &head);
krb5_kt_free_entry(context, &entry);
@ -148,7 +167,7 @@ kt_purge(int argc, char **argv)
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
krb5_warn(context, ret, "krb5_kt_start_seq_get, %s", keytab_string);
return 1;
goto out;
}
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
@ -178,5 +197,7 @@ kt_purge(int argc, char **argv)
delete_list (head);
return 0;
out:
krb5_kt_close (context, keytab);
return ret != 0;
}

35
crypto/heimdal/admin/remove.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,13 +33,14 @@
#include "ktutil_locl.h"
RCSID("$Id: remove.c,v 1.1 2000/01/02 04:41:02 assar Exp $");
RCSID("$Id: remove.c,v 1.2 2001/05/10 15:44:58 assar Exp $");
int
kt_remove(int argc, char **argv)
{
krb5_error_code ret;
krb5_error_code ret = 0;
krb5_keytab_entry entry;
krb5_keytab keytab;
char *principal_string = NULL;
krb5_principal principal = NULL;
int kvno = 0;
@ -61,7 +62,7 @@ kt_remove(int argc, char **argv)
args[i++].value = &help_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil remove", "");
return 0;
return 1;
}
if(help_flag) {
arg_printusage(args, num_args, "ktutil remove", "");
@ -71,7 +72,7 @@ kt_remove(int argc, char **argv)
ret = krb5_parse_name(context, principal_string, &principal);
if(ret) {
krb5_warn(context, ret, "%s", principal_string);
return 0;
return 1;
}
}
if(keytype_string) {
@ -84,7 +85,7 @@ kt_remove(int argc, char **argv)
krb5_warn(context, ret, "%s", keytype_string);
if(principal)
krb5_free_principal(context, principal);
return 0;
return 1;
}
}
}
@ -92,12 +93,32 @@ kt_remove(int argc, char **argv)
krb5_warnx(context,
"You must give at least one of "
"principal, enctype or kvno.");
return 0;
return 1;
}
if (keytab_string == NULL) {
ret = krb5_kt_default_modify_name (context, keytab_buf,
sizeof(keytab_buf));
if (ret) {
krb5_warn(context, ret, "krb5_kt_default_modify_name");
return 1;
}
keytab_string = keytab_buf;
}
ret = krb5_kt_resolve(context, keytab_string, &keytab);
if (ret) {
krb5_warn(context, ret, "resolving keytab %s", keytab_string);
return 1;
}
if (verbose_flag)
fprintf (stderr, "Using keytab %s\n", keytab_string);
entry.principal = principal;
entry.keyblock.keytype = enctype;
entry.vno = kvno;
ret = krb5_kt_remove_entry(context, keytab, &entry);
krb5_kt_close(context, keytab);
if(ret)
krb5_warn(context, ret, "remove");
if(principal)

29
crypto/heimdal/appl/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
@OTP_TRUE@dir_otp = @OTP_TRUE@otp
@ -227,7 +230,7 @@ DIST_SUBDIRS = afsutil ftp login otp popper push rsh rcp su xnlock \
telnet test kx kf dceutils
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/Makefile
@ -268,11 +271,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
rev="$$subdir $$rev"; \
if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
rev=''; for subdir in $$list; do \
if test "$$subdir" = "."; then :; else \
rev="$$subdir $$rev"; \
fi; \
done; \
test "$$dot_seen" = "no" && rev=". $$rev"; \
rev="$$rev ."; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
@ -318,6 +326,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

4
crypto/heimdal/appl/afsutil/ChangeLog
View file

@ -1,3 +1,7 @@
2001-05-17 Assar Westerlund <assar@sics.se>
* afslog.c (main): call free_getarg_strings
2000-12-31 Assar Westerlund <assar@sics.se>
* afslog.c (main): handle krb5_init_context failure consistently

16
crypto/heimdal/appl/afsutil/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
@KRB4_TRUE@AFSPROGS = @KRB4_TRUE@afslog pagsh
@ -253,7 +256,7 @@ OBJECTS = $(am_afslog_OBJECTS) $(am_pagsh_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/afsutil/Makefile
@ -349,6 +352,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

6
crypto/heimdal/appl/afsutil/afslog.c
View file

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: afslog.c,v 1.14 2001/01/25 12:44:46 assar Exp $");
RCSID("$Id: afslog.c,v 1.16 2001/05/16 22:10:15 assar Exp $");
#endif
#include <ctype.h>
#include <krb5.h>
@ -179,7 +179,7 @@ main(int argc, char **argv)
int num;
int ret = 0;
set_progname(argv[0]);
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
@ -206,10 +206,12 @@ main(int argc, char **argv)
for(i = 0; i < files.num_strings; i++){
afslog_file(context, id, files.strings[i]);
num++;
free_getarg_strings (&files);
}
for(i = 0; i < cells.num_strings; i++){
afslog_cell(context, id, cells.strings[i], 1);
num++;
free_getarg_strings (&cells);
}
for(i = optind; i < argc; i++){
num++;

18
crypto/heimdal/appl/dceutils/ChangeLog Normal file
View file

@ -0,0 +1,18 @@
2001-02-07 Assar Westerlund <assar@sics.se>
* Makefile.am (dpagaix): needs to be linked with ld, add an
explicit command for it. from Ake Sandgren <ake@cs.umu.se>
2000-10-02 Assar Westerlund <assar@sics.se>
* Makefile.am: link with roken on everything except irix, where
apperently it fails. reported by Ake Sandgren <ake@cs.umu.se>
2000-07-17 Johan Danielsson <joda@pdc.kth.se>
* Makefile.am: set compiler flags
2000-07-01 Assar Westerlund <assar@sics.se>
* imported stuff from Ake Sandgren <ake@cs.umu.se>

30
crypto/heimdal/appl/dceutils/Makefile.am Normal file
View file

@ -0,0 +1,30 @@
# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $
include $(top_srcdir)/Makefile.am.common
DFSPROGS = k5dcecon
if AIX
AIX_DFSPROGS = dpagaix
endif
libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDFLAGS = @dpagaix_LDFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
dpagaix: $(dpagaix_OBJECTS)
ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
LIB_dce = -ldce
k5dcecon_SOURCES = k5dcecon.c k5dce.h
dpagaix_SOURCES = dpagaix.c
if IRIX
LDADD = $(LIB_dce)
else
LDADD = $(LIB_roken) $(LIB_dce)
endif

594
crypto/heimdal/appl/dceutils/Makefile.in Normal file
View file

@ -0,0 +1,594 @@
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ../..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
@SET_MAKE@
host_alias = @host_alias@
host_triplet = @host@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMDEP = @AMDEP@
AMTAR = @AMTAR@
AS = @AS@
AWK = @AWK@
CANONICAL_HOST = @CANONICAL_HOST@
CATMAN = @CATMAN@
CATMANEXT = @CATMANEXT@
CC = @CC@
CPP = @CPP@
CXX = @CXX@
CXXCPP = @CXXCPP@
DBLIB = @DBLIB@
DEPDIR = @DEPDIR@
DIR_des = @DIR_des@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
INCLUDE_ = @INCLUDE_@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
LIB_des = @LIB_des@
LIB_des_appl = @LIB_des_appl@
LIB_kdb = @LIB_kdb@
LIB_otp = @LIB_otp@
LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS = @WFLAGS@
WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
YACC = @YACC@
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
install_sh = @install_sh@
# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
AM_CFLAGS = $(WFLAGS)
CP = cp
COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
buildinclude = $(top_builddir)/include
LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_crypt = @LIB_crypt@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_gethostbyname = @LIB_gethostbyname@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_getpwnam_r = @LIB_getpwnam_r@
LIB_getsockopt = @LIB_getsockopt@
LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
LIB_res_search = @LIB_res_search@
LIB_setpcred = @LIB_setpcred@
LIB_setsockopt = @LIB_setsockopt@
LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
LIB_hesiod = @LIB_hesiod@
INCLUDE_krb4 = @INCLUDE_krb4@
LIB_krb4 = @LIB_krb4@
INCLUDE_openldap = @INCLUDE_openldap@
LIB_openldap = @LIB_openldap@
INCLUDE_readline = @INCLUDE_readline@
LEXLIB = @LEXLIB@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
DFSPROGS = k5dcecon
@AIX_TRUE@AIX_DFSPROGS = @AIX_TRUE@dpagaix
libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS)
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDFLAGS = @dpagaix_LDFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
LIB_dce = -ldce
k5dcecon_SOURCES = k5dcecon.c k5dce.h
dpagaix_SOURCES = dpagaix.c
@IRIX_TRUE@LDADD = @IRIX_TRUE@$(LIB_dce)
@IRIX_FALSE@LDADD = @IRIX_FALSE@$(LIB_roken) $(LIB_dce)
subdir = appl/dceutils
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
CONFIG_CLEAN_FILES =
@AIX_FALSE@libexec_PROGRAMS = k5dcecon$(EXEEXT)
@AIX_TRUE@libexec_PROGRAMS = k5dcecon$(EXEEXT) dpagaix$(EXEEXT)
PROGRAMS = $(libexec_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
X_CFLAGS = @X_CFLAGS@
X_LIBS = @X_LIBS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
am_dpagaix_OBJECTS = dpagaix-dpagaix.$(OBJEXT)
dpagaix_OBJECTS = $(am_dpagaix_OBJECTS)
dpagaix_DEPENDENCIES =
am_k5dcecon_OBJECTS = k5dcecon.$(OBJEXT)
k5dcecon_OBJECTS = $(am_k5dcecon_OBJECTS)
k5dcecon_LDADD = $(LDADD)
@IRIX_FALSE@k5dcecon_DEPENDENCIES =
@IRIX_TRUE@k5dcecon_DEPENDENCIES =
k5dcecon_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CFLAGS = @CFLAGS@
CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
DIST_SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
depcomp =
DIST_COMMON = ChangeLog Makefile.am Makefile.in compile
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES)
OBJECTS = $(am_dpagaix_OBJECTS) $(am_k5dcecon_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/dceutils/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-libexecPROGRAMS:
clean-libexecPROGRAMS:
-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
distclean-libexecPROGRAMS:
maintainer-clean-libexecPROGRAMS:
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libexecdir)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
$(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
else :; fi; \
done
uninstall-libexecPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
rm -f $(DESTDIR)$(libexecdir)/$$f; \
done
mostlyclean-compile:
-rm -f *.o core *.core
-rm -f *.$(OBJEXT)
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
maintainer-clean-libtool:
dpagaix-dpagaix.$(OBJEXT): dpagaix.c
$(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.$(OBJEXT) `test -f dpagaix.c || echo '$(srcdir)/'`dpagaix.c
dpagaix$(EXEEXT): $(dpagaix_OBJECTS) $(dpagaix_DEPENDENCIES)
@rm -f dpagaix$(EXEEXT)
$(LINK) $(dpagaix_LDFLAGS) $(dpagaix_OBJECTS) $(dpagaix_LDADD) $(LIBS)
k5dcecon$(EXEEXT): $(k5dcecon_OBJECTS) $(k5dcecon_DEPENDENCIES)
@rm -f k5dcecon$(EXEEXT)
$(LINK) $(k5dcecon_LDFLAGS) $(k5dcecon_OBJECTS) $(k5dcecon_LDADD) $(LIBS)
.c.o:
$(COMPILE) -c $<
.c.obj:
$(COMPILE) -c `cygpath -w $<`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am: install-libexecPROGRAMS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec: install-exec-am
install-data-am: install-data-local
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-libexecPROGRAMS
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS) all-local
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(libexecdir)
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
-rm -f Makefile.in
mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-compile \
mostlyclean-libtool mostlyclean-tags \
mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-libexecPROGRAMS clean-compile clean-libtool clean-tags \
clean-generic mostlyclean-am
clean: clean-am
distclean-am: distclean-libexecPROGRAMS distclean-compile \
distclean-libtool distclean-tags distclean-generic \
clean-am
-rm -f libtool
distclean: distclean-am
maintainer-clean-am: maintainer-clean-libexecPROGRAMS \
maintainer-clean-compile maintainer-clean-libtool \
maintainer-clean-tags maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
distclean-compile clean-compile maintainer-clean-compile \
mostlyclean-libtool distclean-libtool clean-libtool \
maintainer-clean-libtool tags mostlyclean-tags distclean-tags \
clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \
check-local check check-am installcheck-am installcheck install-exec-am \
install-exec install-data-local install-data-am install-data install-am \
install uninstall-am uninstall all-local all-redirect all-am all \
install-strip installdirs mostlyclean-generic distclean-generic \
clean-generic maintainer-clean-generic clean mostlyclean distclean \
maintainer-clean
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
x=$(DESTDIR)$(bindir)/$$file; \
if chown 0:0 $$x && chmod u+s $$x; then :; else \
echo "*"; \
echo "* Failed to install $$x setuid root"; \
echo "*"; \
fi; done
install-exec-hook: install-suid-programs
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
$(CP) $$file $(buildinclude)/$$f; \
fi ; \
done
all-local: install-build-headers
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
.3.cat3:
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
dist-cat1-mans:
@foo='$(man1_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.1) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat3-mans:
@foo='$(man3_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.3) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat5-mans:
@foo='$(man5_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.5) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.8) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
.et.h:
$(COMPILE_ET) $<
.et.c:
$(COMPILE_ET) $<
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
check-local::
@foo='$(CHECK_LOCAL)'; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
dpagaix: $(dpagaix_OBJECTS)
ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

59
crypto/heimdal/appl/dceutils/README.dcedfs Normal file
View file

@ -0,0 +1,59 @@
This is a set of patches and files to get a DFS ticket from a k5 ticket.
This code comes from Doug Engert, Argonne Nat. Lab (See dce/README.original
for more info)
The files in dce are;
testpag: for testing if this is at all possible.
k5dfspag: included in libkrb5
k5dcecon: Creates (or searches for) the actual DFSPAG ticketfile.
dpagaix: An AIX syscall stub.
README.original: Original README file from Doug Engert
Certain applications (rshd/telnetd) have been patched to call the
functions in k5dfspag when the situation is right. They are ifdef
with DCE. The patches are also originally from Doug but they
where against MIT krb5 code and have been merged into heimdal by me.
I will try to fix ftpd soon...
There is also an ifdefs for DCE && AIX that can be used to make AIX
use DCE for getting group/passwd entries. This is needed if one is running
with a bare bones passwd/group file and AUTHSTATE set to DCE (This will be
more or less clear to people doing this...) I have forced this on for now.
k5dfspag.c is in lib/krb5
k5dfspag.c is dependent on DCE only.
It is also POSIX systems only. There are defines for the location of
k5dcecon and dpagaix that needs a correct configure setting.
k5dcecon needs no special things for the compile except whatever is needed
on the target system to compile dce programs.
(On aix the dce compile flags are: -D_THREAD_SAFE -D_AIX32_THREADS=1 -D_AIX41 -D_AES_SOURCE or one can use xlc_r4 if it is version 3.6.4 or later)
k5dcecon wants the following libs (on aix 4.3):
-ldce (and setenv from somewhere)
dpagaix is only needed on AIX (see k5dfspag.c).
dpagaix needs dfspag.exp and is linked with
ld -edpagaix -o dpagaix dpagaix.o dfspag.exp
Hope to get this into heimdal soon :-) although I know that you will have to
change some things to get it cleanly into configure. Since I don't know the
structure of the code (heimdal), nor enough of configure, good enough I
just won't try it myself.
One more thing, to get this to work one has to put fcache_version = x in
krb5.conf where x = whatever the DCE implementation understands, (usually
1 or 2).
Thanks for adding that...
Åke Sandgren (ake@hpc2n.umu.se)
HPC2N
Umeå University
Sweden
PS
I have now added patches for configure.in and some Makefile.am's to get this
all cleanly (I hope) into heimdal.

335
crypto/heimdal/appl/dceutils/README.original Normal file
View file

@ -0,0 +1,335 @@
KERBEROS and DCE INTEROPERABILITY ROUTINES
WHAT'S NEW
When k5dcecon was examining the ticket caches looking to
update one with a newer TGT, it might update the wrong
one for the correct user. This problem was reported by PNNL,
and is now fixed.
Any Kerberized application can now use a forwarded TGT to establish a
DCE context, or can use a previously established DCE context. This is
both a functional improvement and a performance improvement.
BACKGROUND
The MIT Kerberos 5 Release 1.x and DCE 1.1 can interoperate in a
number of ways. This is possible because:
o DCE used Kerberos 5 internally. Based on the MIT code as of beta 4
or so, with additional changes.
o The DCE security server can act as a K5 KDC, as defined in RFC 1510
and responds on port 88.
o On the clients, DCE and Kerberos use the same format for the ticket
cache, and then can share it. The KRB5CCNAME environment variable points
at the cache.
o On the clients, DCE and Kerberos use the same format for the srvtab
file. DCE refers to is a /krb5/v5srvtab and Kerberos as
/etc/krb5.keytab. They can be symlinked.
o MIT has added many options to the krb5.conf configuration file
which allows newer features of Release 1.0 to be turned off to match
the earlier version of Kerberos upon which DCE is based.
o DCE will accept a externally obtained Kerberos TGT in place of a
password when establishing a DCE context.
There are some areas where they differ, including the following:
o Administration of the database and the keytab files is done by the
DCE routines, rather the the Kerberos kadmin.
o User password changes must be done using the DCE commands. Kpasswd
does not work. (But there are mods to Kerberos to use the v5passwd
with DCE.
o DCE goes beyond authentication only, and provides authorization via
the PAC, and the dce-ptgt tickets stored in the cache. Thus a
Kerberos KDC can not act as a DCE security server.
o A DCE cell and Kerberos realm can cross-realm authenticate, but
there can be no intermediate realms. (There are other problems
in this area as well. But directly connected realms/cells do work.)
o You can't link a module with the DCE library and the Kerberos
library. They have conflicting routines, static data and structures.
One of the main features of DCE is the Distributed File System
DFS. Access to DFS requires authentication and authorization, and when
one uses a Kerberized network utility such as telnet, a forwarded
Kerberos ticket can be used to establish the DCE context to allow
access to DFS.
NEW TO THIS RELEASE
This release introduces sharing of a DCE context, and PAG, and allows
any Kerberized application to establish or share the context. This is
made possible by using an undocumented feature of DCE which is on at
least the Transarc and IBM releases of DCE 1.1.
I am in the process of trying to get this contributed to the general
DCE 1.2.2 release as a patch, so it could be included in other vendors
products. HP has expressed interest in doing this, as well as the
OpenGroup if the modification is contributed. You can help by
requesting Transarc and/or IBM to submit this modification to the
OpenGroup and ask your vendor to adopt this modification.
The feature is a modification to the setpag() system call which will
allow an authorized process to set the PAG to a specific value, and
thus allow unrelated processes to share the same PAG.
This then allows the Kerberized daemons such as kshd, to exec a DCE
module which established the DCE context. Kshd then sets the
KRB5CCNAME environment variable and then issues the setpag() to use
this context. This solves the linking problem. This is done via the
k5dfspag.c routine.
The k5dfspag.c code is compiled with the lib/krb5/os routines and
included in the libkrb5. A daemon calls krb5_dfs_pag after the
krb5_kuserok has determined that the Kerberos principal and local
userid pair are acceptable. This should be done early so as to give
the daemon access to the home directory which may be located on DFS.
If the .k5login file is used by krb5_kuserok it will need to be
accessed by the daemon and will need special ACL handling.
The krb5_dfs_pag routine will exec the k5dcecon module to do all the
real work. Upon return, if a PAG is obtained, krb5_dfs_pag with set
the PAG for the current process to the returned PAG value. It will
also set the KRB5CCNAME environment as well. Under DCE the PAG value
is the nnnnnnn part of the name of the cache:
FILE:/opt/dcelocal/var/security/creds/dcecred_nnnnnnnn.
The k5dcecon routine will attempt to use TGT which may have been
forwarded, to convert it to a DCE context. If there is no TGT, an
attempt will be made to join an existing PAG for the local userid, and
Kerberos principal. If there are existing PAGs, and a forwarded TGT,
k5dcecon will check the lifetime of the forwarded TGT, and if it is
less then the lifetime of the PAG, it will just join the PAG. If it
is greater, it will refresh the PAG using the forwarded TGT.
This approach has the advantage of not requiring many new tickets from
having to be obtained, and allows one to refresh a DCE context, or use
an already established context.
If the system also has AFS, the AFS krb5_afs_pag should be called
after the krb5_dfs_pag, since cache pointed at via the KRB5CCNAME may
have changed, such as if a DFS PAG has been joined. The AFS code does
not have the capability to join an existing AFS PAG, but can use the
same cache which might already had a
afsx/<afs.cell.name>@<k5.realm.name> service ticket.
WHAT'S IN THIS RELEASE
The k5prelogin, k5dcelogin, k5afslogin (with ak5log) were designed to
be slipped in between telnetd or klogind and login.krb5. They would
use a forwarded Kerberos ticket to establish a DCE context. They are
the older programs which are included here. They work on all DCE
platforms, and don't take advantage of the undocumented setpag
feature. (A version of k5dcelogin is being included with DCE 1.2.2)
K5dcecon is the new program which can be used to create, update or
join a DCE context. k5dcecon returns KRB5CCNAME string which contains
the PAG.
k5dfspag.c is to be built in the MIT Kerberos 5 release 1.0 patchlevel
1 and added to the libkrb5. It will exec k5dcecon and upon return set
the KRB5CCNAME and PAG. Mods to Kerberized klogind, rshd, telnetd,
ftpd are available to use the k5dfspag.
Testpag.c is a test programs to see if the PAG can be set.
The cpwkey.c routine can be used to change a key in the DCE registry,
by adding the key directly, or by setting the salt/pepper and password
or by providing the key and the pepper. This could be useful when
coping keys from a K4 or AFS database to DCE. It can also be used when
setting a DCE to K5 cross-cell key. This program is a test program
For mass inserts, it should be rewritten to read from stdin.
K5dcelogin can also be called directly, much like dce_login.
I use the following commands in effect do the same thing as dce_login
and get a forwardable ticket, DCE context and an AFS token:
#!/bin/csh
# simulate a dce_login using krb5 kinit and k5dcelogin
#
setenv KRB5CCNAME FILE:/tmp/krb5cc_p$$
/krb5/bin/kinit -f
exec /krb5/sbin/k5dcelogin /krb5/sbin/k5afslogin /bin/csh
#exec /krb5/sbin/k5dcelogin /bin/csh
This could be useful in a mixed cell where "AS_REQ" messages are
handled by a K5 KDC, but DCE RPCs are handled by the DCE security
server.
TESTING THE SETPAG
The krb5_dfs_pag routine relies on an undocumented feature which is
in the AIX and Transarc Solaris ports of DCE and has been recently
added to the SGI version. To test if this feature is present
on some other DFS implementation use the testpag routine.
The testpag routine attempts to set a PAG value to one you supply. It
uses the afs_syscall with the afs_setpag, and passes the supplied
PAG value as the next parameter. On an unmodifed system, this
will be ignored, and a new will be set. You should also check that
if run as a user, you cannot join a PAG owned by another user.
When run as root, any PAG should be usable.
On a machine with DFS running, do a dce_login to get a DCE context and
PAG. ECHO the KRB5CCNAME and look at the nnnnnnnn at the end. It
should look like an 8 char hex value, which may be 41ffxxxx on some
systems.
Su to root and unsetenv KRB5CCNAME. Do a testpag -n nnnnnnnn where
nnnnnnnn is the PAG obtained for the above name.
It should look like this example on an AIX 4.1.4 system:
pembroke# ./testpag -n 63dc9997
calling k5dcepag newpag=63dc9997
PAG returned = 63dc9997
You will be running under a new shell with the PAG and KRB5CCNAME set.
If the PAG returned is the same as the newpag, then it worked. You can
further verify this by doing a DCE klist, cd to DFS and a DCE klist
again. The klist should show some tickets for DFS servers.
If the PAG returned is not the same, and repeated attempts show a
returned PAG decremented by 1 from the previous returned PAG, then
this system does not have the modification For example:
# ./testpag -n 41fffff9
calling k5dcepag newpag=41fffff9
PAG returned = 41fffff8
# ./testpag -n 41fffff9
calling k5dcepag newpag=41fffff9
PAG returned = 41fffff7
In this case the syscall is ignoring the newpag parameter.
Running it with -n 0 should get the next PAG value with or without
this modification.
If the DFS kernel extensions are not installed, you would get
something like this:
caliban.ctd.anl.gov% ./testpag -n 012345678
calling k5dcepag newpag=012345678
Setpag failed with a system error
PAG returned = ffffffff
Not a good pag value
If you DFS implementation does not have this modification, you could
attempt to install it yourself. But this requires source and requires
modifications to the kernel extensions. At the end of this note is an
untested sample using the DCE 1.2.2 source code. You can also contact
your system vendor and ask for this modification.
UNICOS has a similar function setppag(newpag) which can be used to set
the PAG of the parent. Contact me if you are interested.
HOW TO INSTALL
Examine the k5dfspag.c file to make sure the DFS syscalls are correct
for your platform. See the /opt/dcelocal/share/include/dcedfs/syscall.h
on Solaris for example.
You should build the testpag routine and make sure it works before
adding all the other mods. If it fails you can still use the klogind
and telnetd with the k5prelogin and k5dcelogin code.
If you intend to install with a prefix other then /krb5, change:
DPAGAIX and K5DCECON in k5dfspag.c; the three references in
k5prelogin.c; and the DESTDIR in the Makefile.
Get k5101.cdiff.xxxxxx.tar file and install the mods for ANL_DFS_PAG
and ANL_DCE to the MIT Kerberos 5 source. These mods turn on some DCE
related changes and the calls to krb5_dfs_pag.
Symlink or copy the k5dfspag.c to the src/lib/krb5/os directory.
Add the -DANL_DFS_PAG and -DANL_DCE flags to the configuration.
Configure and Build the Kerberos v5.
Modify the k5dce Makefile for your system.
Build the k5dcecon and related programs.
Install both the MIT Kerberos v5 and the k5dcecon and dpagaix if AIX.
The makefile can also build k5dcelogin and k5prelogin. The install
can install k5dcelogin, k5prelogin and update the links for login.krb5
-> k5prelogin and moving login.krb5 to login.k5. If you will be using
the k5dcecon/k5dfspag with the Kerberos mods, you don't need
k5prelogin, or the links changed, and may not need k5dcelogin.
Note that Transarc has obfuscated the entries to the lib, and
the 1.0.3a is different from the 1.1. You may need to build two
versions of the k5dcelogin and/or k5dcecon one for each.
AIX ONLY
The dpagaix routine is needed for AIX because of the way they do the
syscalls.
The following fix.aix.libdce.mk is not needed if dce 2.1.0.21
has been installed. This PTF exposed the needed entrypoints.
The fix.aix.libdce.mk is a Makefile for AIX 4.x to add the required
external entry points to the libdce.a. These are needed by k5dcecon
and k5dcelogin. A bug report was submitted to IBM on this, and it was
rejected. But since DCE 1.2.2 will have a k5dcelogin, this should not
be needed with 1.2.2
Copy /usr/lib/libdce.a to /usr/libdce.a.orig before starting. Copy the
makefile to its own directory. It will create a new libdce.a which you
need to copy back to /usr/lib/libdce.a You will need to reboot the
machine. See the /usr/lpp/dce/examples/inst/README.AIX for a similar
procedure. IBM was not responsive in a request to have these added.
UNTESTED KERNEL EXTENSION FOR SETPAG
*** src/file/osi/,osi_pag.c Wed Oct 2 13:03:05 1996
--- src/file/osi/osi_pag.c Mon Jul 28 13:53:13 1997
***************
*** 293,298 ****
--- 293,302 ----
int code;
osi_MakePreemptionRight();
+ /* allow sharing of a PAG by non child processes DEE- 6/6/97 */
+ if (unused && osi_GetUID(osi_getucred()) == 0) {
+ newpag = unused;
+ } else {
osi_mutex_enter(&osi_pagLock);
now = osi_Time();
soonest = osi_firstPagTime +
***************
*** 309,314 ****
--- 313,319 ----
}
osi_mutex_exit(&osi_pagLock);
newpag = osi_genpag();
+ }
osi_pcred_lock(p);
credp = crcopy(osi_getucred());
code = osi_SetPagInCred(credp, newpag);
Created 07/08/96
Modified 09/30/96
Modified 11/19/96
Modified 12/19/96
Modified 06/20/97
Modified 07/28/97
Modified 02/18/98
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444

82
crypto/heimdal/appl/dceutils/compile Executable file
View file

@ -0,0 +1,82 @@
#! /bin/sh
# Wrapper for compilers which do not understand `-c -o'.
# Copyright 1999, 2000 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# Usage:
# compile PROGRAM [ARGS]...
# `-o FOO.o' is removed from the args passed to the actual compile.
prog=$1
shift
ofile=
cfile=
args=
while test $# -gt 0; do
case "$1" in
-o)
ofile=$2
shift
;;
*.c)
cfile=$1
args="$args $1"
;;
*)
args="$args $1"
;;
esac
shift
done
test -z "$ofile" && {
echo "compile: no \`-o' option seen" 1>&2
exit 1
}
test -z "$cfile" && {
echo "compile: no \`.c' file seen" 1>&2
exit 1
}
# Name of file we expect compiler to create.
cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'`
# Create the lock directory.
lockdir=`echo $ofile | sed -e 's|/|_|g'`
while true; do
if mkdir $lockdir > /dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir $lockdir; exit 1" 1 2 15
# Run the compile.
"$prog" $args
status=$?
if test -f "$cofile"; then
mv "$cofile" "$ofile"
fi
rmdir $lockdir
exit $status

3
crypto/heimdal/appl/dceutils/dfspag.exp Normal file
View file

@ -0,0 +1,3 @@
#!/unix
* kernel extentions used to get the pag
kafs_syscall syscall

23
crypto/heimdal/appl/dceutils/dpagaix.c Normal file
View file

@ -0,0 +1,23 @@
/*
* dpagaix.c
* On AIX we need to get the kernel extentions
* with the DFS kafs_syscall in it.
* We might be running on a system
* where DFS is not active.
* So we use this dummy routine which
* might not load to do the dirty work
*
* DCE does this with the /usr/lib/drivers/dfsloadobj
*
*/
int dpagaix(parm1, parm2, parm3, parm4, parm5, parm6)
int parm1;
int parm2;
int parm3;
int parm4;
int parm5;
int parm6;
{
return(kafs_syscall(parm1, parm2, parm3, parm4, parm5, parm6));
}

165
crypto/heimdal/appl/dceutils/k5dce.h Normal file
View file

@ -0,0 +1,165 @@
/* dummy K5 routines which are needed to get this to
* compile without having access ti the DCE versions
* of the header files.
* Thiis is very crude, and OSF needs to expose the K5
* API.
*/
#ifdef sun
/* Transarc obfascates these routines */
#ifdef DCE_1_1
#define krb5_init_ets _dce_PkjKqOaklP
#define krb5_copy_creds _dce_LuFxPiITzD
#define krb5_unparse_name _dce_LWHtAuNgRV
#define krb5_get_default_realm _dce_vDruhprWGh
#define krb5_build_principal _dce_qwAalSzTtF
#define krb5_build_principal_ext _dce_vhafIQlejW
#define krb5_build_principal_va _dce_alsqToMmuJ
#define krb5_cc_default _dce_KZRshhTXhE
#define krb5_cc_default_name _dce_bzJVAjHXVQ
#define sec_login_krb5_add_cred _dce_ePDtOJTZvU
#else /* DCE 1.0.3a */
#define krb5_init_ets _dce_BmLRpOVsBo
#define krb5_copy_creds _dce_VGwSEBNwaf
#define krb5_unparse_name _dce_PgAOkJoMXA
#define krb5_get_default_realm _dce_plVOzStKyK
#define krb5_build_principal _dce_uAKSsluIFy
#define krb5_build_principal_ext _dce_tRMpPiRada
#define krb5_build_principal_va _dce_SxnLejZemH
#define krb5_cc_default _dce_SeKosWFnsv
#define krb5_cc_default_name _dce_qJeaphJWVc
#define sec_login_krb5_add_cred _dce_uHwRasumsN
#endif
#endif
/* Define the bare minimum k5 structures which are needed
* by this program. Since the krb5 includes are not supplied
* with DCE, these were based on the MIT Kerberos 5 beta 3
* which should match the DCE as of 1.0.3 at least.
* The tricky one is the krb5_creds, since one is allocated
* by this program, and it needs access to the client principal
* in it.
* Note that there are no function prototypes, so there is no
* compile time checking.
* DEE 07/11/95
*/
#define NPROTOTYPE(x) ()
typedef int krb5_int32; /* assuming all DCE systems are 32 bit */
typedef short krb5short; /* assuming short is 16 bit */
typedef krb5_int32 krb5_error_code;
typedef unsigned char krb5_octet;
typedef krb5_octet krb5_boolean;
typedef krb5short krb5_keytype; /* in k5.2 it's a short */
typedef krb5_int32 krb5_flags;
typedef krb5_int32 krb5_timestamp;
typedef char * krb5_pointer; /* pointer to unexposed data */
typedef struct _krb5_ccache {
struct _krb5_cc_ops *ops;
krb5_pointer data;
} *krb5_ccache;
typedef struct _krb5_cc_ops {
char *prefix;
char *(*get_name) NPROTOTYPE((krb5_ccache));
krb5_error_code (*resolve) NPROTOTYPE((krb5_ccache *, char *));
krb5_error_code (*gen_new) NPROTOTYPE((krb5_ccache *));
krb5_error_code (*init) NPROTOTYPE((krb5_ccache, krb5_principal));
krb5_error_code (*destroy) NPROTOTYPE((krb5_ccache));
krb5_error_code (*close) NPROTOTYPE((krb5_ccache));
krb5_error_code (*store) NPROTOTYPE((krb5_ccache, krb5_creds *));
krb5_error_code (*retrieve) NPROTOTYPE((krb5_ccache, krb5_flags,
krb5_creds *, krb5_creds *));
krb5_error_code (*get_princ) NPROTOTYPE((krb5_ccache,
krb5_principal *));
krb5_error_code (*get_first) NPROTOTYPE((krb5_ccache,
krb5_cc_cursor *));
krb5_error_code (*get_next) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *,
krb5_creds *));
krb5_error_code (*end_get) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *));
krb5_error_code (*remove_cred) NPROTOTYPE((krb5_ccache, krb5_flags,
krb5_creds *));
krb5_error_code (*set_flags) NPROTOTYPE((krb5_ccache, krb5_flags));
} krb5_cc_ops;
typedef struct _krb5_keyblock {
krb5_keytype keytype;
int length;
krb5_octet *contents;
} krb5_keyblock;
typedef struct _krb5_ticket_times {
krb5_timestamp authtime;
krb5_timestamp starttime;
krb5_timestamp endtime;
krb5_timestamp renew_till;
} krb5_ticket_times;
typedef krb5_pointer krb5_cc_cursor;
typedef struct _krb5_data {
int length;
char *data;
} krb5_data;
typedef struct _krb5_authdata {
int ad_type;
int length;
krb5_octet *contents;
} krb5_authdata;
typedef struct _krb5_creds {
krb5_pointer client;
krb5_pointer server;
krb5_keyblock keyblock;
krb5_ticket_times times;
krb5_boolean is_skey;
krb5_flags ticket_flags;
krb5_pointer **addresses;
krb5_data ticket;
krb5_data second_ticket;
krb5_pointer **authdata;
} krb5_creds;
typedef krb5_pointer krb5_principal;
#define KRB5_CC_END 336760974
#define KRB5_TC_OPENCLOSE 0x00000001
/* Ticket flags */
/* flags are 32 bits; each host is responsible to put the 4 bytes
representing these bits into net order before transmission */
/* #define TKT_FLG_RESERVED 0x80000000 */
#define TKT_FLG_FORWARDABLE 0x40000000
#define TKT_FLG_FORWARDED 0x20000000
#define TKT_FLG_PROXIABLE 0x10000000
#define TKT_FLG_PROXY 0x08000000
#define TKT_FLG_MAY_POSTDATE 0x04000000
#define TKT_FLG_POSTDATED 0x02000000
#define TKT_FLG_INVALID 0x01000000
#define TKT_FLG_RENEWABLE 0x00800000
#define TKT_FLG_INITIAL 0x00400000
#define TKT_FLG_PRE_AUTH 0x00200000
#define TKT_FLG_HW_AUTH 0x00100000
#ifdef PK_INIT
#define TKT_FLG_PUBKEY_PREAUTH 0x00080000
#define TKT_FLG_DIGSIGN_PREAUTH 0x00040000
#define TKT_FLG_PRIVKEY_PREAUTH 0x00020000
#endif
#define krb5_cc_get_principal(cache, principal) (*(cache)->ops->get_princ)(cache, principal)
#define krb5_cc_set_flags(cache, flags) (*(cache)->ops->set_flags)(cache, flags)
#define krb5_cc_get_name(cache) (*(cache)->ops->get_name)(cache)
#define krb5_cc_start_seq_get(cache, cursor) (*(cache)->ops->get_first)(cache, cursor)
#define krb5_cc_next_cred(cache, cursor, creds) (*(cache)->ops->get_next)(cache, cursor, creds)
#define krb5_cc_destroy(cache) (*(cache)->ops->destroy)(cache)
#define krb5_cc_end_seq_get(cache, cursor) (*(cache)->ops->end_get)(cache, cursor)
/* end of k5 dummy typedefs */

791
crypto/heimdal/appl/dceutils/k5dcecon.c Normal file
View file

@ -0,0 +1,791 @@
/*
* (c) Copyright 1995 HEWLETT-PACKARD COMPANY
*
* To anyone who acknowledges that this file is provided
* "AS IS" without any express or implied warranty:
* permission to use, copy, modify, and distribute this
* file for any purpose is hereby granted without fee,
* provided that the above copyright notice and this
* notice appears in all copies, and that the name of
* Hewlett-Packard Company not be used in advertising or
* publicity pertaining to distribution of the software
* without specific, written prior permission. Hewlett-
* Packard Company makes no representations about the
* suitability of this software for any purpose.
*
*/
/*
* k5dcecon - Program to convert a K5 TGT to a DCE context,
* for use with DFS and its PAG.
*
* The program is designed to be called as a sub process,
* and return via stdout the name of the cache which implies
* the PAG which should be used. This program itself does not
* use the cache or PAG itself, so the PAG in the kernel for
* this program may not be set.
*
* The calling program can then use the name of the cache
* to set the KRB5CCNAME and PAG for its self and its children.
*
* If no ticket was passed, an attemplt to join an existing
* PAG will be made.
*
* If a forwarded K5 TGT is passed in, either a new DCE
* context will be created, or an existing one will be updated.
* If the same ticket was already used to create an existing
* context, it will be joined instead.
*
* Parts of this program are based on k5dceauth,c which was
* given to me by HP and by the k5dcelogin.c which I developed.
* A slightly different version of k5dcelogin.c, was added to
* DCE 1.2.2
*
* D. E. Engert 6/17/97 ANL
*/
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <sys/types.h>
#include <dirent.h>
#include <sys/stat.h>
#include <locale.h>
#include <pwd.h>
#include <string.h>
#include <time.h>
#include <errno.h>
#include "k5dce.h"
#include <dce/sec_login.h>
#include <dce/dce_error.h>
#include <dce/passwd.h>
/* #define DEBUG */
#if defined(DEBUG)
#define DEEDEBUG(A) fprintf(stderr,A); fflush(stderr)
#define DEEDEBUG2(A,B) fprintf(stderr,A,B); fflush(stderr)
#else
#define DEEDEBUG(A)
#define DEEDEBUG2(A,B)
#endif
#ifdef __hpux
#define seteuid(A) setresuid(-1,A,-1);
#endif
int k5dcecreate (uid_t, char *, char*, krb5_creds **);
int k5dcecon (uid_t, char *, char *);
int k5dcegettgt (krb5_ccache *, char *, char *, krb5_creds **);
int k5dcematch (uid_t, char *, char *, off_t *, krb5_creds **);
int k5dcesession (uid_t, char *, krb5_creds **, int *,krb5_flags);
char *progname = "k5dcecon";
static time_t now;
#ifdef notdef
#ifdef _AIX
/*---------------------------------------------*/
/* AIX with DCE 1.1 does not have the com_err in the libdce.a
* do a half hearted job of substituting for it.
*/
void com_err(char *p1, int code, ...)
{
int lst;
dce_error_string_t err_string;
dce_error_inq_text(code, err_string, &lst);
fprintf(stderr,"Error %d in %s: %s\n", code, p1, err_string );
}
/*---------------------------------------------*/
void krb5_init_ets()
{
}
#endif
#endif
/*------------------------------------------------*/
/* find a cache to use for our new pag */
/* Since there is no simple way to determine which
* caches are associated with a pag, we will have
* do look around and see what makes most sense on
* different systems.
* on a Solaris system, and in the DCE source,
* the pags always start with a 41.
* this is not true on the IBM, where there does not
* appear to be any pattern.
*
* But since we are always certifing our creds when
* they are received, we can us that fact, and look
* at the first word of the associated data file
* to see that it has a "5". If not don't use.
*/
int k5dcesession(luid, pname, tgt, ppag, tflags)
uid_t luid;
char *pname;
krb5_creds **tgt;
int *ppag;
krb5_flags tflags;
{
DIR *dirp;
struct dirent *direntp;
off_t size;
krb5_timestamp endtime;
int better = 0;
krb5_creds *xtgt;
char prev_name[17] = "";
krb5_timestamp prev_endtime;
off_t prev_size;
u_long prev_pag = 0;
char ccname[64] = "FILE:/opt/dcelocal/var/security/creds/";
error_status_t st;
sec_login_handle_t lcontext = 0;
dce_error_string_t err_string;
int lst;
DEEDEBUG2("k5dcesession looking for flags %8.8x\n",tflags);
dirp = opendir("/opt/dcelocal/var/security/creds/");
if (dirp == NULL) {
return 1;
}
while ( (direntp = readdir( dirp )) != NULL ) {
/*
* (but root has the ffffffff which we are not interested in)
*/
if (!strncmp(direntp->d_name,"dcecred_",8)
&& (strlen(direntp->d_name) == 16)) {
/* looks like a cache name, lets do the stat, etc */
strcpy(ccname+38,direntp->d_name);
if (!k5dcematch(luid, pname, ccname, &size, &xtgt)) {
/* its one of our caches, see if it is better
* i.e. the endtime is farther, and if the endtimes
* are the same, take the larger, as he who has the
* most tickets wins.
* it must also had the same set of flags at least
* i.e. if the forwarded TGT is forwardable, this one must
* be as well.
*/
DEEDEBUG2("Cache:%s",direntp->d_name);
DEEDEBUG2(" size:%d",size);
DEEDEBUG2(" flags:%8.8x",xtgt->ticket_flags);
DEEDEBUG2(" %s",ctime((time_t *)&xtgt->times.endtime));
if ((xtgt->ticket_flags & tflags) == tflags ) {
if (prev_name[0]) {
if (xtgt->times.endtime > prev_endtime) {
better = 1;
} else if ((xtgt->times.endtime = prev_endtime)
&& (size > prev_size)){
better = 1;
}
} else { /* the first */
if (xtgt->times.endtime >= now) {
better = 1;
}
}
if (better) {
strcpy(prev_name, direntp->d_name);
prev_endtime = xtgt->times.endtime;
prev_size = size;
sscanf(prev_name+8,"%8X",&prev_pag);
*tgt = xtgt;
better = 0;
}
}
}
}
}
(void)closedir( dirp );
if (!prev_name[0])
return 1; /* failed to find one */
DEEDEBUG2("Best: %s\n",prev_name);
if (ppag)
*ppag = prev_pag;
strcpy(ccname+38,prev_name);
setenv("KRB5CCNAME",ccname,1);
return(0);
}
/*----------------------------------------------*/
/* see if this cache is for this this principal */
int k5dcematch(luid, pname, ccname, sizep, tgt)
uid_t luid;
char *pname;
char *ccname;
off_t *sizep; /* size of the file */
krb5_creds **tgt;
{
krb5_ccache cache;
struct stat stbuf;
char ccdata[256];
int fd;
int status;
/* DEEDEBUG2("k5dcematch called: cache=%s\n",ccname+38); */
if (!strncmp(ccname,"FILE:",5)) {
strcpy(ccdata,ccname+5);
strcat(ccdata,".data");
/* DEEDEBUG2("Checking the .data file for %s\n",ccdata); */
if (stat(ccdata, &stbuf))
return(1);
if (stbuf.st_uid != luid)
return(1);
if ((fd = open(ccdata,O_RDONLY)) == -1)
return(1);
if ((read(fd,&status,4)) != 4) {
close(fd);
return(1);
}
/* DEEDEBUG2(".data file status = %d\n", status); */
if (status != 5)
return(1);
if (stat(ccname+5, &stbuf))
return(1);
if (stbuf.st_uid != luid)
return(1);
*sizep = stbuf.st_size;
}
return(k5dcegettgt(&cache, ccname, pname, tgt));
}
/*----------------------------------------*/
/* k5dcegettgt - get the tgt from a cache */
int k5dcegettgt(pcache, ccname, pname, tgt)
krb5_ccache *pcache;
char *ccname;
char *pname;
krb5_creds **tgt;
{
krb5_ccache cache;
krb5_cc_cursor cur;
krb5_creds creds;
int code;
int found = 1;
krb5_principal princ;
char *kusername;
krb5_flags flags;
char *sname, *realm, *tgtname = NULL;
/* Since DCE does not expose much of the Kerberos interface,
* we will have to use what we can. This means setting the
* KRB5CCNAME for each file we want to test
* We will also not worry about freeing extra cache structures
* as this this routine is also not exposed, and this should not
* effect this module.
* We should also free the creds contents, but that is not exposed
* either.
*/
setenv("KRB5CCNAME",ccname,1);
cache = NULL;
*tgt = NULL;
if (code = krb5_cc_default(pcache)) {
com_err(progname, code, "while getting ccache");
goto return2;
}
DEEDEBUG("Got cache\n");
flags = 0;
if (code = krb5_cc_set_flags(*pcache, flags)) {
com_err(progname, code,"While setting flags");
goto return2;
}
DEEDEBUG("Set flags\n");
if (code = krb5_cc_get_principal(*pcache, &princ)) {
com_err(progname, code, "While getting princ");
goto return1;
}
DEEDEBUG("Got principal\n");
if (code = krb5_unparse_name(princ, &kusername)) {
com_err(progname, code, "While unparsing principal");
goto return1;
}
DEEDEBUG2("Unparsed to \"%s\"\n", kusername);
DEEDEBUG2("pname is \"%s\"\n", pname);
if (strcmp(kusername, pname)) {
DEEDEBUG("Principals not equal\n");
goto return1;
}
DEEDEBUG("Principals equal\n");
realm = strchr(pname,'@');
realm++;
if ((tgtname = malloc(9 + 2 * strlen(realm))) == 0) {
fprintf(stderr,"Malloc failed for tgtname\n");
goto return1;
}
strcpy(tgtname,"krbtgt/");
strcat(tgtname,realm);
strcat(tgtname,"@");
strcat(tgtname,realm);
DEEDEBUG2("Getting tgt %s\n", tgtname);
if (code = krb5_cc_start_seq_get(*pcache, &cur)) {
com_err(progname, code, "while starting to retrieve tickets");
goto return1;
}
while (!(code = krb5_cc_next_cred(*pcache, &cur, &creds))) {
krb5_creds *cred = &creds;
if (code = krb5_unparse_name(cred->server, &sname)) {
com_err(progname, code, "while unparsing server name");
continue;
}
if (strncmp(sname, tgtname, strlen(tgtname)) == 0) {
DEEDEBUG("FOUND\n");
if (code = krb5_copy_creds(&creds, tgt)) {
com_err(progname, code, "while copying TGT");
goto return1;
}
found = 0;
break;
}
/* we should do a krb5_free_cred_contents(creds); */
}
if (code = krb5_cc_end_seq_get(*pcache, &cur)) {
com_err(progname, code, "while finishing retrieval");
goto return2;
}
return1:
flags = KRB5_TC_OPENCLOSE;
krb5_cc_set_flags(*pcache, flags); /* force a close */
return2:
if (tgtname)
free(tgtname);
return(found);
}
/*------------------------------------------*/
/* Convert a forwarded TGT to a DCE context */
int k5dcecon(luid, luser, pname)
uid_t luid;
char *luser;
char *pname;
{
krb5_creds *ftgt = NULL;
krb5_creds *tgt = NULL;
unsigned32 dfspag;
boolean32 reset_passwd = 0;
int lst;
dce_error_string_t err_string;
char *shell_prog;
krb5_ccache fcache;
char *ccname;
char *kusername;
char *urealm;
char *cp;
int pag;
int code;
krb5_timestamp endtime;
/* If there is no cache to be converted, we should not be here */
if ((ccname = getenv("KRB5CCNAME")) == NULL) {
DEEDEBUG("No KRB5CCNAME\n");
return(1);
}
if (k5dcegettgt(&fcache, ccname, pname, &ftgt)) {
fprintf(stderr, "%s: Did not find TGT\n", progname);
return(1);
}
DEEDEBUG2("flags=%x\n",ftgt->ticket_flags);
if (!(ftgt->ticket_flags & TKT_FLG_FORWARDABLE)){
fprintf(stderr,"Ticket not forwardable\n");
return(0); /* but OK to continue */
}
setenv("KRB5CCNAME","",1);
#define TKT_ACCEPTABLE (TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE \
| TKT_FLG_MAY_POSTDATE | TKT_FLG_RENEWABLE | TKT_FLG_HW_AUTH \
| TKT_FLG_PRE_AUTH)
if (!k5dcesession(luid, pname, &tgt, &pag,
(ftgt->ticket_flags & TKT_ACCEPTABLE))) {
if (ftgt->times.endtime > tgt->times.endtime) {
DEEDEBUG("Updating existing cache\n");
return(k5dceupdate(&ftgt, pag));
} else {
DEEDEBUG("Using existing cache\n");
return(0); /* use the original one */
}
}
/* see if the tgts match up */
if ((code = k5dcecreate(luid, luser, pname, &ftgt))) {
return (code);
}
/*
* Destroy the Kerberos5 cred cache file.
* but dont care aout the return code.
*/
DEEDEBUG("Destroying the old cache\n");
if ((code = krb5_cc_destroy(fcache))) {
com_err(progname, code, "while destroying Kerberos5 ccache");
}
return (0);
}
/*--------------------------------------------------*/
/* k5dceupdate - update the cache with a new TGT */
/* Assumed that the KRB5CCNAME has been set */
int k5dceupdate(krbtgt, pag)
krb5_creds **krbtgt;
int pag;
{
krb5_ccache ccache;
int code;
if (code = krb5_cc_default(&ccache)) {
com_err(progname, code, "while opening cache for update");
return(2);
}
if (code = ccache->ops->init(ccache,(*krbtgt)->client)) {
com_err(progname, code, "while reinitilizing cache");
return(3);
}
/* krb5_cc_store_cred */
if (code = ccache->ops->store(ccache, *krbtgt)) {
com_err(progname, code, "while updating cache");
return(2);
}
sec_login_pag_new_tgt(pag, (*krbtgt)->times.endtime);
return(0);
}
/*--------------------------------------------------*/
/* k5dcecreate - create a new DCE context */
int k5dcecreate(luid, luser, pname, krbtgt)
uid_t luid;
char *luser;
char *pname;
krb5_creds **krbtgt;
{
char *cp;
char *urealm;
char *username;
char *defrealm;
uid_t uid;
error_status_t st;
sec_login_handle_t lcontext = 0;
sec_login_auth_src_t auth_src = 0;
boolean32 reset_passwd = 0;
int lst;
dce_error_string_t err_string;
setenv("KRB5CCNAME","",1); /* make sure it not misused */
uid = getuid();
DEEDEBUG2("uid=%d\n",uid);
/* if run as root, change to user, so as to have the
* cache created for the local user even if cross-cell
* If run as a user, let standard file protection work.
*/
if (uid == 0) {
seteuid(luid);
}
cp = strchr(pname,'@');
*cp = '\0';
urealm = ++cp;
DEEDEBUG2("basename=%s\n",cp);
DEEDEBUG2("realm=%s\n",urealm);
/* now build the username as a single string or a /.../cell/user
* if this is a cross cell
*/
if ((username = malloc(7+strlen(pname)+strlen(urealm))) == 0) {
fprintf(stderr,"Malloc failed for username\n");
goto abort;
}
if (krb5_get_default_realm(&defrealm)) {
DEEDEBUG("krb5_get_default_realm failed\n");
goto abort;
}
if (!strcmp(urealm,defrealm)) {
strcpy(username,pname);
} else {
strcpy(username,"/.../");
strcat(username,urealm);
strcat(username,"/");
strcat(username,pname);
}
/*
* Setup a DCE login context
*/
if (sec_login_setup_identity((unsigned_char_p_t)username,
(sec_login_external_tgt|sec_login_proxy_cred),
&lcontext, &st)) {
/*
* Add our TGT.
*/
DEEDEBUG("Adding our new TGT\n");
sec_login_krb5_add_cred(lcontext, *krbtgt, &st);
if (st) {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Error while adding credentials for %s because %s\n",
username, err_string);
goto abort;
}
DEEDEBUG("validating and certifying\n");
/*
* Now "validate" and certify the identity,
* usually we would pass a password here, but...
* sec_login_valid_and_cert_ident
* sec_login_validate_identity
*/
if (sec_login_validate_identity(lcontext, 0, &reset_passwd,
&auth_src, &st)) {
DEEDEBUG2("validate_identity st=%d\n",st);
if (st) {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr, "Validation error for %s because %s\n",
username, err_string);
goto abort;
}
if (!sec_login_certify_identity(lcontext,&st)) {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Credentials not certified because %s\n",err_string);
}
if (reset_passwd) {
fprintf(stderr,
"Password must be changed for %s\n", username);
}
if (auth_src == sec_login_auth_src_local) {
fprintf(stderr,
"Credentials obtained from local registry for %s\n",
username);
}
if (auth_src == sec_login_auth_src_overridden) {
fprintf(stderr, "Validated %s from local override entry, no network credentials obtained\n", username);
goto abort;
}
/*
* Actually create the cred files.
*/
DEEDEBUG("Ceating new cred files.\n");
sec_login_set_context(lcontext, &st);
if (st) {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Unable to set context for %s because %s\n",
username, err_string);
goto abort;
}
/*
* Now free up the local context and leave the
* network context with its pag
*/
#if 0
sec_login_release_context(&lcontext, &st);
if (st) {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Unable to release context for %s because %s\n",
username, err_string);
goto abort;
}
#endif
}
else {
DEEDEBUG2("validate failed %d\n",st);
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Unable to validate %s because %s\n", username,
err_string);
goto abort;
}
}
else {
dce_error_inq_text(st, err_string, &lst);
fprintf(stderr,
"Unable to setup login entry for %s because %s\n",
username, err_string);
goto abort;
}
done:
/* if we were root, get back to root */
DEEDEBUG2("sec_login_inq_pag %8.8x\n",
sec_login_inq_pag(lcontext, &st));
if (uid == 0) {
seteuid(0);
}
DEEDEBUG("completed\n");
return(0);
abort:
if (uid == 0) {
seteuid(0);
}
DEEDEBUG("Aborting\n");
return(2);
}
/*-------------------------------------------------*/
main(argc, argv)
int argc;
char *argv[];
{
int status;
extern int optind;
extern char *optarg;
int rv;
char *lusername = NULL;
char *pname = NULL;
int fflag = 0;
struct passwd *pw;
uid_t luid;
uid_t myuid;
char *ccname;
krb5_creds *tgt = NULL;
#ifdef DEBUG
close(2);
open("/tmp/k5dce.debug",O_WRONLY|O_CREAT|O_APPEND);
#endif
if (myuid = getuid()) {
DEEDEBUG2("UID = %d\n",myuid);
exit(33); /* must be root to run this, get out now */
}
while ((rv = getopt(argc,argv,"l:p:fs")) != -1) {
DEEDEBUG2("Arg = %c\n", rv);
switch(rv) {
case 'l': /* user name */
lusername = optarg;
DEEDEBUG2("Optarg = %s\n", optarg);
break;
case 'p': /* principal name */
pname = optarg;
DEEDEBUG2("Optarg = %s\n", optarg);
break;
case 'f': /* convert a forwarded TGT to a context */
fflag++;
break;
case 's': /* old test parameter, ignore it */
break;
}
}
setlocale(LC_ALL, "");
krb5_init_ets();
time(&now); /* set time to check expired tickets */
/* if lusername == NULL, Then user is passed as the USER= variable */
if (!lusername) {
lusername = getenv("USER");
if (!lusername) {
fprintf(stderr, "USER not in environment\n");
return(3);
}
}
if ((pw = getpwnam(lusername)) == NULL) {
fprintf(stderr, "Who are you?\n");
return(44);
}
luid = pw->pw_uid;
if (fflag) {
status = k5dcecon(luid, lusername, pname);
} else {
status = k5dcesession(luid, pname, &tgt, NULL, 0);
}
if (!status) {
printf("%s",getenv("KRB5CCNAME")); /* return via stdout to caller */
DEEDEBUG2("KRB5CCNAME=%s\n",getenv("KRB5CCNAME"));
}
DEEDEBUG2("Returning status %d\n",status);
return (status);
}

150
crypto/heimdal/appl/dceutils/testpag.c Normal file
View file

@ -0,0 +1,150 @@
/* Test the k5dcepag routine by setting a pag, and
* and execing a shell under this pag.
*
* This allows you to join a PAG which was created
* earlier by some other means.
* for example k5dcecon
*
* Must be run as root for testing only.
*
*/
#include <stdio.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <signal.h>
#include <setjmp.h>
#include <errno.h>
#define POSIX_SETJMP
#define POSIX_SIGNALS
#ifdef POSIX_SIGNALS
typedef struct sigaction handler;
#define handler_init(H,F) (sigemptyset(&(H).sa_mask), \
(H).sa_flags=0, \
(H).sa_handler=(F))
#define handler_swap(S,NEW,OLD) sigaction(S, &NEW, &OLD)
#define handler_set(S,OLD) sigaction(S, &OLD, NULL)
#else
typedef sigtype (*handler)();
#define handler_init(H,F) ((H) = (F))
#define handler_swap(S,NEW,OLD) ((OLD) = signal ((S), (NEW)))
#define handler_set(S,OLD) (signal ((S), (OLD)))
#endif
typedef void sigtype;
/*
* We could include the dcedfs/syscall.h which should have these
* numbers, but it has extra baggage. So for
* simplicity sake now, we define these here.
*/
#define AFSCALL_SETPAG 2
#define AFSCALL_GETPAG 11
#if defined(sun)
#define AFS_SYSCALL 72
#elif defined(hpux)
/* assume HPUX 10 + or is it 50 */
#define AFS_SYSCALL 326
#elif defined(_AIX)
#define DPAGAIX "dpagaix"
/* #define DPAGAIX "/krb5/sbin/dpagaix" */
#elif defined(sgi) || defined(_sgi)
#define AFS_SYSCALL 206+1000
#else
#define AFS_SYSCALL (Unknown_DFS_AFS_SYSCALL)
#endif
static sigjmp_buf setpag_buf;
static sigtype mysig()
{
siglongjmp(setpag_buf, 1);
}
int krb5_dfs_newpag(new_pag)
int new_pag;
{
handler sa1, osa1;
handler sa2, osa2;
int pag = -1;
handler_init (sa1, mysig);
handler_init (sa2, mysig);
handler_swap (SIGSYS, sa1, osa1);
handler_swap (SIGSEGV, sa2, osa2);
if (sigsetjmp(setpag_buf, 1) == 0) {
#if defined(_AIX)
int (*dpagaix)(int, int, int, int, int, int);
if (dpagaix = load(DPAGAIX, 0, 0))
pag = (*dpagaix)(AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
#else
pag = syscall(AFS_SYSCALL,AFSCALL_SETPAG, new_pag, 0, 0, 0, 0);
#endif
handler_set (SIGSYS, osa1);
handler_set (SIGSEGV, osa2);
return(pag);
}
fprintf(stderr,"Setpag failed with a system error\n");
/* syscall failed! return 0 */
handler_set (SIGSYS, osa1);
handler_set (SIGSEGV, osa2);
return(-1);
}
main(argc, argv)
int argc;
char *argv[];
{
extern int optind;
extern char *optarg;
int rv;
int rc;
unsigned int pag;
unsigned int newpag = 0;
char ccname[256];
int nflag = 0;
while((rv = getopt(argc,argv,"n:")) != -1) {
switch(rv) {
case 'n':
nflag++;
sscanf(optarg,"%8x",&newpag);
break;
default:
printf("Usage: k5dcepagt -n pag \n");
exit(1);
}
}
if (nflag) {
fprintf (stderr,"calling k5dcepag newpag=%8.8x\n",newpag);
pag = krb5_dfs_newpag(newpag);
fprintf (stderr,"PAG returned = %8.8x\n",pag);
if ((pag != 0) && (pag != -1)) {
sprintf (ccname,
"FILE:/opt/dcelocal/var/security/creds/dcecred_%8.8x",
pag);
esetenv("KRB5CCNAME",ccname,1);
execl("/bin/csh","csh",0);
}
else {
fprintf(stderr," Not a good pag value\n");
}
}
}

22
crypto/heimdal/appl/ftp/ChangeLog
View file

@ -1,3 +1,25 @@
2001-04-19 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c (do_store): call closefunc before claiming that
everything went ok, if the close fails the file might not have
been stored properly
2001-03-26 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT
* ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined
* ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined
2001-02-15 Assar Westerlund <assar@sics.se>
* ftp/cmds.c (setpeer): handle both service names and port numbers
for the second optional argument. also make parsing more robust
2001-02-07 Assar Westerlund <assar@sics.se>
* ftp/security.c (sec_end): only clean app_data if there is any
(*): do realloc consistently
2001-02-05 Assar Westerlund <assar@sics.se>
* ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv

30
crypto/heimdal/appl/ftp/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
SUBDIRS = common ftp ftpd
@ -205,9 +208,10 @@ DIST_COMMON = ChangeLog Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
DIST_SUBDIRS = $(SUBDIRS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/Makefile
@ -248,11 +252,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \
maintainer-clean-recursive:
@set fnord $(MAKEFLAGS); amf=$$2; \
dot_seen=no; \
rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \
rev="$$subdir $$rev"; \
if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
rev=''; for subdir in $$list; do \
if test "$$subdir" = "."; then :; else \
rev="$$subdir $$rev"; \
fi; \
done; \
test "$$dot_seen" = "no" && rev=". $$rev"; \
rev="$$rev ."; \
target=`echo $@ | sed s/-recursive//`; \
for subdir in $$rev; do \
echo "Making $$target in $$subdir"; \
@ -298,6 +307,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

16
crypto/heimdal/appl/ftp/common/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
noinst_LIBRARIES = libcommon.a
@ -231,7 +234,7 @@ OBJECTS = $(am_libcommon_a_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/common/Makefile
@ -305,6 +308,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

16
crypto/heimdal/appl/ftp/ftp/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL =
bin_PROGRAMS = ftp
@ -284,7 +287,7 @@ OBJECTS = $(am_ftp_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile
@ -417,6 +420,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

27
crypto/heimdal/appl/ftp/ftp/cmds.c
View file

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: cmds.c,v 1.41 2000/07/18 10:00:31 joda Exp $");
RCSID("$Id: cmds.c,v 1.42 2001/02/15 04:17:09 assar Exp $");
typedef void (*sighand)(int);
@ -81,7 +81,7 @@ void
setpeer(int argc, char **argv)
{
char *host;
short port;
u_short port;
struct servent *sp;
if (connected) {
@ -102,14 +102,23 @@ setpeer(int argc, char **argv)
errx(1, "You bastard. You removed ftp/tcp from services");
port = sp->s_port;
if (argc > 2) {
port = atoi(argv[2]);
if (port <= 0) {
printf("%s: bad port number-- %s\n", argv[1], argv[2]);
printf ("usage: %s host-name [port]\n", argv[0]);
code = -1;
return;
sp = getservbyname(argv[2], "tcp");
if (sp != NULL) {
port = sp->s_port;
} else {
char *ep;
port = strtol(argv[2], &ep, 0);
if (argv[2] == ep) {
printf("%s: bad port number-- %s\n",
argv[1], argv[2]);
printf ("usage: %s host-name [port]\n",
argv[0]);
code = -1;
return;
}
port = htons(port);
}
port = htons(port);
}
host = hookup(argv[1], port);
if (host) {

650
crypto/heimdal/appl/ftp/ftp/ftp.cat1 Normal file
View file

@ -0,0 +1,650 @@
FTP(1) UNIX Reference Manual FTP(1)
NNAAMMEE
ffttpp - ARPANET file transfer program
SSYYNNOOPPSSIISS
ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t]
DDEESSCCRRIIPPTTIIOONN
FFttpp is the user interface to the ARPANET standard File Transfer Protocol.
The program allows a user to transfer files to and from a remote network
site.
Modifications has been made so that it almost follows the ftpsec Internet
draft.
Options may be specified at the command line, or to the command inter-
preter.
--tt Enables packet tracing.
--vv Verbose option forces ffttpp to show all responses from the remote
server, as well as report on data transfer statistics.
--nn Restrains ffttpp from attempting ``auto-login'' upon initial connec-
tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be-
low) file in the user's home directory for an entry describing an
account on the remote machine. If no entry exists, ffttpp will prompt
for the remote machine login name (default is the user identity on
the local machine), and, if necessary, prompt for a password and an
account with which to login.
--ii Turns off interactive prompting during multiple file transfers.
--pp Turn on passive mode.
--dd Enables debugging.
--gg Disables file name globbing.
--ll Disables command line editing.
The client host with which ffttpp is to communicate may be specified on the
command line. If this is done, ffttpp will immediately attempt to establish
a connection to an FTP server on that host; otherwise, ffttpp will enter its
command interpreter and await instructions from the user. When ffttpp is
awaiting commands from the user the prompt `ftp>' is provided to the us-
er. The following commands are recognized by ffttpp:
!! [_c_o_m_m_a_n_d [_a_r_g_s]]
Invoke an interactive shell on the local machine. If there
are arguments, the first is taken to be a command to execute
directly, with the rest of the arguments as its arguments.
$$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s]
Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff
command. Arguments are passed to the macro unglobbed.
aaccccoouunntt [_p_a_s_s_w_d]
Supply a supplemental password required by a remote system
for access to resources once a login has been successfully
completed. If no argument is included, the user will be
prompted for an account password in a non-echoing input mode.
aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
Append a local file to a file on the remote machine. If
_r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used
in naming the remote file after being altered by any nnttrraannss
or nnmmaapp setting. File transfer uses the current settings for
ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de-
fault type.
bbeellll Arrange that a bell be sounded after each file transfer com-
mand is completed.
bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer.
bbyyee Terminate the FTP session with the remote server and exit
ffttpp. An end of file will also terminate the session and exit.
ccaassee Toggle remote computer file name case mapping during mmggeett
commands. When ccaassee is on (default is off), remote computer
file names with all letters in upper case are written in the
local directory with the letters mapped to lower case.
ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y
Change the working directory on the remote machine to _r_e_m_o_t_e_-
_d_i_r_e_c_t_o_r_y.
ccdduupp Change the remote machine working directory to the parent of
the current remote machine working directory.
cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e
Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re-
mote sytem to _m_o_d_e.
cclloossee Terminate the FTP session with the remote server, and return
to the command interpreter. Any defined macros are erased.
ccrr Toggle carriage return stripping during ascii type file re-
trieval. Records are denoted by a carriage return/linefeed
sequence during ascii type file transfer. When ccrr is on (the
default), carriage returns are stripped from this sequence to
conform with the UNIX single linefeed record delimiter.
Records on non-UNIX remote systems may contain single line-
feeds; when an ascii type transfer is made, these linefeeds
may be distinguished from a record delimiter only when ccrr is
off.
ddeelleettee _r_e_m_o_t_e_-_f_i_l_e
Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine.
ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e]
Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci-
fied it is used to set the debugging level. When debugging
is on, ffttpp prints each command sent to the remote machine,
preceded by the string `-->'
ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
Print a listing of the directory contents in the directory,
_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in
_l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt
the user to verify that the last argument is indeed the tar-
get local file for receiving ddiirr output. If no directory is
specified, the current working directory on the remote ma-
chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e
is --, output comes to the terminal.
ddiissccoonnnneecctt A synonym for _c_l_o_s_e.
ffoorrmm _f_o_r_m_a_t
Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is
``file''.
ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine.
If the local file name is not specified, it is given the same
name it has on the remote machine, subject to alteration by
the current ccaassee, nnttrraannss, and nnmmaapp settings. The current
settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while
transferring the file.
gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If
globbing is turned off with gglloobb, the file name arguments are
taken literally and not expanded. Globbing for mmppuutt is done
as in csh(1). For mmddeelleettee and mmggeett, each remote file name is
expanded separately on the remote machine and the lists are
not merged. Expansion of a directory name is likely to be
different from expansion of the name of an ordinary file: the
exact result depends on the foreign operating system and ftp
server, and can be previewed by doing `mls remote-files -'.
As a security measure, remotely globbed files that starts
with `/' or contains `../', will not be automatically re-
ceived. If you have interactive prompting turned off, these
filenames will be ignored. Note: mmggeett and mmppuutt are not meant
to transfer entire directory subtrees of files. That can be
done by transferring a tar(1) archive of the subtree (in bi-
nary mode).
hhaasshh Toggle hash-sign (``#'') printing for each data block trans-
ferred. The size of a data block is 1024 bytes.
hheellpp [_c_o_m_m_a_n_d]
Print an informative message about the meaning of _c_o_m_m_a_n_d. If
no argument is given, ffttpp prints a list of the known com-
mands.
iiddllee [_s_e_c_o_n_d_s]
Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec-
onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is
printed.
llccdd [_d_i_r_e_c_t_o_r_y]
Change the working directory on the local machine. If no
_d_i_r_e_c_t_o_r_y is specified, the user's home directory is used.
llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
Print a listing of the contents of a directory on the remote
machine. The listing includes any system-dependent informa-
tion that the server chooses to include; for example, most
UNIX systems will produce output from the command `ls -l'.
(See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified,
the current working directory is used. If interactive
prompting is on, ffttpp will prompt the user to verify that the
last argument is indeed the target local file for receiving
llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e
is `--', the output is sent to the terminal.
mmaaccddeeff _m_a_c_r_o_-_n_a_m_e
Define a macro. Subsequent lines are stored as the macro
_m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a
file or carriage returns from the terminal) terminates macro
input mode. There is a limit of 16 macros and 4096 total
characters in all defined macros. Macros remain defined un-
til a cclloossee command is executed. The macro processor inter-
prets `$' and `\' as special characters. A `$' followed by a
number (or numbers) is replaced by the corresponding argument
on the macro invocation command line. A `$' followed by an
`i' signals that macro processor that the executing macro is
to be looped. On the first pass `$i' is replaced by the
first argument on the macro invocation command line, on the
second pass it is replaced by the second argument, and so on.
A `\' followed by any character is replaced by that charac-
ter. Use the `\' to prevent special treatment of the `$'.
mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s]
Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine.
mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
Like ddiirr, except multiple remote files may be specified. If
interactive prompting is on, ffttpp will prompt the user to ver-
ify that the last argument is indeed the target local file
for receiving mmddiirr output.
mmggeett _r_e_m_o_t_e_-_f_i_l_e_s
Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett
for each file name thus produced. See gglloobb for details on
the filename expansion. Resulting file names will then be
processed according to ccaassee, nnttrraannss, and nnmmaapp settings.
Files are transferred into the local working directory, which
can be changed with `lcd directory'; new local directories
can be created with `! mkdir directory'.
mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
Make a directory on the remote machine.
mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e
Like nnlliisstt, except multiple remote files may be specified,
and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt-
ing is on, ffttpp will prompt the user to verify that the last
argument is indeed the target local file for receiving mmllss
output.
mmooddee [_m_o_d_e_-_n_a_m_e]
Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is
``stream'' mode.
mmooddttiimmee _f_i_l_e_-_n_a_m_e
Show the last modification time of the file on the remote ma-
chine.
mmppuutt _l_o_c_a_l_-_f_i_l_e_s
Expand wild cards in the list of local files given as argu-
ments and do a ppuutt for each file in the resulting list. See
gglloobb for details of filename expansion. Resulting file names
will then be processed according to nnttrraannss and nnmmaapp settings.
nneewweerr _f_i_l_e_-_n_a_m_e
Get the file only if the modification time of the remote file
is more recent that the file on the current system. If the
file does not exist on the current system, the remote file is
considered nneewweerr. Otherwise, this command is identical to
_g_e_t.
nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e]
Print a list of the files in a directory on the remote ma-
chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current
working directory is used. If interactive prompting is on,
ffttpp will prompt the user to verify that the last argument is
indeed the target local file for receiving nnlliisstt output. If
no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output
is sent to the terminal.
nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n]
Set or unset the filename mapping mechanism. If no arguments
are specified, the filename mapping mechanism is unset. If
arguments are specified, remote filenames are mapped during
mmppuutt commands and ppuutt commands issued without a specified re-
mote target filename. If arguments are specified, local
filenames are mapped during mmggeett commands and ggeett commands
issued without a specified local target filename. This com-
mand is useful when connecting to a non-UNIX remote computer
with different file naming conventions or practices. The
mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n.
[_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may
have already been processed according to the nnttrraannss and ccaassee
settings). Variable templating is accomplished by including
the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to
prevent this special treatment of the `$' character. All
other characters are treated literally, and are used to de-
termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example,
given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data",
$1 would have the value "mydata", and $2 would have the value
"data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file-
name. The sequences `$1', `$2', ...., `$9' are replaced by
any value resulting from the _i_n_p_a_t_t_e_r_n template. The se-
quence `$0' is replace by the original filename. Additional-
ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1
is not a null string; otherwise it is replaced by _s_e_q_2. For
example, the command
nmap $1.$2.$3 [$1,$2].[$2,file]
would yield the output filename "myfile.data" for input file-
names "myfile.data" and "myfile.data.old", "myfile.file" for
the input filename "myfile", and "myfile.myfile" for the in-
put filename ".myfile". Spaces may be included in
_o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1'
. Use the `\' character to prevent special treatment of the
`$','[','[', and `,' characters.
nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]]
Set or unset the filename character translation mechanism.
If no arguments are specified, the filename character trans-
lation mechanism is unset. If arguments are specified, char-
acters in remote filenames are translated during mmppuutt com-
mands and ppuutt commands issued without a specified remote tar-
get filename. If arguments are specified, characters in lo-
cal filenames are translated during mmggeett commands and ggeett
commands issued without a specified local target filename.
This command is useful when connecting to a non-UNIX remote
computer with different file naming conventions or practices.
Characters in a filename matching a character in _i_n_c_h_a_r_s are
replaced with the corresponding character in _o_u_t_c_h_a_r_s. If the
character's position in _i_n_c_h_a_r_s is longer than the length of
_o_u_t_c_h_a_r_s, the character is deleted from the file name.
ooppeenn _h_o_s_t [_p_o_r_t]
Establish a connection to the specified _h_o_s_t FTP server. An
optional port number may be supplied, in which case, ffttpp will
attempt to contact an FTP server at that port. If the aauuttoo--
llooggiinn option is on (default), ffttpp will also attempt to auto-
matically log the user in to the FTP server (see below).
ppaassssiivvee Toggle passive mode. If passive mode is turned on (default
is off), the ftp client will send a PASV command for all data
connections instead of the usual PORT command. The PASV com-
mand requests that the remote server open a port for the data
connection and return the address of that port. The remote
server listens on that port and the client connects to it.
When using the more traditional PORT command, the client lis-
tens on a port and sends that address to the remote server,
who connects back to it. Passive mode is useful when using
ffttpp through a gateway router or host that controls the direc-
tionality of traffic. (Note that though ftp servers are re-
quired to support the PASV command by RFC 1123, some do not.)
pprroommpptt Toggle interactive prompting. Interactive prompting occurs
during multiple file transfers to allow the user to selec-
tively retrieve or store files. If prompting is turned off
(default is on), any mmggeett or mmppuutt will transfer all files,
and any mmddeelleettee will delete all files.
pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d
Execute an ftp command on a secondary control connection.
This command allows simultaneous connection to two remote ftp
servers for transferring files between the two servers. The
first pprrooxxyy command should be an ooppeenn, to establish the sec-
ondary control connection. Enter the command "proxy ?" to
see other ftp commands executable on the secondary connec-
tion. The following commands behave differently when pref-
aced by pprrooxxyy: ooppeenn will not define new macros during the au-
to-login process, cclloossee will not erase existing macro defini-
tions, ggeett and mmggeett transfer files from the host on the pri-
mary control connection to the host on the secondary control
connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the
host on the secondary control connection to the host on the
primary control connection. Third party file transfers de-
pend upon support of the ftp protocol PASV command by the
server on the secondary control connection.
ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is
left unspecified, the local file name is used after process-
ing according to any nnttrraannss or nnmmaapp settings in naming the
remote file. File transfer uses the current settings for
ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree.
ppwwdd Print the name of the current working directory on the remote
machine.
qquuiitt A synonym for bbyyee.
qquuoottee _a_r_g_1 _a_r_g_2 _._._.
The arguments specified are sent, verbatim, to the remote FTP
server.
rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
A synonym for get.
rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e]
Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is
smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par-
tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is
continued from the apparent point of failure. This command
is useful when transferring very large files over networks
that are prone to dropping connections.
rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e]
Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e
is specified it is supplied to the server as well.
rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e]
With no arguments, show status of remote machine. If _f_i_l_e_-
_n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma-
chine.
rreennaammee [_f_r_o_m] [_t_o]
Rename the file _f_r_o_m on the remote machine, to the file _t_o.
rreesseett Clear reply queue. This command re-synchronizes command/re-
ply sequencing with the remote ftp server. Resynchronization
may be necessary following a violation of the ftp protocol by
the remote server.
rreessttaarrtt _m_a_r_k_e_r
Restart the immediately following ggeett or ppuutt at the indicated
_m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset into
the file.
rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e
Delete a directory on the remote machine.
rruunniiqquuee Toggle storing of files on the local system with unique file-
names. If a file already exists with a name equal to the
target local filename for a ggeett or mmggeett command, a ".1" is
appended to the name. If the resulting name matches another
existing file, a ".2" is appended to the original name. If
this process continues up to ".99", an error message is
printed, and the transfer does not take place. The generated
unique filename will be reported. Note that rruunniiqquuee will not
affect local files generated from a shell command (see be-
low). The default value is off.
sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e]
A synonym for put.
sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at-
tempt to use a PORT command when establishing a connection
for each data transfer. The use of PORT commands can prevent
delays when performing multiple file transfers. If the PORT
command fails, ffttpp will use the default data port. When the
use of PORT commands is disabled, no attempt will be made to
use PORT commands for each data transfer. This is useful for
certain FTP implementations which do ignore PORT commands
but, incorrectly, indicate they've been accepted.
ssiittee _a_r_g_1 _a_r_g_2 _._._.
The arguments specified are sent, verbatim, to the remote FTP
server as a SITE command.
ssiizzee _f_i_l_e_-_n_a_m_e
Return size of _f_i_l_e_-_n_a_m_e on remote machine.
ssttaattuuss Show the current status of ffttpp.
ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e]
Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default
``stream'' structure is used.
ssuunniiqquuee Toggle storing of files on remote machine under unique file
names. Remote ftp server must support ftp protocol STOU com-
mand for successful completion. The remote server will re-
port unique name. Default value is off.
ssyysstteemm Show the type of operating system running on the remote ma-
chine.
tteenneexx Set the file transfer type to that needed to talk to TENEX
machines.
ttrraaccee Toggle packet tracing.
ttyyppee [_t_y_p_e_-_n_a_m_e]
Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is speci-
fied, the current type is printed. The default type is net-
work ASCII.
uummaasskk [_n_e_w_m_a_s_k]
Set the default umask on the remote server to _n_e_w_m_a_s_k. If
_n_e_w_m_a_s_k is omitted, the current umask is printed.
uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t]
Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d
is not specified and the server requires it, ffttpp will prompt
the user for it (after disabling local echo). If an _a_c_c_o_u_n_t
field is not specified, and the FTP server requires it, the
user will be prompted for it. If an _a_c_c_o_u_n_t field is speci-
fied, an account command will be relayed to the remote server
after the login sequence is completed if the remote server
did not require it for logging in. Unless ffttpp is invoked
with ``auto-login'' disabled, this process is done automati-
cally on initial connection to the FTP server.
vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the
FTP server are displayed to the user. In addition, if ver-
bose is on, when a file transfer completes, statistics re-
garding the efficiency of the transfer are reported. By de-
fault, verbose is on.
?? [_c_o_m_m_a_n_d]
A synonym for help.
The following command can be used with ftpsec-aware servers.
pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e
Set the data protection level to the requested level.
The following command can be used with ftp servers that has implemented
the KAUTH site command.
kkaauutthh [_p_r_i_n_c_i_p_a_l]
Obtain remote tickets.
Command arguments which have embedded spaces may be quoted with quote `"'
marks.
AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR
To abort a file transfer, use the terminal interrupt key (usually Ctrl-
C). Sending transfers will be immediately halted. Receiving transfers
will be halted by sending a ftp protocol ABOR command to the remote serv-
er, and discarding any further data received. The speed at which this is
accomplished depends upon the remote server's support for ABOR process-
ing. If the remote server does not support the ABOR command, an `ftp>'
prompt will not appear until the remote server has completed sending the
requested file.
The terminal interrupt key sequence will be ignored when ffttpp has complet-
ed any local processing and is awaiting a reply from the remote server.
A long delay in this mode may result from the ABOR processing described
above, or from unexpected behavior by the remote server, including viola-
tions of the ftp protocol. If the delay results from unexpected remote
server behavior, the local ffttpp program must be killed by hand.
FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS
Files specified as arguments to ffttpp commands are processed according to
the following rules.
1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t
(for writing) is used.
2. If the first character of the file name is `|', the remainder of the
argument is interpreted as a shell command. FFttpp then forks a shell,
using popen(3) with the argument supplied, and reads (writes) from
the stdout (stdin). If the shell command includes spaces, the argu-
ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex-
ample of this mechanism is: ``dir more''.
3. Failing the above checks, if ``globbing'' is enabled, local file
names are expanded according to the rules used in the csh(1); c.f.
the gglloobb command. If the ffttpp command expects a single local file
(.e.g. ppuutt), only the first filename generated by the "globbing"
operation is used.
4. For mmggeett commands and ggeett commands with unspecified local file
names, the local filename is the remote filename, which may be al-
tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename
may then be altered if rruunniiqquuee is on.
5. For mmppuutt commands and ppuutt commands with unspecified remote file
names, the remote filename is the local filename, which may be al-
tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then
be altered by the remote server if ssuunniiqquuee is on.
FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS
The FTP specification specifies many parameters which may affect a file
transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary),
``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly).
FFttpp supports the ascii and image types of file transfer, plus local byte
size 8 for tteenneexx mode transfers.
FFttpp supports only the default values for the remaining file transfer pa-
rameters: mmooddee, ffoorrmm, and ssttrruucctt.
TTHHEE ..nneettrrcc FFIILLEE
The _._n_e_t_r_c file contains login and initialization information used by the
auto-login process. It resides in the user's home directory. The fol-
lowing tokens are recognized; they may be separated by spaces, tabs, or
new-lines:
mmaacchhiinnee _n_a_m_e
Identify a remote machine _n_a_m_e. The auto-login process searches
the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote ma-
chine specified on the ffttpp command line or as an ooppeenn command
argument. Once a match is made, the subsequent _._n_e_t_r_c tokens
are processed, stopping when the end of file is reached or an-
other mmaacchhiinnee or a ddeeffaauulltt token is encountered.
ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches
any name. There can be only one ddeeffaauulltt token, and it must be
after all mmaacchhiinnee tokens. This is normally used as:
default login anonymous password user@site
thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma-
chines not specified in _._n_e_t_r_c. This can be overridden by using
the --nn flag to disable auto-login.
llooggiinn _n_a_m_e
Identify a user on the remote machine. If this token is pre-
sent, the auto-login process will initiate a login using the
specified _n_a_m_e.
ppaasssswwoorrdd _s_t_r_i_n_g
Supply a password. If this token is present, the auto-login
process will supply the specified string if the remote server
requires a password as part of the login process. Note that if
this token is present in the _._n_e_t_r_c file for any user other
than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the
_._n_e_t_r_c is readable by anyone besides the user.
aaccccoouunntt _s_t_r_i_n_g
Supply an additional account password. If this token is pre-
sent, the auto-login process will supply the specified string
if the remote server requires an additional account password,
or the auto-login process will initiate an ACCT command if it
does not.
mmaaccddeeff _n_a_m_e
Define a macro. This token functions like the ffttpp mmaaccddeeff com-
mand functions. A macro is defined with the specified name;
its contents begin with the next _._n_e_t_r_c line and continue until
a null line (consecutive new-line characters) is encountered.
If a macro named iinniitt is defined, it is automatically executed
as the last step in the auto-login process.
EENNVVIIRROONNMMEENNTT
FFttpp utilizes the following environment variables.
HOME For default location of a _._n_e_t_r_c file, if one exists.
SHELL For default shell.
SSEEEE AALLSSOO
ftpd(8), _R_F_C_2_2_2_8
HHIISSTTOORRYY
The ffttpp command appeared in 4.2BSD.
BBUUGGSS
Correct execution of many commands depends upon proper behavior by the
remote server.
An error in the treatment of carriage returns in the 4.2BSD ascii-mode
transfer code has been corrected. This correction may result in incor-
rect transfers of binary files to and from 4.2BSD servers using the ascii
type. Avoid this problem by using the binary image type.
4.2 Berkeley Distribution April 27, 1996 10

10
crypto/heimdal/appl/ftp/ftp/ftp_locl.h
View file

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */
/* $Id: ftp_locl.h,v 1.35 2001/02/15 04:20:51 assar Exp $ */
#ifndef __FTP_LOCL_H__
#define __FTP_LOCL_H__
@ -129,7 +129,13 @@ struct hostent *gethostbyname(const char *);
#include "roken.h"
#include "security.h"
#include <des.h> /* for des_read_pw_string */
/* des_read_pw_string */
#ifdef HAVE_OPENSSL_DES_H
#include <openssl/des.h>
#else
#include <des.h>
#endif
#if defined(__sun__) && !defined(__svr4)
int fclose(FILE*);

6
crypto/heimdal/appl/ftp/ftp/main.c
View file

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: main.c,v 1.30 2000/11/15 22:56:35 assar Exp $");
RCSID("$Id: main.c,v 1.31 2001/02/20 01:44:43 assar Exp $");
int
main(int argc, char **argv)
@ -46,7 +46,7 @@ main(int argc, char **argv)
char homedir[MaxPathLen];
struct servent *sp;
set_progname(argv[0]);
setprogname(argv[0]);
sp = getservbyname("ftp", "tcp");
if (sp == 0)
@ -127,7 +127,7 @@ main(int argc, char **argv)
exit(0);
signal(SIGINT, intr);
signal(SIGPIPE, lostpeer);
xargv[0] = (char*)__progname;
xargv[0] = (char*)getprogname();
xargv[1] = argv[0];
xargv[2] = argv[1];
xargv[3] = argv[2];

29
crypto/heimdal/appl/ftp/ftp/security.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998-2000 Kungliga Tekniska Högskolan
* Copyright (c) 1998-2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -37,7 +37,7 @@
#include "ftp_locl.h"
#endif
RCSID("$Id: security.c,v 1.17 2000/11/08 23:30:32 joda Exp $");
RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $");
static enum protection_level command_prot;
static enum protection_level data_prot;
@ -166,6 +166,7 @@ sec_get_data(int fd, struct buffer *buf, int level)
{
int len;
int b;
void *tmp;
b = block_read(fd, &len, sizeof(len));
if (b == 0)
@ -173,7 +174,10 @@ sec_get_data(int fd, struct buffer *buf, int level)
else if (b < 0)
return -1;
len = ntohl(len);
buf->data = realloc(buf->data, len);
tmp = realloc(buf->data, len);
if (tmp == NULL)
return -1;
buf->data = tmp;
b = block_read(fd, buf->data, len);
if (b == 0)
return 0;
@ -424,9 +428,17 @@ void
auth(char *auth_name)
{
int i;
void *tmp;
for(i = 0; (mech = mechs[i]) != NULL; i++){
if(!strcasecmp(auth_name, mech->name)){
app_data = realloc(app_data, mech->size);
tmp = realloc(app_data, mech->size);
if (tmp == NULL) {
reply(431, "Unable to accept %s at this time", mech->name);
return;
}
app_data = tmp;
if(mech->init && (*mech->init)(app_data) != 0) {
reply(431, "Unable to accept %s at this time", mech->name);
return;
@ -443,6 +455,7 @@ auth(char *auth_name)
}
}
free (app_data);
app_data = NULL;
reply(504, "%s is unknown to me", auth_name);
}
@ -776,9 +789,11 @@ sec_end(void)
if (mech != NULL) {
if(mech->end)
(*mech->end)(app_data);
memset(app_data, 0, mech->size);
free(app_data);
app_data = NULL;
if (app_data != NULL) {
memset(app_data, 0, mech->size);
free(app_data);
app_data = NULL;
}
}
sec_complete = 0;
data_prot = (enum protection_level)0;

16
crypto/heimdal/appl/ftp/ftpd/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL =
libexec_PROGRAMS = ftpd
@ -288,7 +291,7 @@ OBJECTS = $(am_ftpd_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x .y
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj .y
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile
@ -462,6 +465,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

13
crypto/heimdal/appl/ftp/ftpd/ftpd.8
View file

@ -40,7 +40,7 @@
.Nm ftpd
.Nd Internet File Transfer Protocol server
.Sh SYNOPSIS
.Nm ftpd
.Nm
.Op Fl a Ar authmode
.Op Fl dilv
.Op Fl g Ar umask
@ -48,6 +48,8 @@
.Op Fl T Ar maxtimeout
.Op Fl t Ar timeout
.Op Fl u Ar default umask
.Op Fl B | Fl -builtin-ls
.Op Fl -good-chars= Ns Ar string
.Sh DESCRIPTION
.Nm Ftpd
is the
@ -128,6 +130,15 @@ seconds (the default is 15 minutes).
Set the initial umask to something else than the default 027.
.It Fl v
Verbose mode.
.It Xo
.Fl B Ns ,
.Fl -builtin-ls
.Xc
use built-in ls to list files
.It Xo
.Fl -good-chars= Ns Ar string
.Xc
allowed anonymous upload filename chars
.El
.Pp
The file

14
crypto/heimdal/appl/ftp/ftpd/ftpd.c
View file

@ -38,7 +38,7 @@
#endif
#include "getarg.h"
RCSID("$Id: ftpd.c,v 1.153 2001/01/18 09:14:59 joda Exp $");
RCSID("$Id: ftpd.c,v 1.157 2001/04/19 14:41:29 joda Exp $");
static char version[] = "Version 6.00";
@ -262,7 +262,7 @@ main(int argc, char **argv)
int optind = 0;
set_progname (argv[0]);
setprogname (argv[0]);
/* detach from any tickets and tokens */
{
@ -1187,18 +1187,22 @@ do_store(char *name, char *mode, int unique)
goto done;
set_buffer_size(fileno(din), 1);
if (receive_data(din, fout) == 0) {
if((*closefunc)(fout) < 0)
perror_reply(552, name);
else {
if (unique)
reply(226, "Transfer complete (unique file name:%s).",
name);
else
reply(226, "Transfer complete.");
}
}
} else
(*closefunc)(fout);
fclose(din);
data = -1;
pdata = -1;
done:
LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count);
(*closefunc)(fout);
}
static FILE *
@ -2161,7 +2165,7 @@ send_file_list(char *whichf)
char buf[MaxPathLen];
if (strpbrk(whichf, "~{[*?") != NULL) {
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT;
memset(&gl, 0, sizeof(gl));
freeglob = 1;

296
crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 Normal file
View file

@ -0,0 +1,296 @@
FTPD(8) UNIX System Manager's Manual FTPD(8)
NNAAMMEE
ffttppdd - Internet File Transfer Protocol server
SSYYNNOOPPSSIISS
ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt
_t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g]
DDEESSCCRRIIPPTTIIOONN
FFttppdd is the Internet File Transfer Protocol server process. The server
uses the TCP protocol and listens at the port specified in the ``ftp''
service specification; see services(5).
Available options:
--aa Select the level of authentication required. Kerberised login
can not be turned off. The default is to only allow kerberised
login. Other possibilities can be turned on by giving a string
of comma separated flags as argument to --aa. Recognised flags are:
_p_l_a_i_n Allow logging in with plaintext password. The password can
be a(n) OTP or an ordinary password.
_o_t_p Same as _p_l_a_i_n, but only OTP is allowed.
_f_t_p Allow anonymous login.
The following combination modes exists for backwards compatibili-
ty:
_n_o_n_e Same as _p_l_a_i_n_,_f_t_p.
_s_a_f_e Same as _f_t_p.
_u_s_e_r Ignored.
--dd Debugging information is written to the syslog using LOG_FTP.
--gg Anonymous users will get a umask of _u_m_a_s_k.
--ii Open a socket and wait for a connection. This is mainly used for
debugging when ftpd isn't started by inetd.
--ll Each successful and failed ftp(1) session is logged using syslog
with a facility of LOG_FTP. If this option is specified twice,
the retrieve (get), store (put), append, delete, make directory,
remove directory and rename operations and their filename argu-
ments are also logged.
--pp Use _p_o_r_t (a service name or number) instead of the default
_f_t_p_/_t_c_p.
--TT A client may also request a different timeout period; the maximum
period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option.
The default limit is 2 hours.
--tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de-
fault is 15 minutes).
--uu Set the initial umask to something else than the default 027.
--vv Verbose mode.
--BB, ----bbuuiillttiinn--llss
use built-in ls to list files
----ggoooodd--cchhaarrss==_s_t_r_i_n_g
allowed anonymous upload filename chars
The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex-
ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists,
ffttppdd prints it before issuing the ``ready'' message. If the file
_/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login.
The ftp server currently supports the following ftp requests. The case
of the requests is ignored.
Request Description
ABOR abort previous command
ACCT specify account (ignored)
ALLO allocate storage (vacuously)
APPE append to a file
CDUP change to parent of current working directory
CWD change working directory
DELE delete a file
HELP give help information
LIST give list files in a directory (``ls -lgA'')
MKD make a directory
MDTM show last modification time of file
MODE specify data transfer _m_o_d_e
NLST give name list of files in directory
NOOP do nothing
PASS specify password
PASV prepare for server-to-server transfer
PORT specify data connection port
PWD print the current working directory
QUIT terminate session
REST restart incomplete transfer
RETR retrieve a file
RMD remove a directory
RNFR specify rename-from file name
RNTO specify rename-to file name
SITE non-standard commands (see next section)
SIZE return size of file
STAT return status of server
STOR store a file
STOU store a file with a unique name
STRU specify data transfer _s_t_r_u_c_t_u_r_e
SYST show operating system type of server system
TYPE specify data transfer _t_y_p_e
USER specify user name
XCUP change to parent of current working directory
(deprecated)
XCWD change working directory (deprecated)
XMKD make a directory (deprecated)
XPWD print the current working directory (deprecated)
XRMD remove a directory (deprecated)
The following commands are specified by RFC2228.
AUTH authentication/security mechanism
ADAT authentication/security data
PROT data channel protection level
PBSZ protection buffer size
MIC integrity protected command
CONF confidentiality protected command
ENC privacy protected command
CCC clear command channel
The following non-standard or UNIX specific commands are supported by the
SITE request.
UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022)
IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600)
CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee)
FIND quickly find a specific file with GNU locate(1).
HELP give help information.
The following Kerberos related site commands are understood.
KAUTH obtain remote tickets.
KLIST show remote tickets
The remaining ftp requests specified in Internet RFC 959 are recognized,
but not implemented. MDTM and SIZE are not specified in RFC 959, but
will appear in the next updated FTP RFC.
The ftp server will abort an active file transfer only when the ABOR com-
mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet
"Synch" signal in the command Telnet stream, as described in Internet RFC
959. If a STAT command is received during a data transfer, preceded by a
Telnet IP and Synch, transfer status will be returned.
FFttppdd interprets file names according to the ``globbing'' conventions used
by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''.
FFttppdd authenticates users according to these rules.
1. If Kerberos authentication is used, the user must pass valid
tickets and the principal must be allowed to login as the re-
mote user.
2. The login name must be in the password data base, and not have
a null password (if kerberos is used the password field is not
checked). In this case a password must be provided by the
client before any file operations may be performed. If the
user has an OTP key, the response from a successful USER com-
mand will include an OTP challenge. The client may choose to
respond with a PASS command giving either a standard password
or an OTP one-time password. The server will automatically de-
termine which type of password it has been given and attempt
to authenticate accordingly. See otp(1) for more information
on OTP authentication.
3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s.
4. The user must have a standard shell returned by
getusershell(3).
5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses-
sion's root will be changed to the user's login directory by
chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
item). However, the user must still supply a password. This
feature is intended as a compromise between a fully anonymous
account and a fully privileged account. The account should
also be set up as for an anonymous account.
6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp
account must be present in the password file (user ``ftp'').
In this case the user is allowed to log in by specifying any
password (by convention an email address for the user should
be used as the password).
In the last case, ffttppdd takes special measures to restrict the client's
access privileges. The server performs a chroot(2) to the home directory
of the ``ftp'' user. In order that system security is not breached, it
is recommended that the ``ftp'' subtree be constructed with care, consid-
er following these guidelines for anonymous ftp.
In general all files should be owned by ``root'', and have non-write per-
missions (644 or 755 depending on the kind of file). No files should be
owned or writable by ``ftp'' (possibly with exception for the
_~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below).
_~_f_t_p The ``ftp'' homedirectory should be owned by root.
_~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)).
These programs must either be statically linked, or you
must setup an environment for dynamic linking when run-
ning chrooted. These programs will be used if present:
ls Used when listing files.
compress
When retrieving a filename that ends in _._Z,
and that file isn't present, ffttppdd will try
to find the filename without _._Z and com-
press it on the fly.
gzip Same as compress, just with files ending in
_._g_z.
gtar Enables retrieval of whole directories as
files ending in _._t_a_r. Can also be combined
with compression. You must use GNU Tar (or
some other that supports the --zz and --ZZ
flags).
locate Will enable ``fast find'' with the SSIITTEE
FFIINNDD command. You must also create a
_l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c.
_~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files
here, ls will be able to produce owner names rather than
numbers. Remember to remove any passwords from these
files.
The file _m_o_t_d, if present, will be printed after a suc-
cessful login.
_~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here.
_~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub-
lic.
If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di-
rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure
``ftp'' is member of group ``ftp''). The following restrictions apply to
anonymous users:
++oo Directories created will have mode 700.
++oo Uploaded files will be created with an umask of 777, if not changed
with the --gg option.
++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK,
and SSIITTEE CCHHMMOODD.
++oo Filenames must start with an alpha-numeric character, and consist of
alpha-numeric characters or any of the following: + (plus), - (mi-
nus), = (equal), _ (underscore), . (period), and , (comma).
FFIILLEESS
/etc/ftpusers Access list for users.
/etc/ftpchroot List of normal users who should be chroot'd.
/etc/ftpwelcome Welcome notice.
/etc/motd Welcome notice after login.
/etc/nologin Displayed and access refused.
~/.klogin Login access for Kerberos.
SSEEEE AALLSSOO
ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8),
SSTTAANNDDAARRDDSS
RRFFCC 995599 FTP PROTOCOL SPECIFICATION
RRFFCC 11993388 OTP Specification
RRFFCC 22222288 FTP Security Extensions.
BBUUGGSS
The server must run as the super-user to create sockets with privileged
port numbers. It maintains an effective user id of the logged in user,
reverting to the super-user only when binding addresses to sockets. The
possible security holes have been extensively scrutinized, but are possi-
bly incomplete.
HHIISSTTOORRYY
The ffttppdd command appeared in 4.2BSD.
4.2 Berkeley Distribution April 19, 1997 5

2
crypto/heimdal/appl/ftp/ftpd/ftpusers.5
View file

@ -1,4 +1,4 @@
.\" $Id: ftpusers.5,v 1.3 2001/01/11 16:16:26 assar Exp $
.\" $Id: ftpusers.5,v 1.4 2001/05/02 08:59:20 assar Exp $
.\"
.Dd May 7, 1997
.Dt FTPUSERS 5

27
crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 Normal file
View file

@ -0,0 +1,27 @@
FTPUSERS(5) UNIX Programmer's Manual FTPUSERS(5)
NNAAMMEE
_/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file
DDEESSCCRRIIPPTTIIOONN
_/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied
FTP access. Each line contains a user, optionally followed by ``allow''
(anything but ``allow'' is ignored). The semi-user ``*'' matches any us-
er. Users that has an explicit ``allow'', or that does not match any
line, are allowed access. Anyone else is denied access.
Note that this is compatible with the old format, where this file con-
tained a list of users that should be denied access.
EEXXAAMMPPLLEESS
This will deny anyone but ``foo'' and ``bar'' to use FTP:
foo allow
bar allow
*
SSEEEE AALLSSOO
ftpd(8)
KTH-KRB May 7, 1997 1

5
crypto/heimdal/appl/ftp/ftpd/popen.c
View file

@ -37,7 +37,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: popen.c,v 1.22 2001/02/05 07:51:51 assar Exp $");
RCSID("$Id: popen.c,v 1.24 2001/03/26 11:41:02 assar Exp $");
#endif
#include <sys/types.h>
@ -138,7 +138,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob)
/* glob each piece */
for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) {
glob_t gl;
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE
| GLOB_LIMIT;
memset(&gl, 0, sizeof(gl));
if (no_glob || glob(argv[argc], flags, NULL, &gl))

16
crypto/heimdal/appl/kf/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
bin_PROGRAMS = kf
@ -251,7 +254,7 @@ OBJECTS = $(am_kf_OBJECTS) $(am_kfd_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kf/Makefile
@ -451,6 +454,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

4
crypto/heimdal/appl/kf/kf.c
View file

@ -32,7 +32,7 @@
*/
#include "kf_locl.h"
RCSID("$Id: kf.c,v 1.14 2000/12/31 07:31:06 assar Exp $");
RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $");
krb5_context context;
static int help_flag;
@ -71,7 +71,7 @@ client_setup(krb5_context *context, int *argc, char **argv)
int port = 0;
int status;
set_progname (argv[0]);
setprogname (argv[0]);
status = krb5_init_context (context);
if (status)

46
crypto/heimdal/appl/kf/kf.cat1 Normal file
View file

@ -0,0 +1,46 @@
KF(1) UNIX Reference Manual KF(1)
NNAAMMEE
kkff - securly forward tickets
SSYYNNOOPPSSIISS
kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e |
----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh |
----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._.
DDEESSCCRRIIPPTTIIOONN
The kkff program forwards tickets to a remove host through an authenticated
and encrypted stream. Options supported are:
--pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
port to connect to
--ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n
remote login name
--cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e
remote cred cache
--FF, ----ffoorrwwaarrddaabbllee
forward forwardable credentials
--GG, ----nnoo--ffoorrwwaarrddaabbllee
do not forward forwardable credentials
--hh, ----hheellpp
----vveerrssiioonn
kkff is useful when you do not want to enter your password on a remote host
but want to have your tickets one for example afs.
In order for kkff to work you will need to acquire your initial ticket with
forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee.
tteellnneett is able to forward ticket by itself.
SSEEEE AALLSSOO
kinit(1), telnet(1), kfd(8)
Heimdal July 2, 2000 1

4
crypto/heimdal/appl/kf/kfd.c
View file

@ -32,7 +32,7 @@
*/
#include "kf_locl.h"
RCSID("$Id: kfd.c,v 1.8 2001/01/09 18:43:10 assar Exp $");
RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $");
krb5_context context;
char krb5_tkfile[MAXPATHLEN];
@ -315,7 +315,7 @@ main(int argc, char **argv)
int port;
int ret;
set_progname (argv[0]);
setprogname (argv[0]);
roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH);
port = server_setup(&context, argc, argv);
ret = doit (port, service);

31
crypto/heimdal/appl/kf/kfd.cat8 Normal file
View file

@ -0,0 +1,31 @@
KFD(8) UNIX System Manager's Manual KFD(8)
NNAAMMEE
kkffdd - receive forwarded tickets
SSYYNNOOPPSSIISS
kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g]
[--hh | ----hheellpp] [----vveerrssiioonn]
DDEESSCCRRIIPPTTIIOONN
This is the daemon for kf(1). Supported options:
--pp _p_o_r_t, ----ppoorrtt=_p_o_r_t
port to listen to
--ii, ----iinneettdd
not started from inetd
--RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g
path to regpag binary
EEXXAAMMPPLLEESS
Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd
SSEEEE AALLSSOO
kf(1)
Heimdal July 2, 2000 1

317
crypto/heimdal/appl/kx/ChangeLog Normal file
View file

@ -0,0 +1,317 @@
2001-01-17 Johan Danielsson <joda@pdc.kth.se>
* common.c: don't write to string constants
2000-12-31 Assar Westerlund <assar@sics.se>
* krb5.c (krb5_make_context): handle krb5_init_context failure
consistently
2000-10-08 Assar Westerlund <assar@sics.se>
* kxd.c (doit_passive): check that fds are not too large to select
on
* kx.c (doit_active): check that fds are not too large to select
on
* krb5.c (krb5_copy_encrypted): check that fds are not too large
to select on
* krb4.c (krb4_copy_encrypted): check that fds are not too large
to select on
2000-06-10 Assar Westerlund <assar@sics.se>
* Makefile.in: use INSTALL_SCRIPT for installing rxterm, rxtelnet,
tenletxr
2000-04-19 Assar Westerlund <assar@sics.se>
* common.c: try hostname uncanonified if getaddrinfo() fails
2000-02-06 Assar Westerlund <assar@sics.se>
* kx.h: remove old prorotypes
2000-01-08 Assar Westerlund <assar@sics.se>
* common.c (match_local_auth): handle ai_canonname being set in
any of the addresses returnedby getaddrinfo. glibc apparently
returns the reverse lookup of every address in ai_canonname.
1999-12-28 Assar Westerlund <assar@sics.se>
* kxd.c (main): call krb5_getportbyname with the default in
host-byte-order
1999-12-17 Assar Westerlund <assar@sics.se>
* common.c (match_local_auth): remove extra brace. spotted by
Jakob Schlyter <jakob@cdg.chalmers.se>
1999-12-16 Assar Westerlund <assar@sics.se>
* common.c (match_local_auth): handle ai_canonname not being set
1999-12-06 Assar Westerlund <assar@sics.se>
* krb4.c (krb4_authenticate): the NAT address might not be the one
for the relevant realm, try anyway.
* kxd.c (recv_conn): type correctness
* kx.c (connect_host): typo
1999-12-05 Assar Westerlund <assar@sics.se>
* common.c (INADDR_LOOPBACK): remove. now in roken.
* kxd.c (recv_conn): use getnameinfo_verified
* kxd.c (recv_conn): replace inaddr2str with getnameinfo
1999-12-04 Assar Westerlund <assar@sics.se>
* kx.c (connect_host): use getaddrinfo
* common.c (find_auth_cookie, match_local_auth): re-write to use
getaddrinfo
1999-11-27 Assar Westerlund <assar@sics.se>
* kxd.c (recv_conn): better errors when getting unrecognized data
1999-11-25 Assar Westerlund <assar@sics.se>
* krb4.c (krb4_authenticate): obtain the `local' address when
doing NAT. also turn on passive mode. From <thn@stacken.kth.se>
1999-11-18 Assar Westerlund <assar@sics.se>
* krb5.c (krb5_destroy): free the correct part of the context
1999-11-02 Assar Westerlund <assar@sics.se>
* kx.c (main): redo the v4/v5 selection for consistency. -4 ->
try only v4 -5 -> try only v5 none, -45 -> try v5, v4
1999-10-10 Assar Westerlund <assar@sics.se>
* Makefile.am (CLEANFILES): add generated files so that they get
cleaned away
1999-09-29 Assar Westerlund <assar@sics.se>
* common.c (match_local_auth): only look for FamilyLocal (and
FamilyWild) cookies. This will not work when we start talking tcp
to the local X-server but `connect_local_xsocket' and the rest of
the code doesn't handle it anyway and the old code could (and did)
pick up the wrong cookie sometimes. If we have to match
FamilyInternet cookies, the search order has to be changed anyway
1999-09-02 Assar Westerlund <assar@sics.se>
* kxd.c (childhandler): watch for child `wait_on_pid' to die.
(recv_conn): set `wait_on_pid' instead of looping on waitpid here
also. This should solve the problem of kxd looping which was
caused by the signal handler getting invoked before this waitpid
and reaping the child leaving this poor loop without any child
1999-08-19 Assar Westerlund <assar@sics.se>
* kxd.c (recv_conn): give better error message
(doit_active): don't die if fork gives EAGAIN
1999-08-19 Johan Danielsson <joda@pdc.kth.se>
* kxd.c (recv_conn): call setjob on crays;
(doit_passive): if fork fails with EAGAIN, don't shutdown, just close
the connection re-implement `-t' flag
1999-07-12 Assar Westerlund <assar@sics.se>
* Makefile.am: handle not building X programs
1999-06-23 Assar Westerlund <assar@sics.se>
* kx.c: conditionalize krb_enable_debug
1999-06-20 Assar Westerlund <assar@sics.se>
* kxd.c (main): hopefully do inetd confusion right
1999-06-15 Assar Westerlund <assar@sics.se>
* krb4.c (krb4_authenticate): get rid of a warning
* kx.h: const-pollution
* kx.c: use get_default_username and resulting const pollution
* context.c (context_set): const pollution
1999-05-22 Assar Westerlund <assar@sics.se>
* kxd.c (recv_conn): fix syslog messages
(main): fix inetd_flag thinko
1999-05-21 Assar Westerlund <assar@sics.se>
* kx.c (main): don't byte-swap the argument to krb5_getportbyname
* kx.c (main): try to use $USERNAME
1999-05-10 Assar Westerlund <assar@sics.se>
* Makefile.in (SOURCES*): update sources list
* kx.c (main): forgot to conditionalize some KRB5 code
* kxd.c (main): use getarg
(*): handle v4 and/or v5
* kx.h: update
* kx.c (main): use getarg.
(*): handle v4 and/or v5
* common.c (do_enccopy, copy_encrypted): remove use
net_{read,write} instead of krb_net_{read,write}
(krb_get_int, krb_put_int): include fallback of these for when we
compile without krb4
* Makefile.am (*_SOURCES): remove encdata, add krb[45].c,
context.c
(LDADD): add krb5
* krb4.c, krb5.c, context.c: new files
1999-05-08 Assar Westerlund <assar@sics.se>
* kxd.c (doit_passive): handle error code from
create_and_write_cookie
* kx.c (doit_active): handle error code from
create_and_write_cookie
* common.c (create_and_write_cookie): try to return better (and
correct) errors. Based on a patch from Love <lha@e.kth.se>
* common.c (try_pie): more braces
(match_local_auth): new function
(find_auth_cookie): new function
(replace_cookie): don't just take the first auth cookie. based on
patch from Ake Sandgren <ake@@cs.umu.se>
Wed Apr 7 23:39:23 1999 Assar Westerlund <assar@sics.se>
* common.c (get_xsockets): init local variable to get rid of a gcc
warning
Thu Apr 1 21:11:36 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.in: fix for writeauth.o
Fri Mar 19 15:12:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* kx.c: add gcc-braces
Thu Mar 18 11:18:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: include Makefile.am.common
Thu Mar 11 14:58:32 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* writeauth.c: protoize
* common.c: fix some warnings
Wed Mar 10 19:33:39 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* kxd.c: openlog -> roken_openlog
Wed Feb 3 22:01:55 1999 Assar Westerlund <assar@sics.se>
* rxtelnet.in: print out what telnet program we are running. From
<nissej@pdc.kth.se>
* tenletxr.in: add --version, [-h | --help], -v
* rxterm.in: add --version, [-h | --help], -v
* rxtelnet.in: add --version, [-h | --help], -v
* Makefile.in (rxterm, rxtelnet, telnetxr): substitute VERSION and
PACKAGE
* rxtelnet.in: update usage string
Fri Jan 22 23:51:05 1999 Assar Westerlund <assar@sics.se>
* common.c (verify_and_remove_cookies): give back a meaningful
error message if we're using the wrong cookie
Fri Dec 18 17:42:02 1998 Assar Westerlund <assar@sics.se>
* common.c (replace_cookie): try to handle the case of not finding
any cookies
Sun Nov 22 10:31:53 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (WFLAGS): set
Wed Nov 18 20:25:37 1998 Assar Westerlund <assar@sics.se>
* rxtelnet.in: new argument -n for not starting any terminal
emulator
* kx.c (doit_passive): parse $DISPLAY correctly
Fri Oct 2 06:34:51 1998 Assar Westerlund <assar@sics.se>
* kx.c (doit_active): check DISPLAY to figure out what local
socket to connect to. From Åke Sandgren <ake@cs.umu.se>
Thu Oct 1 23:02:29 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* kx.h: case MAY_HAVE_X11_PIPES with Solaris
Tue Sep 29 02:22:44 1998 Assar Westerlund <assar@sics.se>
* kx.c: fix from Ake Sandgren <ake@cs.umu.se>
Mon Sep 28 18:04:03 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* common.c (try_pipe): return -1 if I_PUSH fails with ENOSYS
Sat Sep 26 17:34:21 1998 Assar Westerlund <assar@sics.se>
* kxd.c: create sockets before setuid to handle Solaris' strange
permissions on /tmp/.X11-{unix,pipe}
* common.c (chown_xsockets): new function
* kx.h (chown_xsockets): new prototype
Sun Aug 16 18:34:30 1998 Assar Westerlund <assar@sics.se>
* kxd.c (doit_passive): conditionalize stream pipe code
* implement support for Solaris's named-pipe X transport
Thu May 28 17:20:39 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* common.c: fix for (compiler?) bug in solaris 2.4 bind
* kx.c: get_xsockets returns int, not unsigned
Wed May 27 04:20:20 1998 Assar Westerlund <assar@sics.se>
* kxd.c (doit): better error reporting
Tue May 26 17:41:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* kx.c: use krb_enable_debug
Mon May 25 05:22:18 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (clean): remove encdata.c
Fri May 1 07:16:36 1998 Assar Westerlund <assar@sics.se>
* kx.c: unifdef -DHAVE_H_ERRNO

73
crypto/heimdal/appl/kx/Makefile.am Normal file
View file

@ -0,0 +1,73 @@
# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS)
WFLAGS += $(WFLAGS_NOIMPLICITINT)
if HAVE_X
bin_PROGRAMS = kx
bin_SCRIPTS = rxterm rxtelnet tenletxr
libexec_PROGRAMS = kxd
else
bin_PROGRAMS =
bin_SCRIPTS =
libexec_PROGRAMS =
endif
CLEANFILES = rxterm rxtelnet tenletxr
if NEED_WRITEAUTH
XauWriteAuth_c = writeauth.c
endif
kx_SOURCES = \
kx.c \
kx.h \
common.c \
context.c \
krb4.c \
krb5.c \
$(XauWriteAuth_c)
EXTRA_kx_SOURCES = writeauth.c
kxd_SOURCES = \
kxd.c \
kx.h \
common.c \
context.c \
krb4.c \
krb5.c \
$(XauWriteAuth_c)
EXTRA_kxd_SOURCES = writeauth.c
EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
rxterm: rxterm.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
chmod +x $@
rxtelnet: rxtelnet.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
chmod +x $@
tenletxr: tenletxr.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
chmod +x $@
LDADD = \
$(LIB_kafs) \
$(LIB_krb5) \
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)

801
crypto/heimdal/appl/kx/Makefile.in Normal file
View file

@ -0,0 +1,801 @@
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ../..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
@SET_MAKE@
host_alias = @host_alias@
host_triplet = @host@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMDEP = @AMDEP@
AMTAR = @AMTAR@
AS = @AS@
AWK = @AWK@
CANONICAL_HOST = @CANONICAL_HOST@
CATMAN = @CATMAN@
CATMANEXT = @CATMANEXT@
CC = @CC@
CPP = @CPP@
CXX = @CXX@
CXXCPP = @CXXCPP@
DBLIB = @DBLIB@
DEPDIR = @DEPDIR@
DIR_des = @DIR_des@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
INCLUDE_ = @INCLUDE_@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
LIB_des = @LIB_des@
LIB_des_appl = @LIB_des_appl@
LIB_kdb = @LIB_kdb@
LIB_otp = @LIB_otp@
LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
YACC = @YACC@
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
install_sh = @install_sh@
# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS)
AM_CFLAGS = $(WFLAGS)
CP = cp
COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
buildinclude = $(top_builddir)/include
LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_crypt = @LIB_crypt@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_gethostbyname = @LIB_gethostbyname@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_getpwnam_r = @LIB_getpwnam_r@
LIB_getsockopt = @LIB_getsockopt@
LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
LIB_res_search = @LIB_res_search@
LIB_setpcred = @LIB_setpcred@
LIB_setsockopt = @LIB_setsockopt@
LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
LIB_hesiod = @LIB_hesiod@
INCLUDE_krb4 = @INCLUDE_krb4@
LIB_krb4 = @LIB_krb4@
INCLUDE_openldap = @INCLUDE_openldap@
LIB_openldap = @LIB_openldap@
INCLUDE_readline = @INCLUDE_readline@
LEXLIB = @LEXLIB@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT)
@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@kx
@HAVE_X_FALSE@bin_PROGRAMS =
@HAVE_X_TRUE@bin_SCRIPTS = @HAVE_X_TRUE@rxterm rxtelnet tenletxr
@HAVE_X_FALSE@bin_SCRIPTS =
@HAVE_X_TRUE@libexec_PROGRAMS = @HAVE_X_TRUE@kxd
@HAVE_X_FALSE@libexec_PROGRAMS =
CLEANFILES = rxterm rxtelnet tenletxr
@NEED_WRITEAUTH_TRUE@XauWriteAuth_c = @NEED_WRITEAUTH_TRUE@writeauth.c
kx_SOURCES = \
kx.c \
kx.h \
common.c \
context.c \
krb4.c \
krb5.c \
$(XauWriteAuth_c)
EXTRA_kx_SOURCES = writeauth.c
kxd_SOURCES = \
kxd.c \
kx.h \
common.c \
context.c \
krb4.c \
krb5.c \
$(XauWriteAuth_c)
EXTRA_kxd_SOURCES = writeauth.c
EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in
man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8
LDADD = \
$(LIB_kafs) \
$(LIB_krb5) \
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
$(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS)
subdir = appl/kx
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
CONFIG_CLEAN_FILES =
@HAVE_X_FALSE@bin_PROGRAMS =
@HAVE_X_FALSE@libexec_PROGRAMS =
PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
X_CFLAGS = @X_CFLAGS@
X_LIBS = @X_LIBS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
@NEED_WRITEAUTH_FALSE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \
@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
@NEED_WRITEAUTH_TRUE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \
@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
kx_OBJECTS = $(am_kx_OBJECTS)
kx_LDADD = $(LDADD)
@KRB4_FALSE@@KRB5_FALSE@kx_DEPENDENCIES =
@KRB4_FALSE@@KRB5_TRUE@kx_DEPENDENCIES = \
@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
@KRB4_TRUE@@KRB5_FALSE@kx_DEPENDENCIES = \
@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
@KRB4_TRUE@@KRB5_TRUE@kx_DEPENDENCIES = \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
kx_LDFLAGS =
@NEED_WRITEAUTH_FALSE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \
@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT)
@NEED_WRITEAUTH_TRUE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \
@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \
@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT)
kxd_OBJECTS = $(am_kxd_OBJECTS)
kxd_LDADD = $(LDADD)
@KRB4_FALSE@@KRB5_FALSE@kxd_DEPENDENCIES =
@KRB4_FALSE@@KRB5_TRUE@kxd_DEPENDENCIES = \
@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
@KRB4_TRUE@@KRB5_FALSE@kxd_DEPENDENCIES = \
@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la
@KRB4_TRUE@@KRB5_TRUE@kxd_DEPENDENCIES = \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
kxd_LDFLAGS =
SCRIPTS = $(bin_SCRIPTS)
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CFLAGS = @CFLAGS@
CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
DIST_SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \
$(EXTRA_kxd_SOURCES)
man1dir = $(mandir)/man1
man8dir = $(mandir)/man8
MANS = $(man_MANS)
depcomp =
DIST_COMMON = ChangeLog Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES)
OBJECTS = $(am_kx_OBJECTS) $(am_kxd_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kx/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-binPROGRAMS:
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
distclean-binPROGRAMS:
maintainer-clean-binPROGRAMS:
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
$(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
rm -f $(DESTDIR)$(bindir)/$$f; \
done
mostlyclean-libexecPROGRAMS:
clean-libexecPROGRAMS:
-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
distclean-libexecPROGRAMS:
maintainer-clean-libexecPROGRAMS:
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libexecdir)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
$(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
else :; fi; \
done
uninstall-libexecPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
rm -f $(DESTDIR)$(libexecdir)/$$f; \
done
mostlyclean-compile:
-rm -f *.o core *.core
-rm -f *.$(OBJEXT)
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
maintainer-clean-libtool:
kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES)
@rm -f kx$(EXEEXT)
$(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS)
kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES)
@rm -f kxd$(EXEEXT)
$(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS)
install-binSCRIPTS: $(bin_SCRIPTS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_SCRIPTS)'; for p in $$list; do \
f="`echo $$p|sed '$(transform)'`"; \
if test -f $$p; then \
echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \
$(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \
elif test -f $(srcdir)/$$p; then \
echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \
$(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \
else :; fi; \
done
uninstall-binSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(bin_SCRIPTS)'; for p in $$list; do \
f="`echo $$p|sed '$(transform)'`"; \
echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
rm -f $(DESTDIR)$(bindir)/$$f; \
done
.c.o:
$(COMPILE) -c $<
.c.obj:
$(COMPILE) -c `cygpath -w $<`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
install-man1:
$(mkinstalldirs) $(DESTDIR)$(man1dir)
@list='$(man1_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
done
uninstall-man1:
@list='$(man1_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
rm -f $(DESTDIR)$(man1dir)/$$inst; \
done
install-man8:
$(mkinstalldirs) $(DESTDIR)$(man8dir)
@list='$(man8_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \
done
uninstall-man8:
@list='$(man8_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.8*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \
rm -f $(DESTDIR)$(man8dir)/$$inst; \
done
install-man: $(MANS)
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-man1 install-man8
uninstall-man:
@$(NORMAL_UNINSTALL)
$(MAKE) $(AM_MAKEFLAGS) uninstall-man1 uninstall-man8
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \
install-binSCRIPTS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec: install-exec-am
install-data-am: install-man install-data-local
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
uninstall-binSCRIPTS uninstall-man
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \
$(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 \
$(DESTDIR)$(mandir)/man8
mostlyclean-generic:
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
-rm -f Makefile.in
mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \
mostlyclean-compile mostlyclean-libtool \
mostlyclean-tags mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \
clean-libtool clean-tags clean-generic mostlyclean-am
clean: clean-am
distclean-am: distclean-binPROGRAMS distclean-libexecPROGRAMS \
distclean-compile distclean-libtool distclean-tags \
distclean-generic clean-am
-rm -f libtool
distclean: distclean-am
maintainer-clean-am: maintainer-clean-binPROGRAMS \
maintainer-clean-libexecPROGRAMS \
maintainer-clean-compile maintainer-clean-libtool \
maintainer-clean-tags maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \
distclean-compile clean-compile maintainer-clean-compile \
mostlyclean-libtool distclean-libtool clean-libtool \
maintainer-clean-libtool uninstall-binSCRIPTS install-binSCRIPTS \
install-man1 uninstall-man1 install-man8 uninstall-man8 install-man \
uninstall-man tags mostlyclean-tags distclean-tags clean-tags \
maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \
check-am installcheck-am installcheck install-exec-am install-exec \
install-data-local install-data-am install-data install-am install \
uninstall-am uninstall all-local all-redirect all-am all install-strip \
installdirs mostlyclean-generic distclean-generic clean-generic \
maintainer-clean-generic clean mostlyclean distclean maintainer-clean
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
x=$(DESTDIR)$(bindir)/$$file; \
if chown 0:0 $$x && chmod u+s $$x; then :; else \
echo "*"; \
echo "* Failed to install $$x setuid root"; \
echo "*"; \
fi; done
install-exec-hook: install-suid-programs
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
$(CP) $$file $(buildinclude)/$$f; \
fi ; \
done
all-local: install-build-headers
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
.3.cat3:
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
dist-cat1-mans:
@foo='$(man1_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.1) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat3-mans:
@foo='$(man3_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.3) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat5-mans:
@foo='$(man5_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.5) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.8) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
.et.h:
$(COMPILE_ET) $<
.et.c:
$(COMPILE_ET) $<
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
check-local::
@foo='$(CHECK_LOCAL)'; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
rxterm: rxterm.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@
chmod +x $@
rxtelnet: rxtelnet.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@
chmod +x $@
tenletxr: tenletxr.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@
chmod +x $@
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

794
crypto/heimdal/appl/kx/common.c Normal file
View file

@ -0,0 +1,794 @@
/*
* Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: common.c,v 1.62 2001/02/15 04:20:51 assar Exp $");
char x_socket[MaxPathLen];
u_int32_t display_num;
char display[MaxPathLen];
int display_size = sizeof(display);
char xauthfile[MaxPathLen];
int xauthfile_size = sizeof(xauthfile);
u_char cookie[16];
size_t cookie_len = sizeof(cookie);
#ifndef X_UNIX_PATH
#define X_UNIX_PATH "/tmp/.X11-unix/X"
#endif
#ifndef X_PIPE_PATH
#define X_PIPE_PATH "/tmp/.X11-pipe/X"
#endif
/*
* Allocate a unix domain socket in `s' for display `dpy' and with
* filename `pattern'
*
* 0 if all is OK
* -1 if bind failed badly
* 1 if dpy is already used */
static int
try_socket (struct x_socket *s, int dpy, const char *pattern)
{
struct sockaddr_un addr;
int fd;
fd = socket (AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
err (1, "socket AF_UNIX");
memset (&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
snprintf (addr.sun_path, sizeof(addr.sun_path), pattern, dpy);
if(bind(fd,
(struct sockaddr *)&addr,
sizeof(addr)) < 0) {
close (fd);
if (errno == EADDRINUSE ||
errno == EACCES /* Cray return EACCESS */
#ifdef ENOTUNIQ
|| errno == ENOTUNIQ /* bug in Solaris 2.4 */
#endif
)
return 1;
else
return -1;
}
s->fd = fd;
s->pathname = strdup (addr.sun_path);
if (s->pathname == NULL)
errx (1, "strdup: out of memory");
s->flags = UNIX_SOCKET;
return 0;
}
#ifdef MAY_HAVE_X11_PIPES
/*
* Allocate a stream (masqueraded as a named pipe)
*
* 0 if all is OK
* -1 if bind failed badly
* 1 if dpy is already used
*/
static int
try_pipe (struct x_socket *s, int dpy, const char *pattern)
{
char path[MAXPATHLEN];
int ret;
int fd;
int pipefd[2];
snprintf (path, sizeof(path), pattern, dpy);
fd = open (path, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0) {
if (errno == EEXIST)
return 1;
else
return -1;
}
close (fd);
ret = pipe (pipefd);
if (ret < 0)
err (1, "pipe");
ret = ioctl (pipefd[1], I_PUSH, "connld");
if (ret < 0) {
if(errno == ENOSYS)
return -1;
err (1, "ioctl I_PUSH");
}
ret = fattach (pipefd[1], path);
if (ret < 0)
err (1, "fattach %s", path);
s->fd = pipefd[0];
close (pipefd[1]);
s->pathname = strdup (path);
if (s->pathname == NULL)
errx (1, "strdup: out of memory");
s->flags = STREAM_PIPE;
return 0;
}
#endif /* MAY_HAVE_X11_PIPES */
/*
* Try to create a TCP socket in `s' corresponding to display `dpy'.
*
* 0 if all is OK
* -1 if bind failed badly
* 1 if dpy is already used
*/
static int
try_tcp (struct x_socket *s, int dpy)
{
struct sockaddr_in tcpaddr;
struct in_addr local;
int one = 1;
int fd;
memset(&local, 0, sizeof(local));
local.s_addr = htonl(INADDR_LOOPBACK);
fd = socket (AF_INET, SOCK_STREAM, 0);
if (fd < 0)
err (1, "socket AF_INET");
#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
sizeof(one));
#endif
memset (&tcpaddr, 0, sizeof(tcpaddr));
tcpaddr.sin_family = AF_INET;
tcpaddr.sin_addr = local;
tcpaddr.sin_port = htons(6000 + dpy);
if (bind (fd, (struct sockaddr *)&tcpaddr,
sizeof(tcpaddr)) < 0) {
close (fd);
if (errno == EADDRINUSE)
return 1;
else
return -1;
}
s->fd = fd;
s->pathname = NULL;
s->flags = TCP;
return 0;
}
/*
* The potential places to create unix sockets.
*/
static char *x_sockets[] = {
X_UNIX_PATH "%u",
"/var/X/.X11-unix/X" "%u",
"/usr/spool/sockets/X11/" "%u",
NULL
};
/*
* Dito for stream pipes.
*/
#ifdef MAY_HAVE_X11_PIPES
static char *x_pipes[] = {
X_PIPE_PATH "%u",
"/var/X/.X11-pipe/X" "%u",
NULL
};
#endif
/*
* Create the directory corresponding to dirname of `path' or fail.
*/
static void
try_mkdir (const char *path)
{
char *dir;
char *p;
int oldmask;
if((dir = strdup (path)) == NULL)
errx (1, "strdup: out of memory");
p = strrchr (dir, '/');
if (p)
*p = '\0';
oldmask = umask(0);
mkdir (dir, 01777);
umask (oldmask);
free (dir);
}
/*
* Allocate a display, returning the number of sockets in `number' and
* all the corresponding sockets in `sockets'. If `tcp_socket' is
* true, also allcoaet a TCP socket.
*
* The return value is the display allocated or -1 if an error occurred.
*/
int
get_xsockets (int *number, struct x_socket **sockets, int tcp_socket)
{
int dpy;
struct x_socket *s;
int n;
int i;
s = malloc (sizeof(*s) * 5);
if (s == NULL)
errx (1, "malloc: out of memory");
try_mkdir (X_UNIX_PATH);
try_mkdir (X_PIPE_PATH);
for(dpy = 4; dpy < 256; ++dpy) {
char **path;
int tmp = 0;
n = 0;
for (path = x_sockets; *path; ++path) {
tmp = try_socket (&s[n], dpy, *path);
if (tmp == -1) {
if (errno != ENOTDIR && errno != ENOENT)
return -1;
} else if (tmp == 1) {
while(--n >= 0) {
close (s[n].fd);
free (s[n].pathname);
}
break;
} else if (tmp == 0)
++n;
}
if (tmp == 1)
continue;
#ifdef MAY_HAVE_X11_PIPES
for (path = x_pipes; *path; ++path) {
tmp = try_pipe (&s[n], dpy, *path);
if (tmp == -1) {
if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS)
return -1;
} else if (tmp == 1) {
while (--n >= 0) {
close (s[n].fd);
free (s[n].pathname);
}
break;
} else if (tmp == 0)
++n;
}
if (tmp == 1)
continue;
#endif
if (tcp_socket) {
tmp = try_tcp (&s[n], dpy);
if (tmp == -1)
return -1;
else if (tmp == 1) {
while (--n >= 0) {
close (s[n].fd);
free (s[n].pathname);
}
break;
} else if (tmp == 0)
++n;
}
break;
}
if (dpy == 256)
errx (1, "no free x-servers");
for (i = 0; i < n; ++i)
if (s[i].flags & LISTENP
&& listen (s[i].fd, SOMAXCONN) < 0)
err (1, "listen %s", s[i].pathname ? s[i].pathname : "tcp");
*number = n;
*sockets = s;
return dpy;
}
/*
* Change owner on the `n' sockets in `sockets' to `uid', `gid'.
* Return 0 is succesful or -1 if an error occurred.
*/
int
chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid)
{
int i;
for (i = 0; i < n; ++i)
if (sockets[i].pathname != NULL)
if (chown (sockets[i].pathname, uid, gid) < 0)
return -1;
return 0;
}
/*
* Connect to local display `dnr' with local transport.
* Return a file descriptor.
*/
int
connect_local_xsocket (unsigned dnr)
{
int fd;
struct sockaddr_un addr;
char **path;
for (path = x_sockets; *path; ++path) {
fd = socket (AF_UNIX, SOCK_STREAM, 0);
if (fd < 0)
err (1, "socket AF_UNIX");
memset (&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
snprintf (addr.sun_path, sizeof(addr.sun_path), *path, dnr);
if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) == 0)
return fd;
}
err (1, "connecting to local display %u", dnr);
}
/*
* Create a cookie file with a random cookie for the localhost. The
* file name will be stored in `xauthfile' (but not larger than
* `xauthfile_size'), and the cookie returned in `cookie', `cookie_sz'.
* Return 0 if succesful, or errno.
*/
int
create_and_write_cookie (char *xauthfile,
size_t xauthfile_size,
u_char *cookie,
size_t cookie_sz)
{
Xauth auth;
char tmp[64];
int fd;
FILE *f;
char hostname[MaxHostNameLen];
struct in_addr loopback;
int saved_errno;
gethostname (hostname, sizeof(hostname));
loopback.s_addr = htonl(INADDR_LOOPBACK);
auth.family = FamilyLocal;
auth.address = hostname;
auth.address_length = strlen(auth.address);
snprintf (tmp, sizeof(tmp), "%d", display_num);
auth.number_length = strlen(tmp);
auth.number = tmp;
auth.name = COOKIE_TYPE;
auth.name_length = strlen(auth.name);
auth.data_length = cookie_sz;
auth.data = (char*)cookie;
#ifdef HAVE_OPENSSL_DES_H
krb5_generate_random_block (cookie, cookie_sz);
#else
des_rand_data (cookie, cookie_sz);
#endif
strlcpy(xauthfile, "/tmp/AXXXXXX", xauthfile_size);
fd = mkstemp(xauthfile);
if(fd < 0) {
saved_errno = errno;
syslog(LOG_ERR, "create_and_write_cookie: mkstemp: %m");
return saved_errno;
}
f = fdopen(fd, "r+");
if(f == NULL){
saved_errno = errno;
close(fd);
return errno;
}
if(XauWriteAuth(f, &auth) == 0) {
saved_errno = errno;
fclose(f);
return saved_errno;
}
/*
* I would like to write a cookie for localhost:n here, but some
* stupid code in libX11 will not look for cookies of that type,
* so we are forced to use FamilyWild instead.
*/
auth.family = FamilyWild;
auth.address_length = 0;
#if 0 /* XXX */
auth.address = (char *)&loopback;
auth.address_length = sizeof(loopback);
#endif
if (XauWriteAuth(f, &auth) == 0) {
saved_errno = errno;
fclose (f);
return saved_errno;
}
if(fclose(f))
return errno;
return 0;
}
/*
* Verify and remove cookies. Read and parse a X-connection from
* `fd'. Check the cookie used is the same as in `cookie'. Remove the
* cookie and copy the rest of it to `sock'.
* Expect cookies iff cookiesp.
* Return 0 iff ok.
*
* The protocol is as follows:
*
* C->S: [Bl] 1
* unused 1
* protocol major version 2
* protocol minor version 2
* length of auth protocol name(n) 2
* length of auth protocol data 2
* unused 2
* authorization protocol name n
* pad pad(n)
* authorization protocol data d
* pad pad(d)
*
* S->C: Failed
* 0 1
* length of reason 1
* protocol major version 2
* protocol minor version 2
* length in 4 bytes unit of
* additional data (n+p)/4 2
* reason n
* unused p = pad(n)
*/
int
verify_and_remove_cookies (int fd, int sock, int cookiesp)
{
u_char beg[12];
int bigendianp;
unsigned n, d, npad, dpad;
char *protocol_name, *protocol_data;
u_char zeros[6] = {0, 0, 0, 0, 0, 0};
u_char refused[20] = {0, 10,
0, 0, /* protocol major version */
0, 0, /* protocol minor version */
0, 0, /* length of additional data / 4 */
'b', 'a', 'd', ' ', 'c', 'o', 'o', 'k', 'i', 'e',
0, 0};
if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
return 1;
if (net_write (sock, beg, 6) != 6)
return 1;
bigendianp = beg[0] == 'B';
if (bigendianp) {
n = (beg[6] << 8) | beg[7];
d = (beg[8] << 8) | beg[9];
} else {
n = (beg[7] << 8) | beg[6];
d = (beg[9] << 8) | beg[8];
}
npad = (4 - (n % 4)) % 4;
dpad = (4 - (d % 4)) % 4;
protocol_name = malloc(n + npad);
if (n + npad != 0 && protocol_name == NULL)
return 1;
protocol_data = malloc(d + dpad);
if (d + dpad != 0 && protocol_data == NULL) {
free (protocol_name);
return 1;
}
if (net_read (fd, protocol_name, n + npad) != n + npad)
goto fail;
if (net_read (fd, protocol_data, d + dpad) != d + dpad)
goto fail;
if (cookiesp) {
if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0)
goto refused;
if (d != cookie_len ||
memcmp (protocol_data, cookie, cookie_len) != 0)
goto refused;
}
free (protocol_name);
free (protocol_data);
if (net_write (sock, zeros, 6) != 6)
return 1;
return 0;
refused:
refused[2] = beg[2];
refused[3] = beg[3];
refused[4] = beg[4];
refused[5] = beg[5];
if (bigendianp)
refused[7] = 3;
else
refused[6] = 3;
net_write (fd, refused, sizeof(refused));
fail:
free (protocol_name);
free (protocol_data);
return 1;
}
/*
* Return 0 iff `cookie' is compatible with the cookie for the
* localhost with name given in `ai' (or `hostname') and display
* number in `disp_nr'.
*/
static int
match_local_auth (Xauth* auth,
struct addrinfo *ai, const char *hostname, int disp_nr)
{
int auth_disp;
char *tmp_disp;
struct addrinfo *a;
tmp_disp = strndup (auth->number, auth->number_length);
if (tmp_disp == NULL)
return -1;
auth_disp = atoi(tmp_disp);
free (tmp_disp);
if (auth_disp != disp_nr)
return 1;
for (a = ai; a != NULL; a = a->ai_next) {
if ((auth->family == FamilyLocal
|| auth->family == FamilyWild)
&& a->ai_canonname != NULL
&& strncmp (auth->address,
a->ai_canonname,
auth->address_length) == 0)
return 0;
}
if (hostname != NULL
&& (auth->family == FamilyLocal
|| auth->family == FamilyWild)
&& strncmp (auth->address, hostname, auth->address_length) == 0)
return 0;
return 1;
}
/*
* Find `our' cookie from the cookie file `f' and return it or NULL.
*/
static Xauth*
find_auth_cookie (FILE *f)
{
Xauth *ret = NULL;
char local_hostname[MaxHostNameLen];
char *display = getenv("DISPLAY");
char d[MaxHostNameLen + 4];
char *colon;
struct addrinfo *ai;
struct addrinfo hints;
int disp;
int error;
if(display == NULL)
display = ":0";
strlcpy(d, display, sizeof(d));
display = d;
colon = strchr (display, ':');
if (colon == NULL)
disp = 0;
else {
*colon = '\0';
disp = atoi (colon + 1);
}
if (strcmp (display, "") == 0
|| strncmp (display, "unix", 4) == 0
|| strncmp (display, "localhost", 9) == 0) {
gethostname (local_hostname, sizeof(local_hostname));
display = local_hostname;
}
memset (&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
error = getaddrinfo (display, NULL, &hints, &ai);
if (error)
ai = NULL;
for (; (ret = XauReadAuth (f)) != NULL; XauDisposeAuth(ret)) {
if (match_local_auth (ret, ai, display, disp) == 0) {
if (ai != NULL)
freeaddrinfo (ai);
return ret;
}
}
if (ai != NULL)
freeaddrinfo (ai);
return NULL;
}
/*
* Get rid of the cookie that we were sent and get the correct one
* from our own cookie file instead.
*/
int
replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */
{
u_char beg[12];
int bigendianp;
unsigned n, d, npad, dpad;
FILE *f;
u_char zeros[6] = {0, 0, 0, 0, 0, 0};
if (net_read (fd, beg, sizeof(beg)) != sizeof(beg))
return 1;
if (net_write (xserver, beg, 6) != 6)
return 1;
bigendianp = beg[0] == 'B';
if (bigendianp) {
n = (beg[6] << 8) | beg[7];
d = (beg[8] << 8) | beg[9];
} else {
n = (beg[7] << 8) | beg[6];
d = (beg[9] << 8) | beg[8];
}
if (n != 0 || d != 0)
return 1;
f = fopen(filename, "r");
if (f != NULL) {
Xauth *auth = find_auth_cookie (f);
u_char len[6] = {0, 0, 0, 0, 0, 0};
fclose (f);
if (auth != NULL) {
n = auth->name_length;
d = auth->data_length;
} else {
n = 0;
d = 0;
}
if (bigendianp) {
len[0] = n >> 8;
len[1] = n & 0xFF;
len[2] = d >> 8;
len[3] = d & 0xFF;
} else {
len[0] = n & 0xFF;
len[1] = n >> 8;
len[2] = d & 0xFF;
len[3] = d >> 8;
}
if (net_write (xserver, len, 6) != 6) {
XauDisposeAuth(auth);
return 1;
}
if(n != 0 && net_write (xserver, auth->name, n) != n) {
XauDisposeAuth(auth);
return 1;
}
npad = (4 - (n % 4)) % 4;
if (npad && net_write (xserver, zeros, npad) != npad) {
XauDisposeAuth(auth);
return 1;
}
if (d != 0 && net_write (xserver, auth->data, d) != d) {
XauDisposeAuth(auth);
return 1;
}
XauDisposeAuth(auth);
dpad = (4 - (d % 4)) % 4;
if (dpad && net_write (xserver, zeros, dpad) != dpad)
return 1;
} else {
if(net_write(xserver, zeros, 6) != 6)
return 1;
}
return 0;
}
/*
* Some simple controls on the address and corresponding socket
*/
int
suspicious_address (int sock, struct sockaddr_in addr)
{
char data[40];
socklen_t len = sizeof(data);
return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
|| getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0
|| len != 0
#endif
;
}
/*
* This really sucks, but these functions are used and if we're not
* linking against libkrb they don't exist. Using the heimdal storage
* functions will not work either cause we do not always link with
* libkrb5 either.
*/
#ifndef KRB4
int
krb_get_int(void *f, u_int32_t *to, int size, int lsb)
{
int i;
unsigned char *from = (unsigned char *)f;
*to = 0;
if(lsb){
for(i = size-1; i >= 0; i--)
*to = (*to << 8) | from[i];
}else{
for(i = 0; i < size; i++)
*to = (*to << 8) | from[i];
}
return size;
}
int
krb_put_int(u_int32_t from, void *to, size_t rem, int size)
{
int i;
unsigned char *p = (unsigned char *)to;
if (rem < size)
return -1;
for(i = size - 1; i >= 0; i--){
p[i] = from & 0xff;
from >>= 8;
}
return size;
}
#endif /* !KRB4 */

92
crypto/heimdal/appl/kx/context.c Normal file
View file

@ -0,0 +1,92 @@
/*
* Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: context.c,v 1.4 1999/12/02 16:58:32 joda Exp $");
/*
* Set the common part of the context `kc'
*/
void
context_set (kx_context *kc, const char *host, const char *user, int port,
int debug_flag, int keepalive_flag, int tcp_flag)
{
kc->host = host;
kc->user = user;
kc->port = port;
kc->debug_flag = debug_flag;
kc->keepalive_flag = keepalive_flag;
kc->tcp_flag = tcp_flag;
}
/*
* dispatch functions
*/
void
context_destroy (kx_context *kc)
{
(*kc->destroy)(kc);
}
int
context_authenticate (kx_context *kc, int s)
{
return (*kc->authenticate)(kc, s);
}
int
context_userok (kx_context *kc, char *user)
{
return (*kc->userok)(kc, user);
}
ssize_t
kx_read (kx_context *kc, int fd, void *buf, size_t len)
{
return (*kc->read)(kc, fd, buf, len);
}
ssize_t
kx_write (kx_context *kc, int fd, const void *buf, size_t len)
{
return (*kc->write)(kc, fd, buf, len);
}
int
copy_encrypted (kx_context *kc, int fd1, int fd2)
{
return (*kc->copy_encrypted)(kc, fd1, fd2);
}

361
crypto/heimdal/appl/kx/krb4.c Normal file
View file

@ -0,0 +1,361 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: krb4.c,v 1.8 2000/10/08 13:19:22 assar Exp $");
#ifdef KRB4
struct krb4_kx_context {
des_cblock key;
des_key_schedule schedule;
AUTH_DAT auth;
};
typedef struct krb4_kx_context krb4_kx_context;
/*
* Destroy the krb4 context in `c'.
*/
static void
krb4_destroy (kx_context *c)
{
memset (c->data, 0, sizeof(krb4_kx_context));
free (c->data);
}
/*
* Read the authentication information from `s' and return 0 if
* succesful, else -1.
*/
static int
krb4_authenticate (kx_context *kc, int s)
{
CREDENTIALS cred;
KTEXT_ST text;
MSG_DAT msg;
int status;
krb4_kx_context *c = (krb4_kx_context *)kc->data;
const char *host = kc->host;
#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
if (krb_get_config_bool("nat_in_use")) {
struct in_addr natAddr;
if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host),
&natAddr) == KSUCCESS
|| krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
kc->thisaddr.sin_addr = natAddr;
}
#endif
status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
(char *)host, krb_realmofhost (host),
getpid(), &msg, &cred, c->schedule,
&kc->thisaddr, &kc->thataddr, KX_VERSION);
if (status != KSUCCESS) {
warnx ("%s: %s\n", host, krb_get_err_text(status));
return -1;
}
memcpy (c->key, cred.session, sizeof(des_cblock));
return 0;
}
/*
* Read a krb4 priv packet from `fd' into `buf' (of size `len').
* Return the number of bytes read or 0 on EOF or -1 on error.
*/
static ssize_t
krb4_read (kx_context *kc,
int fd, void *buf, size_t len)
{
unsigned char tmp[4];
ssize_t ret;
size_t l;
int status;
krb4_kx_context *c = (krb4_kx_context *)kc->data;
MSG_DAT msg;
ret = krb_net_read (fd, tmp, 4);
if (ret == 0)
return ret;
if (ret != 4)
return -1;
l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
if (l > len)
return -1;
if (krb_net_read (fd, buf, l) != l)
return -1;
status = krb_rd_priv (buf, l, c->schedule, &c->key,
&kc->thataddr, &kc->thisaddr, &msg);
if (status != RD_AP_OK) {
warnx ("krb4_read: %s", krb_get_err_text(status));
return -1;
}
memmove (buf, msg.app_data, msg.app_length);
return msg.app_length;
}
/*
* Write a krb4 priv packet on `fd' with the data in `buf, len'.
* Return len or -1 on error
*/
static ssize_t
krb4_write(kx_context *kc,
int fd, const void *buf, size_t len)
{
void *outbuf;
krb4_kx_context *c = (krb4_kx_context *)kc->data;
int outlen;
unsigned char tmp[4];
outbuf = malloc (len + 30);
if (outbuf == NULL)
return -1;
outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key,
&kc->thisaddr, &kc->thataddr);
if (outlen < 0) {
free (outbuf);
return -1;
}
tmp[0] = (outlen >> 24) & 0xFF;
tmp[1] = (outlen >> 16) & 0xFF;
tmp[2] = (outlen >> 8) & 0xFF;
tmp[3] = (outlen >> 0) & 0xFF;
if (krb_net_write (fd, tmp, 4) != 4 ||
krb_net_write (fd, outbuf, outlen) != outlen) {
free (outbuf);
return -1;
}
free (outbuf);
return len;
}
/*
* Copy data from `fd1' to `fd2', {en,de}crypting with cfb64
* with `mode' and state stored in `iv', `schedule', and `num'.
* Return -1 if error, 0 if eof, else 1
*/
static int
do_enccopy (int fd1, int fd2, int mode, des_cblock *iv,
des_key_schedule schedule, int *num)
{
int ret;
u_char buf[BUFSIZ];
ret = read (fd1, buf, sizeof(buf));
if (ret == 0)
return 0;
if (ret < 0) {
warn ("read");
return ret;
}
#ifndef NOENCRYPTION
des_cfb64_encrypt (buf, buf, ret, schedule, iv,
num, mode);
#endif
ret = krb_net_write (fd2, buf, ret);
if (ret < 0) {
warn ("write");
return ret;
}
return 1;
}
/*
* Copy data between fd1 and fd2, encrypting one way and decrypting
* the other.
*/
static int
krb4_copy_encrypted (kx_context *kc,
int fd1, int fd2)
{
krb4_kx_context *c = (krb4_kx_context *)kc->data;
des_cblock iv1, iv2;
int num1 = 0, num2 = 0;
memcpy (iv1, c->key, sizeof(iv1));
memcpy (iv2, c->key, sizeof(iv2));
for (;;) {
fd_set fdset;
int ret;
if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
warnx ("fd too large");
return 1;
}
FD_ZERO(&fdset);
FD_SET(fd1, &fdset);
FD_SET(fd2, &fdset);
ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR) {
warn ("select");
return 1;
}
if (FD_ISSET(fd1, &fdset)) {
ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1);
if (ret <= 0)
return ret;
}
if (FD_ISSET(fd2, &fdset)) {
ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2);
if (ret <= 0)
return ret;
}
}
}
/*
* Return 0 if the user authenticated on `kc' is allowed to login as
* `user'.
*/
static int
krb4_userok (kx_context *kc, char *user)
{
krb4_kx_context *c = (krb4_kx_context *)kc->data;
char *tmp;
tmp = krb_unparse_name_long (c->auth.pname,
c->auth.pinst,
c->auth.prealm);
kc->user = strdup (tmp);
if (kc->user == NULL)
err (1, "malloc");
return kuserok (&c->auth, user);
}
/*
* Create an instance of an krb4 context.
*/
void
krb4_make_context (kx_context *kc)
{
kc->authenticate = krb4_authenticate;
kc->userok = krb4_userok;
kc->read = krb4_read;
kc->write = krb4_write;
kc->copy_encrypted = krb4_copy_encrypted;
kc->destroy = krb4_destroy;
kc->user = NULL;
kc->data = malloc(sizeof(krb4_kx_context));
if (kc->data == NULL)
err (1, "malloc");
}
/*
* Receive authentication information on `sock' (first four bytes
* in `buf').
*/
int
recv_v4_auth (kx_context *kc, int sock, u_char *buf)
{
int status;
KTEXT_ST ticket;
char instance[INST_SZ + 1];
char version[KRB_SENDAUTH_VLEN + 1];
krb4_kx_context *c;
AUTH_DAT auth;
des_key_schedule schedule;
if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
return -1;
if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
KRB_SENDAUTH_VLEN - 4) {
syslog (LOG_ERR, "read: %m");
exit (1);
}
if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) {
syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf);
exit (1);
}
k_getsockinst (sock, instance, sizeof(instance));
status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL,
sock,
&ticket,
"rcmd",
instance,
&kc->thataddr,
&kc->thisaddr,
&auth,
"",
schedule,
version);
if (status != KSUCCESS) {
syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status));
exit (1);
}
if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) {
/* Try to be nice to old kx's */
if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) {
char *old_errmsg = "\001Old version of kx. Please upgrade.";
char user[64];
syslog (LOG_ERR, "Old version client (%s)", version);
krb_net_read (sock, user, sizeof(user));
krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1);
exit (1);
} else {
syslog (LOG_ERR, "bad version: %s", version);
exit (1);
}
}
krb4_make_context (kc);
c = (krb4_kx_context *)kc->data;
c->auth = auth;
memcpy (c->key, &auth.session, sizeof(des_cblock));
memcpy (c->schedule, schedule, sizeof(schedule));
return 0;
}
#endif /* KRB4 */

421
crypto/heimdal/appl/kx/krb5.c Normal file
View file

@ -0,0 +1,421 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: krb5.c,v 1.7 2000/12/31 07:32:03 assar Exp $");
#ifdef KRB5
struct krb5_kx_context {
krb5_context context;
krb5_keyblock *keyblock;
krb5_crypto crypto;
krb5_principal client;
};
typedef struct krb5_kx_context krb5_kx_context;
/*
* Destroy the krb5 context in `c'.
*/
static void
krb5_destroy (kx_context *c)
{
krb5_kx_context *kc = (krb5_kx_context *)c->data;
if (kc->keyblock)
krb5_free_keyblock (kc->context, kc->keyblock);
if (kc->crypto)
krb5_crypto_destroy (kc->context, kc->crypto);
if (kc->client)
krb5_free_principal (kc->context, kc->client);
if (kc->context)
krb5_free_context (kc->context);
free (kc);
}
/*
* Read the authentication information from `s' and return 0 if
* succesful, else -1.
*/
static int
krb5_authenticate (kx_context *kc, int s)
{
krb5_kx_context *c = (krb5_kx_context *)kc->data;
krb5_context context = c->context;
krb5_auth_context auth_context = NULL;
krb5_error_code ret;
krb5_principal server;
const char *host = kc->host;
ret = krb5_sname_to_principal (context,
host, "host", KRB5_NT_SRV_HST, &server);
if (ret) {
warnx ("krb5_sname_to_principal: %s: %s", host,
krb5_get_err_text(context, ret));
return 1;
}
ret = krb5_sendauth (context,
&auth_context,
&s,
KX_VERSION,
NULL,
server,
AP_OPTS_MUTUAL_REQUIRED,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL);
if (ret) {
warnx ("krb5_sendauth: %s: %s", host,
krb5_get_err_text(context, ret));
return 1;
}
ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
if (ret) {
warnx ("krb5_auth_con_getkey: %s: %s", host,
krb5_get_err_text(context, ret));
krb5_auth_con_free (context, auth_context);
return 1;
}
ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
if (ret) {
warnx ("krb5_crypto_init: %s", krb5_get_err_text (context, ret));
krb5_auth_con_free (context, auth_context);
return 1;
}
return 0;
}
/*
* Read an encapsulated krb5 packet from `fd' into `buf' (of size
* `len'). Return the number of bytes read or 0 on EOF or -1 on
* error.
*/
static ssize_t
krb5_read (kx_context *kc,
int fd, void *buf, size_t len)
{
krb5_kx_context *c = (krb5_kx_context *)kc->data;
krb5_context context = c->context;
size_t data_len, outer_len;
krb5_error_code ret;
unsigned char tmp[4];
krb5_data data;
int l;
l = krb5_net_read (context, &fd, tmp, 4);
if (l == 0)
return l;
if (l != 4)
return -1;
data_len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
outer_len = krb5_get_wrapped_length (context, c->crypto, data_len);
if (outer_len > len)
return -1;
if (krb5_net_read (context, &fd, buf, outer_len) != outer_len)
return -1;
ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
buf, outer_len, &data);
if (ret) {
warnx ("krb5_decrypt: %s", krb5_get_err_text(context, ret));
return -1;
}
if (data_len > data.length) {
krb5_data_free (&data);
return -1;
}
memmove (buf, data.data, data_len);
krb5_data_free (&data);
return data_len;
}
/*
* Write an encapsulated krb5 packet on `fd' with the data in `buf,
* len'. Return len or -1 on error.
*/
static ssize_t
krb5_write(kx_context *kc,
int fd, const void *buf, size_t len)
{
krb5_kx_context *c = (krb5_kx_context *)kc->data;
krb5_context context = c->context;
krb5_data data;
krb5_error_code ret;
unsigned char tmp[4];
size_t outlen;
ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED,
(void *)buf, len, &data);
if (ret){
warnx ("krb5_write: %s", krb5_get_err_text (context, ret));
return -1;
}
outlen = data.length;
tmp[0] = (len >> 24) & 0xFF;
tmp[1] = (len >> 16) & 0xFF;
tmp[2] = (len >> 8) & 0xFF;
tmp[3] = (len >> 0) & 0xFF;
if (krb5_net_write (context, &fd, tmp, 4) != 4 ||
krb5_net_write (context, &fd, data.data, outlen) != outlen) {
krb5_data_free (&data);
return -1;
}
krb5_data_free (&data);
return len;
}
/*
* Copy from the unix socket `from_fd' encrypting to `to_fd'.
* Return 0, -1 or len.
*/
static int
copy_out (kx_context *kc, int from_fd, int to_fd)
{
char buf[32768];
ssize_t len;
len = read (from_fd, buf, sizeof(buf));
if (len == 0)
return 0;
if (len < 0) {
warn ("read");
return len;
}
return krb5_write (kc, to_fd, buf, len);
}
/*
* Copy from the socket `from_fd' decrypting to `to_fd'.
* Return 0, -1 or len.
*/
static int
copy_in (kx_context *kc, int from_fd, int to_fd)
{
krb5_kx_context *c = (krb5_kx_context *)kc->data;
char buf[33000]; /* XXX */
ssize_t len;
len = krb5_read (kc, from_fd, buf, sizeof(buf));
if (len == 0)
return 0;
if (len < 0) {
warn ("krb5_read");
return len;
}
return krb5_net_write (c->context, &to_fd, buf, len);
}
/*
* Copy data between `fd1' and `fd2', encrypting in one direction and
* decrypting in the other.
*/
static int
krb5_copy_encrypted (kx_context *kc, int fd1, int fd2)
{
for (;;) {
fd_set fdset;
int ret;
if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) {
warnx ("fd too large");
return 1;
}
FD_ZERO(&fdset);
FD_SET(fd1, &fdset);
FD_SET(fd2, &fdset);
ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR) {
warn ("select");
return 1;
}
if (FD_ISSET(fd1, &fdset)) {
ret = copy_out (kc, fd1, fd2);
if (ret <= 0)
return ret;
}
if (FD_ISSET(fd2, &fdset)) {
ret = copy_in (kc, fd2, fd1);
if (ret <= 0)
return ret;
}
}
}
/*
* Return 0 if the user authenticated on `kc' is allowed to login as
* `user'.
*/
static int
krb5_userok (kx_context *kc, char *user)
{
krb5_kx_context *c = (krb5_kx_context *)kc->data;
krb5_context context = c->context;
krb5_error_code ret;
char *tmp;
ret = krb5_unparse_name (context, c->client, &tmp);
if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name");
kc->user = tmp;
return !krb5_kuserok (context, c->client, user);
}
/*
* Create an instance of an krb5 context.
*/
void
krb5_make_context (kx_context *kc)
{
krb5_kx_context *c;
krb5_error_code ret;
kc->authenticate = krb5_authenticate;
kc->userok = krb5_userok;
kc->read = krb5_read;
kc->write = krb5_write;
kc->copy_encrypted = krb5_copy_encrypted;
kc->destroy = krb5_destroy;
kc->user = NULL;
kc->data = malloc(sizeof(krb5_kx_context));
if (kc->data == NULL)
err (1, "malloc");
memset (kc->data, 0, sizeof(krb5_kx_context));
c = (krb5_kx_context *)kc->data;
ret = krb5_init_context (&c->context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
}
/*
* Receive authentication information on `sock' (first four bytes
* in `buf').
*/
int
recv_v5_auth (kx_context *kc, int sock, u_char *buf)
{
u_int32_t len;
krb5_error_code ret;
krb5_kx_context *c;
krb5_context context;
krb5_principal server;
krb5_auth_context auth_context = NULL;
krb5_ticket *ticket;
if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0)
return 1;
len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]);
if (net_read(sock, buf, len) != len) {
syslog (LOG_ERR, "read: %m");
exit (1);
}
if (len != sizeof(KRB5_SENDAUTH_VERSION)
|| memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) {
syslog (LOG_ERR, "bad sendauth version: %.8s", buf);
exit (1);
}
krb5_make_context (kc);
c = (krb5_kx_context *)kc->data;
context = c->context;
ret = krb5_sock_to_principal (context, sock, "host",
KRB5_NT_SRV_HST, &server);
if (ret) {
syslog (LOG_ERR, "krb5_sock_to_principal: %s",
krb5_get_err_text (context, ret));
exit (1);
}
ret = krb5_recvauth (context,
&auth_context,
&sock,
KX_VERSION,
server,
KRB5_RECVAUTH_IGNORE_VERSION,
NULL,
&ticket);
krb5_free_principal (context, server);
if (ret) {
syslog (LOG_ERR, "krb5_sock_to_principal: %s",
krb5_get_err_text (context, ret));
exit (1);
}
ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock);
if (ret) {
syslog (LOG_ERR, "krb5_auth_con_getkey: %s",
krb5_get_err_text (context, ret));
exit (1);
}
ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto);
if (ret) {
syslog (LOG_ERR, "krb5_crypto_init: %s",
krb5_get_err_text (context, ret));
exit (1);
}
c->client = ticket->client;
ticket->client = NULL;
krb5_free_ticket (context, ticket);
return 0;
}
#endif /* KRB5 */

62
crypto/heimdal/appl/kx/kx.1 Normal file
View file

@ -0,0 +1,62 @@
.\" $Id: kx.1,v 1.7 1997/09/01 15:59:07 assar Exp $
.\"
.Dd September 27, 1996
.Dt KX 1
.Os KTH-KRB
.Sh NAME
.Nm kx
.Nd
securely forward X conections
.Sh SYNOPSIS
.Ar kx
.Op Fl l Ar username
.Op Fl k
.Op Fl d
.Op Fl t
.Op Fl p Ar port
.Op Fl P
.Ar host
.Sh DESCRIPTION
The
.Nm
program forwards a X connection from a remote client to a local screen
through an authenticated and encrypted stream. Options supported by
.Nm kx :
.Bl -tag -width Ds
.It Fl l
Log in on remote the host as user
.Ar username .
.It Fl k
Do not enable keep-alives on the TCP connections.
.It Fl d
Do not fork. This is mainly useful for debugging.
.It Fl t
Listen not only on a UNIX-domain socket but on a TCP socket as well.
.It Fl p
Use the port
.Ar port .
.It Fl P
Force passive mode.
.El
.Pp
This program is used by
.Nm rxtelnet
and
.Nm rxterm
and you should not need to run it directly.
.Pp
It connects to a
.Nm kxd
on the host
.Ar host
and then will relay the traffic from the remote X clients to the local
server. When started, it prints the display and Xauthority-file to be
used on host
.Ar host
and then goes to the background, waiting for connections from the
remote
.Nm kxd.
.Sh SEE ALSO
.Xr rxtelnet 1 ,
.Xr rxterm 1 ,
.Xr kxd 8

765
crypto/heimdal/appl/kx/kx.c Normal file
View file

@ -0,0 +1,765 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $");
static int nchild;
static int donep;
/*
* Signal handler that justs waits for the children when they die.
*/
static RETSIGTYPE
childhandler (int sig)
{
pid_t pid;
int status;
do {
pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
if (pid > 0 && (WIFEXITED(status) || WIFSIGNALED(status)))
if (--nchild == 0 && donep)
exit (0);
} while(pid > 0);
signal (SIGCHLD, childhandler);
SIGRETURN(0);
}
/*
* Handler for SIGUSR1.
* This signal means that we should wait until there are no children
* left and then exit.
*/
static RETSIGTYPE
usr1handler (int sig)
{
donep = 1;
SIGRETURN(0);
}
/*
* Almost the same as for SIGUSR1, except we should exit immediately
* if there are no active children.
*/
static RETSIGTYPE
usr2handler (int sig)
{
donep = 1;
if (nchild == 0)
exit (0);
SIGRETURN(0);
}
/*
* Establish authenticated connection. Return socket or -1.
*/
static int
connect_host (kx_context *kc)
{
struct addrinfo *ai, *a;
struct addrinfo hints;
int error;
char portstr[NI_MAXSERV];
socklen_t addrlen;
int s;
struct sockaddr_storage thisaddr_ss;
struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss;
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port));
error = getaddrinfo (kc->host, portstr, &hints, &ai);
if (error) {
warnx ("%s: %s", kc->host, gai_strerror(error));
return -1;
}
for (a = ai; a != NULL; a = a->ai_next) {
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
if (s < 0)
continue;
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
warn ("connect(%s)", kc->host);
close (s);
continue;
}
break;
}
if (a == NULL) {
freeaddrinfo (ai);
return -1;
}
addrlen = a->ai_addrlen;
if (getsockname (s, thisaddr, &addrlen) < 0 ||
addrlen != a->ai_addrlen)
err(1, "getsockname(%s)", kc->host);
memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr));
memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr));
freeaddrinfo (ai);
if ((*kc->authenticate)(kc, s))
return -1;
return s;
}
/*
* Get rid of the cookie that we were sent and get the correct one
* from our own cookie file instead and then just copy data in both
* directions.
*/
static int
passive_session (int xserver, int fd, kx_context *kc)
{
if (replace_cookie (xserver, fd, XauFileName(), 1))
return 1;
else
return copy_encrypted (kc, xserver, fd);
}
static int
active_session (int xserver, int fd, kx_context *kc)
{
if (verify_and_remove_cookies (xserver, fd, 1))
return 1;
else
return copy_encrypted (kc, xserver, fd);
}
/*
* fork (unless debugp) and print the output that will be used by the
* script to capture the display, xauth cookie and pid.
*/
static void
status_output (int debugp)
{
if(debugp)
printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile);
else {
pid_t pid;
pid = fork();
if (pid < 0) {
err(1, "fork");
} else if (pid > 0) {
printf ("%u\t%s\t%s\n", (unsigned)pid, display, xauthfile);
exit (0);
} else {
fclose(stdout);
}
}
}
/*
* Obtain an authenticated connection on `kc'. Send a kx message
* saying we are `kc->user' and want to use passive mode. Wait for
* answer on that connection and fork of a child for every new
* connection we have to make.
*/
static int
doit_passive (kx_context *kc)
{
int otherside;
u_char msg[1024], *p;
int len;
u_int32_t tmp;
const char *host = kc->host;
otherside = connect_host (kc);
if (otherside < 0)
return 1;
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (kc->keepalive_flag) {
int one = 1;
setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
p = msg;
*p++ = INIT;
len = strlen(kc->user);
p += KRB_PUT_INT (len, p, sizeof(msg) - 1, 4);
memcpy(p, kc->user, len);
p += len;
*p++ = PASSIVE | (kc->keepalive_flag ? KEEP_ALIVE : 0);
if (kx_write (kc, otherside, msg, p - msg) != p - msg)
err (1, "write to %s", host);
len = kx_read (kc, otherside, msg, sizeof(msg));
if (len <= 0)
errx (1,
"error reading initial message from %s: "
"this probably means it's using an old version.",
host);
p = (u_char *)msg;
if (*p == ERROR) {
p++;
p += krb_get_int (p, &tmp, 4, 0);
errx (1, "%s: %.*s", host, (int)tmp, p);
} else if (*p != ACK) {
errx (1, "%s: strange msg %d", host, *p);
} else
p++;
p += krb_get_int (p, &tmp, 4, 0);
memcpy(display, p, tmp);
display[tmp] = '\0';
p += tmp;
p += krb_get_int (p, &tmp, 4, 0);
memcpy(xauthfile, p, tmp);
xauthfile[tmp] = '\0';
p += tmp;
status_output (kc->debug_flag);
for (;;) {
pid_t child;
len = kx_read (kc, otherside, msg, sizeof(msg));
if (len < 0)
err (1, "read from %s", host);
else if (len == 0)
return 0;
p = (u_char *)msg;
if (*p == ERROR) {
p++;
p += krb_get_int (p, &tmp, 4, 0);
errx (1, "%s: %.*s", host, (int)tmp, p);
} else if(*p != NEW_CONN) {
errx (1, "%s: strange msg %d", host, *p);
} else {
p++;
p += krb_get_int (p, &tmp, 4, 0);
}
++nchild;
child = fork ();
if (child < 0) {
warn("fork");
continue;
} else if (child == 0) {
struct sockaddr_in addr;
int fd;
int xserver;
addr = kc->thataddr;
close (otherside);
addr.sin_port = htons(tmp);
fd = socket (AF_INET, SOCK_STREAM, 0);
if (fd < 0)
err(1, "socket");
#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
{
int one = 1;
setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
sizeof(one));
}
#endif
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (kc->keepalive_flag) {
int one = 1;
setsockopt (fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
err(1, "connect(%s)", host);
{
int d = 0;
char *s;
s = getenv ("DISPLAY");
if (s != NULL) {
s = strchr (s, ':');
if (s != NULL)
d = atoi (s + 1);
}
xserver = connect_local_xsocket (d);
if (xserver < 0)
return 1;
}
return passive_session (xserver, fd, kc);
} else {
}
}
}
/*
* Allocate a local pseudo-xserver and wait for connections
*/
static int
doit_active (kx_context *kc)
{
int otherside;
int nsockets;
struct x_socket *sockets;
u_char msg[1024], *p;
int len = strlen(kc->user);
int tmp, tmp2;
char *s;
int i;
size_t rem;
u_int32_t other_port;
int error;
const char *host = kc->host;
otherside = connect_host (kc);
if (otherside < 0)
return 1;
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (kc->keepalive_flag) {
int one = 1;
setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
p = msg;
rem = sizeof(msg);
*p++ = INIT;
--rem;
len = strlen(kc->user);
tmp = KRB_PUT_INT (len, p, rem, 4);
if (tmp < 0)
return 1;
p += tmp;
rem -= tmp;
memcpy(p, kc->user, len);
p += len;
rem -= len;
*p++ = (kc->keepalive_flag ? KEEP_ALIVE : 0);
--rem;
s = getenv("DISPLAY");
if (s == NULL || (s = strchr(s, ':')) == NULL)
s = ":0";
len = strlen (s);
tmp = KRB_PUT_INT (len, p, rem, 4);
if (tmp < 0)
return 1;
rem -= tmp;
p += tmp;
memcpy (p, s, len);
p += len;
rem -= len;
s = getenv("XAUTHORITY");
if (s == NULL)
s = "";
len = strlen (s);
tmp = KRB_PUT_INT (len, p, rem, 4);
if (tmp < 0)
return 1;
p += len;
rem -= len;
memcpy (p, s, len);
p += len;
rem -= len;
if (kx_write (kc, otherside, msg, p - msg) != p - msg)
err (1, "write to %s", host);
len = kx_read (kc, otherside, msg, sizeof(msg));
if (len < 0)
err (1, "read from %s", host);
p = (u_char *)msg;
if (*p == ERROR) {
u_int32_t u32;
p++;
p += krb_get_int (p, &u32, 4, 0);
errx (1, "%s: %.*s", host, (int)u32, p);
} else if (*p != ACK) {
errx (1, "%s: strange msg %d", host, *p);
} else
p++;
tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag);
if (tmp2 < 0)
return 1;
display_num = tmp2;
if (kc->tcp_flag)
snprintf (display, display_size, "localhost:%u", display_num);
else
snprintf (display, display_size, ":%u", display_num);
error = create_and_write_cookie (xauthfile, xauthfile_size,
cookie, cookie_len);
if (error) {
warnx ("failed creating cookie file: %s", strerror(error));
return 1;
}
status_output (kc->debug_flag);
for (;;) {
fd_set fdset;
pid_t child;
int fd, thisfd = -1;
socklen_t zero = 0;
FD_ZERO(&fdset);
for (i = 0; i < nsockets; ++i) {
if (sockets[i].fd >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET(sockets[i].fd, &fdset);
}
if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0)
continue;
for (i = 0; i < nsockets; ++i)
if (FD_ISSET(sockets[i].fd, &fdset)) {
thisfd = sockets[i].fd;
break;
}
fd = accept (thisfd, NULL, &zero);
if (fd < 0) {
if (errno == EINTR)
continue;
else
err(1, "accept");
}
p = msg;
*p++ = NEW_CONN;
if (kx_write (kc, otherside, msg, p - msg) != p - msg)
err (1, "write to %s", host);
len = kx_read (kc, otherside, msg, sizeof(msg));
if (len < 0)
err (1, "read from %s", host);
p = (u_char *)msg;
if (*p == ERROR) {
u_int32_t val;
p++;
p += krb_get_int (p, &val, 4, 0);
errx (1, "%s: %.*s", host, (int)val, p);
} else if (*p != NEW_CONN) {
errx (1, "%s: strange msg %d", host, *p);
} else {
p++;
p += krb_get_int (p, &other_port, 4, 0);
}
++nchild;
child = fork ();
if (child < 0) {
warn("fork");
continue;
} else if (child == 0) {
int s;
struct sockaddr_in addr;
for (i = 0; i < nsockets; ++i)
close (sockets[i].fd);
addr = kc->thataddr;
close (otherside);
addr.sin_port = htons(other_port);
s = socket (AF_INET, SOCK_STREAM, 0);
if (s < 0)
err(1, "socket");
#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
{
int one = 1;
setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
sizeof(one));
}
#endif
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (kc->keepalive_flag) {
int one = 1;
setsockopt (s, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0)
err(1, "connect");
return active_session (fd, s, kc);
} else {
close (fd);
}
}
}
/*
* Should we interpret `disp' as this being a passive call?
*/
static int
check_for_passive (const char *disp)
{
char local_hostname[MaxHostNameLen];
gethostname (local_hostname, sizeof(local_hostname));
return disp != NULL &&
(*disp == ':'
|| strncmp(disp, "unix", 4) == 0
|| strncmp(disp, "localhost", 9) == 0
|| strncmp(disp, local_hostname, strlen(local_hostname)) == 0);
}
/*
* Set up signal handlers and then call the functions.
*/
static int
doit (kx_context *kc, int passive_flag)
{
signal (SIGCHLD, childhandler);
signal (SIGUSR1, usr1handler);
signal (SIGUSR2, usr2handler);
if (passive_flag)
return doit_passive (kc);
else
return doit_active (kc);
}
#ifdef KRB4
/*
* Start a v4-authenticatated kx connection.
*/
static int
doit_v4 (const char *host, int port, const char *user,
int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
{
int ret;
kx_context context;
krb4_make_context (&context);
context_set (&context,
host, user, port, debug_flag, keepalive_flag, tcp_flag);
ret = doit (&context, passive_flag);
context_destroy (&context);
return ret;
}
#endif /* KRB4 */
#ifdef KRB5
/*
* Start a v5-authenticatated kx connection.
*/
static int
doit_v5 (const char *host, int port, const char *user,
int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag)
{
int ret;
kx_context context;
krb5_make_context (&context);
context_set (&context,
host, user, port, debug_flag, keepalive_flag, tcp_flag);
ret = doit (&context, passive_flag);
context_destroy (&context);
return ret;
}
#endif /* KRB5 */
/*
* Variables set from the arguments
*/
#ifdef KRB4
static int use_v4 = -1;
#ifdef HAVE_KRB_ENABLE_DEBUG
static int krb_debug_flag = 0;
#endif /* HAVE_KRB_ENABLE_DEBUG */
#endif /* KRB4 */
#ifdef KRB5
static int use_v5 = -1;
#endif
static char *port_str = NULL;
static const char *user = NULL;
static int tcp_flag = 0;
static int passive_flag = 0;
static int keepalive_flag = 1;
static int debug_flag = 0;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
#ifdef KRB4
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4",
NULL },
#ifdef HAVE_KRB_ENABLE_DEBUG
{ "krb4-debug", 'D', arg_flag, &krb_debug_flag,
"enable krb4 debugging" },
#endif /* HAVE_KRB_ENABLE_DEBUG */
#endif /* KRB4 */
#ifdef KRB5
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5",
NULL },
#endif
{ "port", 'p', arg_string, &port_str, "Use this port",
"number-of-service" },
{ "user", 'l', arg_string, &user, "Run as this user",
NULL },
{ "tcp", 't', arg_flag, &tcp_flag,
"Use a TCP connection for X11" },
{ "passive", 'P', arg_flag, &passive_flag,
"Force a passive connection" },
{ "keepalive", 'k', arg_negative_flag, &keepalive_flag,
"disable keep-alives" },
{ "debug", 'd', arg_flag, &debug_flag,
"Enable debug information" },
{ "version", 0, arg_flag, &version_flag, "Print version",
NULL },
{ "help", 0, arg_flag, &help_flag, NULL,
NULL }
};
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"host");
exit (ret);
}
/*
* kx - forward an x-connection over a kerberos-encrypted channel.
*/
int
main(int argc, char **argv)
{
int port = 0;
int optind = 0;
int ret = 1;
char *host = NULL;
setprogname (argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if (optind != argc - 1)
usage (1);
host = argv[optind];
if (port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (user == NULL) {
user = get_default_username ();
if (user == NULL)
errx (1, "who are you?");
}
if (!passive_flag)
passive_flag = check_for_passive (getenv("DISPLAY"));
#if defined(HAVE_KERNEL_ENABLE_DEBUG)
if (krb_debug_flag)
krb_enable_debug ();
#endif
#if defined(KRB4) && defined(KRB5)
if(use_v4 == -1 && use_v5 == 1)
use_v4 = 0;
if(use_v5 == -1 && use_v4 == 1)
use_v5 = 0;
#endif
#ifdef KRB5
if (ret && use_v5) {
if (port == 0)
port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
ret = doit_v5 (host, port, user,
passive_flag, debug_flag, keepalive_flag, tcp_flag);
}
#endif
#ifdef KRB4
if (ret && use_v4) {
if (port == 0)
port = k_getportbyname("kx", "tcp", htons(KX_PORT));
ret = doit_v4 (host, port, user,
passive_flag, debug_flag, keepalive_flag, tcp_flag);
}
#endif
return ret;
}

39
crypto/heimdal/appl/kx/kx.cat1 Normal file
View file

@ -0,0 +1,39 @@
KX(1) UNIX Reference Manual KX(1)
NNAAMMEE
kkxx - securely forward X conections
SSYYNNOOPPSSIISS
_k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t
DDEESSCCRRIIPPTTIIOONN
The kkxx program forwards a X connection from a remote client to a local
screen through an authenticated and encrypted stream. Options supported
by kkxx:
--ll Log in on remote the host as user _u_s_e_r_n_a_m_e.
--kk Do not enable keep-alives on the TCP connections.
--dd Do not fork. This is mainly useful for debugging.
--tt Listen not only on a UNIX-domain socket but on a TCP socket as
well.
--pp Use the port _p_o_r_t.
--PP Force passive mode.
This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to
run it directly.
It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic
from the remote X clients to the local server. When started, it prints
the display and Xauthority-file to be used on host _h_o_s_t and then goes to
the background, waiting for connections from the remote kkxxdd..
SSEEEE AALLSSOO
rxtelnet(1), rxterm(1), kxd(8)
KTH-KRB September 27, 1996 1

259
crypto/heimdal/appl/kx/kx.h Normal file
View file

@ -0,0 +1,259 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: kx.h,v 1.38 2000/02/06 05:52:03 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif /* HAVE_CONFIG_H */
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <errno.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_SYS_UN_H
#include <sys/un.h>
#endif
#include <X11/X.h>
#include <X11/Xlib.h>
#include <X11/Xauth.h>
#ifdef HAVE_SYS_STREAM_H
#include <sys/stream.h>
#endif
#ifdef HAVE_SYS_STROPTS_H
#include <sys/stropts.h>
#endif
/* as far as we know, this is only used with later versions of Slowlaris */
#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH)
#define MAY_HAVE_X11_PIPES
#endif
#ifdef SOCKS
#include <socks.h>
/* This doesn't belong here. */
struct tm *localtime(const time_t *);
struct hostent *gethostbyname(const char *);
#endif
#ifdef KRB4
#include <krb.h>
#include <prot.h>
#endif
#ifdef KRB5
#include <krb5.h>
#endif
#include <err.h>
#include <getarg.h>
#include <roken.h>
struct x_socket {
char *pathname;
int fd;
enum {
LISTENP = 0x80,
TCP = LISTENP | 1,
UNIX_SOCKET = LISTENP | 2,
STREAM_PIPE = 3
} flags;
};
extern char x_socket[];
extern u_int32_t display_num;
extern char display[];
extern int display_size;
extern char xauthfile[];
extern int xauthfile_size;
extern u_char cookie[];
extern size_t cookie_len;
int get_xsockets (int *number, struct x_socket **sockets, int tcpp);
int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid);
int connect_local_xsocket (unsigned dnr);
int create_and_write_cookie (char *xauthfile,
size_t size,
u_char *cookie,
size_t sz);
int verify_and_remove_cookies (int fd, int sock, int cookiesp);
int replace_cookie(int xserver, int fd, char *filename, int cookiesp);
int suspicious_address (int sock, struct sockaddr_in addr);
#define KX_PORT 2111
#define KX_OLD_VERSION "KXSERV.1"
#define KX_VERSION "KXSERV.2"
#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1"
enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 };
enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 };
typedef enum kx_flags kx_flags;
struct kx_context {
int (*authenticate)(struct kx_context *kc, int s);
int (*userok)(struct kx_context *kc, char *user);
ssize_t (*read)(struct kx_context *kc,
int fd, void *buf, size_t len);
ssize_t (*write)(struct kx_context *kc,
int fd, const void *buf, size_t len);
int (*copy_encrypted)(struct kx_context *kc,
int fd1, int fd2);
void (*destroy)(struct kx_context *kc);
const char *host;
const char *user;
int port;
int debug_flag;
int keepalive_flag;
int tcp_flag;
struct sockaddr_in thisaddr, thataddr;
void *data;
};
typedef struct kx_context kx_context;
void
context_set (kx_context *kc, const char *host, const char *user, int port,
int debug_flag, int keepalive_flag, int tcp_flag);
void
context_destroy (kx_context *kc);
int
context_authenticate (kx_context *kc, int s);
int
context_userok (kx_context *kc, char *user);
ssize_t
kx_read (kx_context *kc, int fd, void *buf, size_t len);
ssize_t
kx_write (kx_context *kc, int fd, const void *buf, size_t len);
int
copy_encrypted (kx_context *kc, int fd1, int fd2);
#ifdef KRB4
void
krb4_make_context (kx_context *c);
int
recv_v4_auth (kx_context *kc, int sock, u_char *buf);
#endif
#ifdef KRB5
void
krb5_make_context (kx_context *c);
int
recv_v5_auth (kx_context *kc, int sock, u_char *buf);
#endif
void
fatal (kx_context *kc, int fd, char *format, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 3, 4)))
#endif
;
#ifndef KRB4
int
krb_get_int(void *f, u_int32_t *to, int size, int lsb);
int
krb_put_int(u_int32_t from, void *to, size_t rem, int size);
#endif

53
crypto/heimdal/appl/kx/kxd.8 Normal file
View file

@ -0,0 +1,53 @@
.\" $Id: kxd.8,v 1.5 2001/01/11 16:16:26 assar Exp $
.\"
.Dd September 27, 1996
.Dt KXD 8
.Os KTH-KRB
.Sh NAME
.Nm kxd
.Nd
securely forward X conections
.Sh SYNOPSIS
.Ar kxd
.Op Fl t
.Op Fl i
.Op Fl p Ar port
.Sh DESCRIPTION
This is the daemon for
.Nm kx .
.Pp
Options supported by
.Nm kxd :
.Bl -tag -width Ds
.It Fl t
TCP. Normally
.Nm kxd
will only listen for X connections on a UNIX socket, but some machines
(for example, Cray) have X libraries that are not able to use UNIX
sockets and thus you need to use TCP to talk to the pseudo-xserver
created by
.Nm kxd.
This option decreases the security significantly and should only be
used when it is necessary and you have considered the consequences of
doing so.
.It Fl i
Interactive. Do not expect to be started by
.Nm inetd,
but allocate and listen to the socket yourself. Handy for testing
and debugging.
.It Fl p
Port. Listen on the port
.Ar port .
Only usable with
.Fl i .
.El
.Sh EXAMPLES
Put the following in
.Pa /etc/inetd.conf :
.Bd -literal
kx stream tcp nowait root /usr/athena/libexec/kxd kxd
.Ed
.Sh SEE ALSO
.Xr kx 1 ,
.Xr rxtelnet 1 ,
.Xr rxterm 1

754
crypto/heimdal/appl/kx/kxd.c Normal file
View file

@ -0,0 +1,754 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "kx.h"
RCSID("$Id: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $");
static pid_t wait_on_pid = -1;
static int done = 0;
/*
* Signal handler that justs waits for the children when they die.
*/
static RETSIGTYPE
childhandler (int sig)
{
pid_t pid;
int status;
do {
pid = waitpid (-1, &status, WNOHANG|WUNTRACED);
if (pid > 0 && pid == wait_on_pid)
done = 1;
} while(pid > 0);
signal (SIGCHLD, childhandler);
SIGRETURN(0);
}
/*
* Print the error message `format' and `...' on fd and die.
*/
void
fatal (kx_context *kc, int fd, char *format, ...)
{
u_char msg[1024];
u_char *p;
va_list args;
int len;
va_start(args, format);
p = msg;
*p++ = ERROR;
vsnprintf ((char *)p + 4, sizeof(msg) - 5, format, args);
syslog (LOG_ERR, "%s", (char *)p + 4);
len = strlen ((char *)p + 4);
p += KRB_PUT_INT (len, p, 4, 4);
p += len;
kx_write (kc, fd, msg, p - msg);
va_end(args);
exit (1);
}
/*
* Remove all sockets and cookie files.
*/
static void
cleanup(int nsockets, struct x_socket *sockets)
{
int i;
if(xauthfile[0])
unlink(xauthfile);
for (i = 0; i < nsockets; ++i) {
if (sockets[i].pathname != NULL) {
unlink (sockets[i].pathname);
free (sockets[i].pathname);
}
}
}
/*
* Prepare to receive a connection on `sock'.
*/
static int
recv_conn (int sock, kx_context *kc,
int *dispnr, int *nsockets, struct x_socket **sockets,
int tcp_flag)
{
u_char msg[1024], *p;
char user[256];
socklen_t addrlen;
struct passwd *passwd;
struct sockaddr_in thisaddr, thataddr;
char remotehost[MaxHostNameLen];
char remoteaddr[INET6_ADDRSTRLEN];
int ret = 1;
int flags;
int len;
u_int32_t tmp32;
addrlen = sizeof(thisaddr);
if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 ||
addrlen != sizeof(thisaddr)) {
syslog (LOG_ERR, "getsockname: %m");
exit (1);
}
addrlen = sizeof(thataddr);
if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 ||
addrlen != sizeof(thataddr)) {
syslog (LOG_ERR, "getpeername: %m");
exit (1);
}
kc->thisaddr = thisaddr;
kc->thataddr = thataddr;
getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen,
remotehost, sizeof(remotehost),
NULL, 0, 0);
if (net_read (sock, msg, 4) != 4) {
syslog (LOG_ERR, "read: %m");
exit (1);
}
#ifdef KRB5
if (ret && recv_v5_auth (kc, sock, msg) == 0)
ret = 0;
#endif
#ifdef KRB4
if (ret && recv_v4_auth (kc, sock, msg) == 0)
ret = 0;
#endif
if (ret) {
syslog (LOG_ERR, "unrecognized auth protocol: %x %x %x %x",
msg[0], msg[1], msg[2], msg[3]);
exit (1);
}
len = kx_read (kc, sock, msg, sizeof(msg));
if (len < 0) {
syslog (LOG_ERR, "kx_read failed");
exit (1);
}
p = (u_char *)msg;
if (*p != INIT)
fatal(kc, sock, "Bad message");
p++;
p += krb_get_int (p, &tmp32, 4, 0);
len = min(sizeof(user), tmp32);
memcpy (user, p, len);
p += tmp32;
user[len] = '\0';
passwd = k_getpwnam (user);
if (passwd == NULL)
fatal (kc, sock, "cannot find uid for %s", user);
if (context_userok (kc, user) != 0)
fatal (kc, sock, "%s not allowed to login as %s",
kc->user, user);
flags = *p++;
if (flags & PASSIVE) {
pid_t pid;
int tmp;
tmp = get_xsockets (nsockets, sockets, tcp_flag);
if (tmp < 0) {
fatal (kc, sock, "Cannot create X socket(s): %s",
strerror(errno));
}
*dispnr = tmp;
if (chown_xsockets (*nsockets, *sockets,
passwd->pw_uid, passwd->pw_gid)) {
cleanup (*nsockets, *sockets);
fatal (kc, sock, "Cannot chown sockets: %s",
strerror(errno));
}
pid = fork();
if (pid == -1) {
cleanup (*nsockets, *sockets);
fatal (kc, sock, "fork: %s", strerror(errno));
} else if (pid != 0) {
wait_on_pid = pid;
while (!done)
pause ();
cleanup (*nsockets, *sockets);
exit (0);
}
}
if (setgid (passwd->pw_gid) ||
initgroups(passwd->pw_name, passwd->pw_gid) ||
#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */
setjob(passwd->pw_uid, 0) == -1 ||
#endif
setuid(passwd->pw_uid)) {
syslog(LOG_ERR, "setting uid/groups: %m");
fatal (kc, sock, "cannot set uid");
}
inet_ntop (thataddr.sin_family,
&thataddr.sin_addr, remoteaddr, sizeof(remoteaddr));
syslog (LOG_INFO, "from %s(%s): %s -> %s",
remotehost, remoteaddr,
kc->user, user);
umask(077);
if (!(flags & PASSIVE)) {
p += krb_get_int (p, &tmp32, 4, 0);
len = min(tmp32, display_size);
memcpy (display, p, len);
display[len] = '\0';
p += tmp32;
p += krb_get_int (p, &tmp32, 4, 0);
len = min(tmp32, xauthfile_size);
memcpy (xauthfile, p, len);
xauthfile[len] = '\0';
p += tmp32;
}
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (flags & KEEP_ALIVE) {
int one = 1;
setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
return flags;
}
/*
*
*/
static int
passive_session (kx_context *kc, int fd, int sock, int cookiesp)
{
if (verify_and_remove_cookies (fd, sock, cookiesp))
return 1;
else
return copy_encrypted (kc, fd, sock);
}
/*
*
*/
static int
active_session (kx_context *kc, int fd, int sock, int cookiesp)
{
fd = connect_local_xsocket(0);
if (replace_cookie (fd, sock, xauthfile, cookiesp))
return 1;
else
return copy_encrypted (kc, fd, sock);
}
/*
* Handle a new connection.
*/
static int
doit_conn (kx_context *kc,
int fd, int meta_sock, int flags, int cookiesp)
{
int sock, sock2;
struct sockaddr_in addr;
struct sockaddr_in thisaddr;
socklen_t addrlen;
u_char msg[1024], *p;
sock = socket (AF_INET, SOCK_STREAM, 0);
if (sock < 0) {
syslog (LOG_ERR, "socket: %m");
return 1;
}
#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT)
{
int one = 1;
setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one));
}
#endif
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
if (flags & KEEP_ALIVE) {
int one = 1;
setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one,
sizeof(one));
}
#endif
memset (&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
syslog (LOG_ERR, "bind: %m");
return 1;
}
addrlen = sizeof(addr);
if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) {
syslog (LOG_ERR, "getsockname: %m");
return 1;
}
if (listen (sock, SOMAXCONN) < 0) {
syslog (LOG_ERR, "listen: %m");
return 1;
}
p = msg;
*p++ = NEW_CONN;
p += KRB_PUT_INT (ntohs(addr.sin_port), p, 4, 4);
if (kx_write (kc, meta_sock, msg, p - msg) < 0) {
syslog (LOG_ERR, "write: %m");
return 1;
}
addrlen = sizeof(thisaddr);
sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen);
if (sock2 < 0) {
syslog (LOG_ERR, "accept: %m");
return 1;
}
close (sock);
close (meta_sock);
if (flags & PASSIVE)
return passive_session (kc, fd, sock2, cookiesp);
else
return active_session (kc, fd, sock2, cookiesp);
}
/*
* Is the current user the owner of the console?
*/
static void
check_user_console (kx_context *kc, int fd)
{
struct stat sb;
if (stat ("/dev/console", &sb) < 0)
fatal (kc, fd, "Cannot stat /dev/console: %s", strerror(errno));
if (getuid() != sb.st_uid)
fatal (kc, fd, "Permission denied");
}
/* close down the new connection with a reasonable error message */
static void
close_connection(int fd, const char *message)
{
char buf[264]; /* max message */
char *p;
int lsb = 0;
size_t mlen;
mlen = strlen(message);
if(mlen > 255)
mlen = 255;
/* read first part of connection packet, to get byte order */
if(read(fd, buf, 6) != 6) {
close(fd);
return;
}
if(buf[0] == 0x6c)
lsb++;
p = buf;
*p++ = 0; /* failed */
*p++ = mlen; /* length of message */
p += 4; /* skip protocol version */
p += 2; /* skip additional length */
memcpy(p, message, mlen); /* copy message */
p += mlen;
while((p - buf) % 4) /* pad to multiple of 4 bytes */
*p++ = 0;
/* now fill in length of additional data */
if(lsb) {
buf[6] = (p - buf - 8) / 4;
buf[7] = 0;
}else{
buf[6] = 0;
buf[7] = (p - buf - 8) / 4;
}
write(fd, buf, p - buf);
close(fd);
}
/*
* Handle a passive session on `sock'
*/
static int
doit_passive (kx_context *kc,
int sock,
int flags,
int dispnr,
int nsockets,
struct x_socket *sockets,
int tcp_flag)
{
int tmp;
int len;
size_t rem;
u_char msg[1024], *p;
int error;
display_num = dispnr;
if (tcp_flag)
snprintf (display, display_size, "localhost:%u", display_num);
else
snprintf (display, display_size, ":%u", display_num);
error = create_and_write_cookie (xauthfile, xauthfile_size,
cookie, cookie_len);
if (error) {
cleanup(nsockets, sockets);
fatal (kc, sock, "Cookie-creation failed: %s", strerror(error));
return 1;
}
p = msg;
rem = sizeof(msg);
*p++ = ACK;
--rem;
len = strlen (display);
tmp = KRB_PUT_INT (len, p, rem, 4);
if (tmp < 0 || rem < len + 4) {
syslog (LOG_ERR, "doit: buffer too small");
cleanup(nsockets, sockets);
return 1;
}
p += tmp;
rem -= tmp;
memcpy (p, display, len);
p += len;
rem -= len;
len = strlen (xauthfile);
tmp = KRB_PUT_INT (len, p, rem, 4);
if (tmp < 0 || rem < len + 4) {
syslog (LOG_ERR, "doit: buffer too small");
cleanup(nsockets, sockets);
return 1;
}
p += tmp;
rem -= tmp;
memcpy (p, xauthfile, len);
p += len;
rem -= len;
if(kx_write (kc, sock, msg, p - msg) < 0) {
syslog (LOG_ERR, "write: %m");
cleanup(nsockets, sockets);
return 1;
}
for (;;) {
pid_t child;
int fd = -1;
fd_set fds;
int i;
int ret;
int cookiesp = TRUE;
FD_ZERO(&fds);
if (sock >= FD_SETSIZE) {
syslog (LOG_ERR, "fd too large");
cleanup(nsockets, sockets);
return 1;
}
FD_SET(sock, &fds);
for (i = 0; i < nsockets; ++i) {
if (sockets[i].fd >= FD_SETSIZE) {
syslog (LOG_ERR, "fd too large");
cleanup(nsockets, sockets);
return 1;
}
FD_SET(sockets[i].fd, &fds);
}
ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
if(ret <= 0)
continue;
if(FD_ISSET(sock, &fds)){
/* there are no processes left on the remote side
*/
cleanup(nsockets, sockets);
exit(0);
} else if(ret) {
for (i = 0; i < nsockets; ++i) {
if (FD_ISSET(sockets[i].fd, &fds)) {
if (sockets[i].flags == TCP) {
struct sockaddr_in peer;
socklen_t len = sizeof(peer);
fd = accept (sockets[i].fd,
(struct sockaddr *)&peer,
&len);
if (fd < 0 && errno != EINTR)
syslog (LOG_ERR, "accept: %m");
/* XXX */
if (fd >= 0 && suspicious_address (fd, peer)) {
close (fd);
fd = -1;
errno = EINTR;
}
} else if(sockets[i].flags == UNIX_SOCKET) {
socklen_t zero = 0;
fd = accept (sockets[i].fd, NULL, &zero);
if (fd < 0 && errno != EINTR)
syslog (LOG_ERR, "accept: %m");
#ifdef MAY_HAVE_X11_PIPES
} else if(sockets[i].flags == STREAM_PIPE) {
/*
* this code tries to handle the
* send fd-over-pipe stuff for
* solaris
*/
struct strrecvfd strrecvfd;
ret = ioctl (sockets[i].fd,
I_RECVFD, &strrecvfd);
if (ret < 0 && errno != EINTR) {
syslog (LOG_ERR, "ioctl I_RECVFD: %m");
}
/* XXX */
if (ret == 0) {
if (strrecvfd.uid != getuid()) {
close (strrecvfd.fd);
fd = -1;
errno = EINTR;
} else {
fd = strrecvfd.fd;
cookiesp = FALSE;
}
}
#endif /* MAY_HAVE_X11_PIPES */
} else
abort ();
break;
}
}
}
if (fd < 0) {
if (errno == EINTR)
continue;
else
return 1;
}
child = fork ();
if (child < 0) {
syslog (LOG_ERR, "fork: %m");
if(errno != EAGAIN)
return 1;
close_connection(fd, strerror(errno));
} else if (child == 0) {
for (i = 0; i < nsockets; ++i)
close (sockets[i].fd);
return doit_conn (kc, fd, sock, flags, cookiesp);
} else {
close (fd);
}
}
}
/*
* Handle an active session on `sock'
*/
static int
doit_active (kx_context *kc,
int sock,
int flags,
int tcp_flag)
{
u_char msg[1024], *p;
check_user_console (kc, sock);
p = msg;
*p++ = ACK;
if(kx_write (kc, sock, msg, p - msg) < 0) {
syslog (LOG_ERR, "write: %m");
return 1;
}
for (;;) {
pid_t child;
int len;
len = kx_read (kc, sock, msg, sizeof(msg));
if (len < 0) {
syslog (LOG_ERR, "read: %m");
return 1;
}
p = (u_char *)msg;
if (*p != NEW_CONN) {
syslog (LOG_ERR, "bad_message: %d", *p);
return 1;
}
child = fork ();
if (child < 0) {
syslog (LOG_ERR, "fork: %m");
if (errno != EAGAIN)
return 1;
} else if (child == 0) {
return doit_conn (kc, sock, sock, flags, 1);
} else {
}
}
}
/*
* Receive a connection on `sock' and process it.
*/
static int
doit(int sock, int tcp_flag)
{
int ret;
kx_context context;
int dispnr;
int nsockets;
struct x_socket *sockets;
int flags;
flags = recv_conn (sock, &context, &dispnr, &nsockets, &sockets, tcp_flag);
if (flags & PASSIVE)
ret = doit_passive (&context, sock, flags, dispnr,
nsockets, sockets, tcp_flag);
else
ret = doit_active (&context, sock, flags, tcp_flag);
context_destroy (&context);
return ret;
}
static char *port_str = NULL;
static int inetd_flag = 1;
static int tcp_flag = 0;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" },
{ "tcp", 't', arg_flag, &tcp_flag, "Use TCP" },
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"host");
exit (ret);
}
/*
* kxd - receive a forwarded X conncection
*/
int
main (int argc, char **argv)
{
int port;
int optind = 0;
setprogname (argv[0]);
roken_openlog ("kxd", LOG_ODELAY | LOG_PID, LOG_DAEMON);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
#if defined(KRB5)
port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT);
#elif defined(KRB4)
port = k_getportbyname ("kx", "tcp", htons(KX_PORT));
#else
#error define KRB4 or KRB5
#endif
}
if (!inetd_flag)
mini_inetd (port);
signal (SIGCHLD, childhandler);
return doit(STDIN_FILENO, tcp_flag);
}

37
crypto/heimdal/appl/kx/kxd.cat8 Normal file
View file

@ -0,0 +1,37 @@
KXD(8) UNIX System Manager's Manual KXD(8)
NNAAMMEE
kkxxdd - securely forward X conections
SSYYNNOOPPSSIISS
_k_x_d [--tt] [--ii] [--pp _p_o_r_t]
DDEESSCCRRIIPPTTIIOONN
This is the daemon for kkxx.
Options supported by kkxxdd:
--tt TCP. Normally kkxxdd will only listen for X connections on a UNIX
socket, but some machines (for example, Cray) have X libraries
that are not able to use UNIX sockets and thus you need to use
TCP to talk to the pseudo-xserver created by kkxxdd.. This option de-
creases the security significantly and should only be used when
it is necessary and you have considered the consequences of doing
so.
--ii Interactive. Do not expect to be started by iinneettdd,, but allocate
and listen to the socket yourself. Handy for testing and debug-
ging.
--pp Port. Listen on the port _p_o_r_t. Only usable with --ii.
EEXXAAMMPPLLEESS
Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f:
kx stream tcp nowait root /usr/athena/libexec/kxd kxd
SSEEEE AALLSSOO
kx(1), rxtelnet(1), rxterm(1)
KTH-KRB September 27, 1996 1

80
crypto/heimdal/appl/kx/rxtelnet.1 Normal file
View file

@ -0,0 +1,80 @@
.\" $Id: rxtelnet.1,v 1.6 2001/01/11 16:16:26 assar Exp $
.\"
.Dd September 27, 1996
.Dt RXTELNET 1
.Os KTH_KRB
.Sh NAME
.Nm rxtelnet
.Nd
start a telnet and forward X-connections.
.Sh SYNOPSIS
.Nm rxtelnet
.Op Fl l Ar username
.Op Fl k
.Op Fl t Ar telnet_args
.Op Fl x Ar xterm_args
.Op Fl w Ar term_emulator
.Op Fl n
.Ar host
.Op Ar port
.Sh DESCRIPTION
The
.Nm
program starts a
.Nm xterm
window with a telnet to host
.Ar host .
From this window you will also be able to run X clients that will be
able to connect securily to your X server. If
.Ar port
is given, that port will be used instead of the default.
.Pp
The supported options are:
.Bl -tag -width Ds
.It Fl l
Log in on the remote host as user
.Ar username
.It Fl k
Disables keep-alives
.It Fl t
Send
.Ar telnet_args
as arguments to
.Nm telnet
.It Fl x
Send
.Ar xterm_args
as arguments to
.Nm xterm
.It Fl w
Use
.Ar term_emulator
instead of xterm.
.It Fl n
Do not start any terminal emulator.
.El
.Sh EXAMPLE
To login from host
.Va foo
(where your display is)
to host
.Va bar ,
you might do the following.
.Bl -enum
.It
On foo:
.Nm
.Va bar
.It
You will get a new window with a
.Nm telnet
to
.Va bar .
In this window you will be able to start X clients.
.El
.Sh SEE ALSO
.Xr rxterm 1 ,
.Xr tenletxr 1 ,
.Xr kx 1 ,
.Xr kxd 8 ,
.Xr telnet 1

43
crypto/heimdal/appl/kx/rxtelnet.cat1 Normal file
View file

@ -0,0 +1,43 @@
RXTELNET(1) UNIX Reference Manual RXTELNET(1)
NNAAMMEE
rrxxtteellnneett - start a telnet and forward X-connections.
SSYYNNOOPPSSIISS
rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
_t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t]
DDEESSCCRRIIPPTTIIOONN
The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t.
From this window you will also be able to run X clients that will be able
to connect securily to your X server. If _p_o_r_t is given, that port will be
used instead of the default.
The supported options are:
--ll Log in on the remote host as user _u_s_e_r_n_a_m_e
--kk Disables keep-alives
--tt Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett
--xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
--ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
--nn Do not start any terminal emulator.
EEXXAAMMPPLLEE
To login from host _f_o_o (where your display is) to host _b_a_r, you might do
the following.
1. On foo: rrxxtteellnneett _b_a_r
2. You will get a new window with a tteellnneett to _b_a_r. In this window you
will be able to start X clients.
SSEEEE AALLSSOO
rxterm(1), tenletxr(1), kx(1), kxd(8), telnet(1)
KTH_KRB September 27, 1996 1

63
crypto/heimdal/appl/kx/rxtelnet.in Normal file
View file

@ -0,0 +1,63 @@
#!/bin/sh
# $Id: rxtelnet.in,v 1.26 1999/02/04 21:19:50 assar Exp $
#
usage="Usage: $0 [-l username] [-k] [-t args_to_telnet] [-x args_to_xterm] [-w term_emulator] [-n] [-v] [-h | --help] [--version] host [port]"
term=
kx_args=-P
while true
do
case $1 in
-l) telnet_args="${telnet_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
-t) telnet_args="${telnet_args} $2 "; shift 2;;
-x) xterm_args="${xterm_args} $2 "; shift 2;;
-k) kx_args="${kx_args} -k"; shift;;
-n) term=none; shift;;
-w) term=$2; shift 2;;
--version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-h) echo $usage; exit 0;;
--help) echo $usage; exit 0;;
-v) set -x; verb=1; shift;;
-*) echo "$0: Bad option $1"; echo $usage; exit 1;;
*) break;;
esac
done
if test $# -lt 1; then
echo $usage
exit 1
fi
host=$1
port=$2
title="${title}${host}"
bindir=%bindir%
pdc_trams=`dirname $0`
PATH=$pdc_trams:$bindir:$PATH
export PATH
set -- `kx $kx_args $host`
if test $# -ne 3; then
exit 1
fi
screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
pid=$1
disp=${2}${screen}
auth=$3
oldifs=$IFS
IFS=:
set -- $PATH
IFS=$oldifs
if test -z "$term"; then
for j in xterm dtterm aixterm dxterm hpterm; do
for i in $*; do
test -n "$i" || i="."
if test -x $i/$j; then
term=$j; break 2
fi
done
done
fi
test "$verb" && echo "Telnet command used is `type telnet`."
if test -n "$term" -a "$term" != "none"; then
($term -title $title -n $title $xterm_args -e env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port; kill -USR2 $pid) &
else
env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port
kill -USR2 $pid
fi

77
crypto/heimdal/appl/kx/rxterm.1 Normal file
View file

@ -0,0 +1,77 @@
.\" $Id: rxterm.1,v 1.4 1997/06/03 00:58:23 assar Exp $
.\"
.Dd September 27, 1996
.Dt RXTERM 1
.Os KTH_KRB
.Sh NAME
.Nm rxterm
.Nd
start a secure remote xterm
.Sh SYNOPSIS
.Nm rxterm
.Op Fl l Ar username
.Op Fl k
.Op Fl r Ar rsh_args
.Op Fl x Ar xterm_args
.Op Fl w Ar term_emulator
.Ar host
.Op Ar port
.Sh DESCRIPTION
The
.Nm
program starts a
.Nm xterm
window on host
.Ar host .
From this window you will also be able to run X clients that will be
able to connect securily to your X server. If
.Ar port
is given, that port will be used instead of the default.
.Pp
The supported options are:
.Bl -tag -width Ds
.It Fl l
Log in on the remote host as user
.Ar username
.It Fl k
Disable keep-alives
.It Fl r
Send
.Ar rsh_args
as arguments to
.Nm rsh
.It Fl x
Send
.Ar xterm_args
as arguments to
.Nm xterm
.It Fl w
Use
.Ar term_emulator
instead of xterm.
.El
.Sh EXAMPLE
To login from host
.Va foo
(where your display is)
to host
.Va bar ,
you might do the following.
.Bl -enum
.It
On foo:
.Nm
.Va bar
.It
You will get a new window running an
.Nm xterm
on host
.Va bar .
In this window you will be able to start X clients.
.El
.Sh SEE ALSO
.Xr rxtelnet 1 ,
.Xr tenletxr 1 ,
.Xr kx 1 ,
.Xr kxd 8 ,
.Xr rsh 1

41
crypto/heimdal/appl/kx/rxterm.cat1 Normal file
View file

@ -0,0 +1,41 @@
RXTERM(1) UNIX Reference Manual RXTERM(1)
NNAAMMEE
rrxxtteerrmm - start a secure remote xterm
SSYYNNOOPPSSIISS
rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww
_t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t]
DDEESSCCRRIIPPTTIIOONN
The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window
you will also be able to run X clients that will be able to connect se-
curily to your X server. If _p_o_r_t is given, that port will be used instead
of the default.
The supported options are:
--ll Log in on the remote host as user _u_s_e_r_n_a_m_e
--kk Disable keep-alives
--rr Send _r_s_h___a_r_g_s as arguments to rrsshh
--xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm
--ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm.
EEXXAAMMPPLLEE
To login from host _f_o_o (where your display is) to host _b_a_r, you might do
the following.
1. On foo: rrxxtteerrmm _b_a_r
2. You will get a new window running an xxtteerrmm on host _b_a_r. In this win-
dow you will be able to start X clients.
SSEEEE AALLSSOO
rxtelnet(1), tenletxr(1), kx(1), kxd(8), rsh(1)
KTH_KRB September 27, 1996 1

41
crypto/heimdal/appl/kx/rxterm.in Normal file
View file

@ -0,0 +1,41 @@
#!/bin/sh
# $Id: rxterm.in,v 1.20 1999/02/04 09:29:49 assar Exp $
#
usage="Usage: $0 [-l username] [-k] [-r rsh_args] [-x xterm_args] [-w term_emulator] [-v] [-h | --help] [--version] host"
term=xterm
while true
do
case $1 in
-l) rsh_args="${rsh_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;;
-r) rsh_args="${rsh_args} $2 "; shift 2;;
-x) xterm_args="${xterm_args} $2 "; shift 2;;
-k) kx_args="${kx_args} -k"; shift;;
-w) term=$2; shift 2;;
--version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-h) echo $usage; exit 0;;
--help) echo $usage; exit 0;;
-v) set -x; shift;;
-*) echo "$0: Bad option $1"; echo $usage; exit 1;;
*) break;;
esac
done
if test $# -lt 1; then
echo "Usage: $0 host [arguments to $term]"
exit 1
fi
host=$1
title="${title}${host}"
bindir=%bindir%
pdc_trams=`dirname $0`
PATH=$pdc_trams:$bindir:$PATH
export PATH
set -- `kx $kx_args $host`
if test $# -ne 3; then
exit 1
fi
screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
pid=$1
disp=${2}${screen}
auth=$3
kill -USR1 $pid
rsh -n $rsh_args $host "/bin/sh -c 'DISPLAY=$disp XAUTHORITY=$auth $term -T $title -n $title $xterm_args </dev/null >/dev/null 2>/dev/null &'"

61
crypto/heimdal/appl/kx/tenletxr.1 Normal file
View file

@ -0,0 +1,61 @@
.\" $Id: tenletxr.1,v 1.2 1997/03/31 03:43:33 assar Exp $
.\"
.Dd March 31, 1997
.Dt TENLETXR 1
.Os KTH_KRB
.Sh NAME
.Nm tenletxr
.Nd
forward X-connections backwards.
.Sh SYNOPSIS
.Nm tenletxr
.Op Fl l Ar username
.Op Fl k
.Ar host
.Op Ar port
.Sh DESCRIPTION
The
.Nm
program
enables forwarding of X-connections from this machine to host
.Ar host .
If
.Ar port
is given, that port will be used instead of the default.
.Pp
The supported options are:
.Bl -tag -width Ds
.It Fl l
Log in on the remote host as user
.Ar username
.It Fl k
Disables keep-alives.
.El
.Sh EXAMPLE
To login from host
.Va foo
to host
.Va bar
(where your display is),
you might do the following.
.Bl -enum
.It
On foo:
.Nm
.Va bar
.It
You will get a new shell where you will be able to start X clients
that will show their windows on
.Va bar .
.El
.Sh BUGS
It currently checks if you have permission to run it by checking if
you own
.Pa /dev/console
on the remote host.
.Sh SEE ALSO
.Xr rxtelnet 1 ,
.Xr rxterm 1 ,
.Xr kx 1 ,
.Xr kxd 8 ,
.Xr telnet 1

37
crypto/heimdal/appl/kx/tenletxr.cat1 Normal file
View file

@ -0,0 +1,37 @@
TENLETXR(1) UNIX Reference Manual TENLETXR(1)
NNAAMMEE
tteennlleettxxrr - forward X-connections backwards.
SSYYNNOOPPSSIISS
tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t]
DDEESSCCRRIIPPTTIIOONN
The tteennlleettxxrr program enables forwarding of X-connections from this ma-
chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of
the default.
The supported options are:
--ll Log in on the remote host as user _u_s_e_r_n_a_m_e
--kk Disables keep-alives.
EEXXAAMMPPLLEE
To login from host _f_o_o to host _b_a_r (where your display is), you might do
the following.
1. On foo: tteennlleettxxrr _b_a_r
2. You will get a new shell where you will be able to start X clients
that will show their windows on _b_a_r.
BBUUGGSS
It currently checks if you have permission to run it by checking if you
own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host.
SSEEEE AALLSSOO
rxtelnet(1), rxterm(1), kx(1), kxd(8), telnet(1)
KTH_KRB March 31, 1997 1

37
crypto/heimdal/appl/kx/tenletxr.in Normal file
View file

@ -0,0 +1,37 @@
#!/bin/sh
# $Id: tenletxr.in,v 1.3 1999/02/04 09:29:59 assar Exp $
#
usage="Usage: $0 [-l username] [-k] [-v] [-h | --help] [--version] host [port]"
while true
do
case $1 in
-l) kx_args="${kx_args} -l $2"; shift 2;;
-k) kx_args="${kx_args} -k"; shift;;
--version) echo "$0: %PACKAGE% %VERSION%"; exit 0;;
-h) echo $usage; exit 0;;
--help) echo $usage; exit 0;;
-v) set -x; shift;;
-*) echo "$0: Bad option $1"; echo $usage; exit 1;;
*) break;;
esac
done
if test $# -lt 1; then
echo $usage
exit 1
fi
host=$1
port=$2
bindir=%bindir%
pdc_trams=`dirname $0`
PATH=$pdc_trams:$bindir:$PATH
export PATH
set -- `kx $kx_args $host`
if test $# -ne 3; then
exit 1
fi
screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'`
pid=$1
disp=${2}${screen}
auth=$3
env DISPLAY=$disp XAUTHORITY=$auth $SHELL
kill -USR2 $pid

73
crypto/heimdal/appl/kx/writeauth.c Normal file
View file

@ -0,0 +1,73 @@
/* $XConsortium: AuWrite.c,v 1.6 94/04/17 20:15:45 gildea Exp $ */
/*
Copyright (c) 1988 X Consortium
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of the X Consortium shall not be
used in advertising or otherwise to promote the sale, use or other dealings
in this Software without prior written authorization from the X Consortium.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: writeauth.c,v 1.4 1999/05/12 17:59:44 assar Exp $");
#endif
#include <X11/Xauth.h>
static int
write_short (unsigned short s, FILE *file)
{
unsigned char file_short[2];
file_short[0] = (s & (unsigned)0xff00) >> 8;
file_short[1] = s & 0xff;
if (fwrite (file_short, sizeof (file_short), 1, file) != 1)
return 0;
return 1;
}
static int
write_counted_string (unsigned short count, char *string, FILE *file)
{
if (write_short (count, file) == 0)
return 0;
if (fwrite (string, (int) sizeof (char), (int) count, file) != count)
return 0;
return 1;
}
int
XauWriteAuth (FILE *auth_file, Xauth *auth)
{
if (write_short (auth->family, auth_file) == 0)
return 0;
if (write_counted_string (auth->address_length, auth->address, auth_file) == 0)
return 0;
if (write_counted_string (auth->number_length, auth->number, auth_file) == 0)
return 0;
if (write_counted_string (auth->name_length, auth->name, auth_file) == 0)
return 0;
if (write_counted_string (auth->data_length, auth->data, auth_file) == 0)
return 0;
return 1;
}

5
crypto/heimdal/appl/login/ChangeLog
View file

@ -1,3 +1,8 @@
2001-02-08 Assar Westerlund <assar@sics.se>
* utmp_login.c, utmpx_login.c: try to write a useful string as
host in utmp, using the same algoritm as telnetd
2001-01-29 Assar Westerlund <assar@sics.se>
* login.c: remove some krb5_free_context that might happen at

16
crypto/heimdal/appl/login/Makefile.in
View file

@ -1,6 +1,7 @@
# Makefile.in generated automatically by automake 1.4a from Makefile.am
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc.
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@ -119,7 +120,7 @@ install_sh = @install_sh@
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
bin_PROGRAMS = login
@ -260,7 +263,7 @@ OBJECTS = $(am_login_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/login/Makefile
@ -352,6 +355,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:

4
crypto/heimdal/appl/login/login.c
View file

@ -39,7 +39,7 @@
#include <sys/capability.h>
#endif
RCSID("$Id: login.c,v 1.46 2001/01/29 02:18:03 assar Exp $");
RCSID("$Id: login.c,v 1.47 2001/02/20 01:44:45 assar Exp $");
static int login_timeout = 60;
@ -650,7 +650,7 @@ main(int argc, char **argv)
int ask = 1;
struct sigaction sa;
set_progname(argv[0]);
setprogname(argv[0]);
#ifdef KRB5
{

6
crypto/heimdal/appl/login/login_protos.h
View file

@ -63,6 +63,12 @@ read_string __P((
size_t len,
int echo));
void
shrink_hostname __P((
const char *hostname,
char *dst,
size_t dst_sz));
void
stty_default __P((void));

4
crypto/heimdal/appl/login/osfc2.c
View file

@ -32,7 +32,7 @@
*/
#include "login_locl.h"
RCSID("$Id: osfc2.c,v 1.3 1999/12/02 17:04:56 joda Exp $");
RCSID("$Id: osfc2.c,v 1.4 2001/02/20 01:44:46 assar Exp $");
int
do_osfc2_magic(uid_t uid)
@ -42,7 +42,7 @@ do_osfc2_magic(uid_t uid)
char *argv[2];
/* fake */
argv[0] = (char*)__progname;
argv[0] = (char*)getprogname();
argv[1] = NULL;
set_auth_parameters(1, argv);

48
crypto/heimdal/appl/login/utmp_login.c
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,49 @@
#include "login_locl.h"
RCSID("$Id: utmp_login.c,v 1.17 1999/12/02 17:04:56 joda Exp $");
RCSID("$Id: utmp_login.c,v 1.18 2001/02/08 16:08:26 assar Exp $");
/* try to put something useful from hostname into dst, dst_sz:
* full name, first component or address */
void
shrink_hostname (const char *hostname,
char *dst, size_t dst_sz)
{
char local_hostname[MaxHostNameLen];
char *ld, *hd;
int ret;
struct addrinfo *ai;
if (strlen(hostname) < dst_sz) {
strlcpy (dst, hostname, dst_sz);
return;
}
gethostname (local_hostname, sizeof(local_hostname));
hd = strchr (hostname, '.');
ld = strchr (local_hostname, '.');
if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0
&& hd - hostname < dst_sz) {
strlcpy (dst, hostname, dst_sz);
dst[hd - hostname] = '\0';
return;
}
ret = getaddrinfo (hostname, NULL, NULL, &ai);
if (ret) {
strncpy (dst, hostname, dst_sz);
return;
}
ret = getnameinfo (ai->ai_addr, ai->ai_addrlen,
dst, dst_sz,
NULL, 0,
NI_NUMERICHOST);
freeaddrinfo (ai);
if (ret) {
strncpy (dst, hostname, dst_sz);
return;
}
}
void
prepare_utmp (struct utmp *utmp, char *tty,
@ -60,7 +102,7 @@ prepare_utmp (struct utmp *utmp, char *tty,
# endif
# ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host));
# endif
# ifdef HAVE_STRUCT_UTMP_UT_TYPE

4
crypto/heimdal/appl/login/utmpx_login.c
View file

@ -2,7 +2,7 @@
#include "login_locl.h"
RCSID("$Id: utmpx_login.c,v 1.24 1999/08/04 17:03:15 assar Exp $");
RCSID("$Id: utmpx_login.c,v 1.25 2001/02/08 16:08:47 assar Exp $");
/* utmpx_login - update utmp and wtmp after login */
@ -21,7 +21,7 @@ utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host)
strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
#endif
strncpy(ut->ut_user, user, sizeof(ut->ut_user));
strncpy(ut->ut_host, host, sizeof(ut->ut_host));
shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host));
#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
ut->ut_syslen = strlen(host) + 1;
if (ut->ut_syslen > sizeof(ut->ut_host))

40
crypto/heimdal/appl/otp/ChangeLog Normal file
View file

@ -0,0 +1,40 @@
2000-11-29 Johan Danielsson <joda@pdc.kth.se>
* otpprint.1: sort parameters and close a list
* otp.1: sort parameters and close a list
1999-09-14 Assar Westerlund <assar@sics.se>
* otp.c (verify_user_otp): check return value from
des_read_pw_string
Thu Apr 1 16:51:07 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* otpprint.c: use getarg
* otp.c: use getarg
Thu Mar 18 12:08:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: include Makefile.am.common
Thu Mar 4 19:45:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: DESTDIR
Sat Feb 27 19:44:25 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: add
Sun Nov 22 10:32:50 1998 Assar Westerlund <assar@sics.se>
* otpprint.c: more braces
* Makefile.in (WFLAGS): set
Sun Dec 21 09:31:30 1997 Assar Westerlund <assar@sics.se>
* otp.c (renew): don't set the OTP if the reading of the string
fails.

16
crypto/heimdal/appl/otp/Makefile.am Normal file
View file

@ -0,0 +1,16 @@
# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = otp otpprint
bin_SUIDS = otp
otp_SOURCES = otp.c otp_locl.h
otpprint_SOURCES = otpprint.c otp_locl.h
man_MANS = otp.1 otpprint.1
LDADD = \
$(top_builddir)/lib/otp/libotp.la \
$(LIB_des) \
$(LIB_roken) \
$(DBLIB)

628
crypto/heimdal/appl/otp/Makefile.in Normal file
View file

@ -0,0 +1,628 @@
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ../..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
@SET_MAKE@
host_alias = @host_alias@
host_triplet = @host@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMDEP = @AMDEP@
AMTAR = @AMTAR@
AS = @AS@
AWK = @AWK@
CANONICAL_HOST = @CANONICAL_HOST@
CATMAN = @CATMAN@
CATMANEXT = @CATMANEXT@
CC = @CC@
CPP = @CPP@
CXX = @CXX@
CXXCPP = @CXXCPP@
DBLIB = @DBLIB@
DEPDIR = @DEPDIR@
DIR_des = @DIR_des@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
INCLUDE_ = @INCLUDE_@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
LIB_des = @LIB_des@
LIB_des_appl = @LIB_des_appl@
LIB_kdb = @LIB_kdb@
LIB_otp = @LIB_otp@
LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS = @WFLAGS@
WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
YACC = @YACC@
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
install_sh = @install_sh@
# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken)
AM_CFLAGS = $(WFLAGS)
CP = cp
COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
buildinclude = $(top_builddir)/include
LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_crypt = @LIB_crypt@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_gethostbyname = @LIB_gethostbyname@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_getpwnam_r = @LIB_getpwnam_r@
LIB_getsockopt = @LIB_getsockopt@
LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
LIB_res_search = @LIB_res_search@
LIB_setpcred = @LIB_setpcred@
LIB_setsockopt = @LIB_setsockopt@
LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
LIB_hesiod = @LIB_hesiod@
INCLUDE_krb4 = @INCLUDE_krb4@
LIB_krb4 = @LIB_krb4@
INCLUDE_openldap = @INCLUDE_openldap@
LIB_openldap = @LIB_openldap@
INCLUDE_readline = @INCLUDE_readline@
LEXLIB = @LEXLIB@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
bin_PROGRAMS = otp otpprint
bin_SUIDS = otp
otp_SOURCES = otp.c otp_locl.h
otpprint_SOURCES = otpprint.c otp_locl.h
man_MANS = otp.1 otpprint.1
LDADD = \
$(top_builddir)/lib/otp/libotp.la \
$(LIB_des) \
$(LIB_roken) \
$(DBLIB)
subdir = appl/otp
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
CONFIG_CLEAN_FILES =
bin_PROGRAMS = otp$(EXEEXT) otpprint$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
X_CFLAGS = @X_CFLAGS@
X_LIBS = @X_LIBS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
am_otp_OBJECTS = otp.$(OBJEXT)
otp_OBJECTS = $(am_otp_OBJECTS)
otp_LDADD = $(LDADD)
otp_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
otp_LDFLAGS =
am_otpprint_OBJECTS = otpprint.$(OBJEXT)
otpprint_OBJECTS = $(am_otpprint_OBJECTS)
otpprint_LDADD = $(LDADD)
otpprint_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la
otpprint_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CFLAGS = @CFLAGS@
CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
DIST_SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
man1dir = $(mandir)/man1
MANS = $(man_MANS)
depcomp =
DIST_COMMON = ChangeLog Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
SOURCES = $(otp_SOURCES) $(otpprint_SOURCES)
OBJECTS = $(am_otp_OBJECTS) $(am_otpprint_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/otp/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-binPROGRAMS:
clean-binPROGRAMS:
-test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS)
distclean-binPROGRAMS:
maintainer-clean-binPROGRAMS:
install-binPROGRAMS: $(bin_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(bindir)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \
$(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \
else :; fi; \
done
uninstall-binPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(bin_PROGRAMS)'; for p in $$list; do \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " rm -f $(DESTDIR)$(bindir)/$$f"; \
rm -f $(DESTDIR)$(bindir)/$$f; \
done
mostlyclean-compile:
-rm -f *.o core *.core
-rm -f *.$(OBJEXT)
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
maintainer-clean-libtool:
otp$(EXEEXT): $(otp_OBJECTS) $(otp_DEPENDENCIES)
@rm -f otp$(EXEEXT)
$(LINK) $(otp_LDFLAGS) $(otp_OBJECTS) $(otp_LDADD) $(LIBS)
otpprint$(EXEEXT): $(otpprint_OBJECTS) $(otpprint_DEPENDENCIES)
@rm -f otpprint$(EXEEXT)
$(LINK) $(otpprint_LDFLAGS) $(otpprint_OBJECTS) $(otpprint_LDADD) $(LIBS)
.c.o:
$(COMPILE) -c $<
.c.obj:
$(COMPILE) -c `cygpath -w $<`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
install-man1:
$(mkinstalldirs) $(DESTDIR)$(man1dir)
@list='$(man1_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
done
uninstall-man1:
@list='$(man1_MANS)'; \
l2='$(man_MANS)'; for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
rm -f $(DESTDIR)$(man1dir)/$$inst; \
done
install-man: $(MANS)
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-man1
uninstall-man:
@$(NORMAL_UNINSTALL)
$(MAKE) $(AM_MAKEFLAGS) uninstall-man1
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec: install-exec-am
install-data-am: install-man install-data-local
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-binPROGRAMS uninstall-man
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS) $(MANS) all-local
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
-rm -f Makefile.in
mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \
mostlyclean-libtool mostlyclean-tags \
mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-binPROGRAMS clean-compile clean-libtool clean-tags \
clean-generic mostlyclean-am
clean: clean-am
distclean-am: distclean-binPROGRAMS distclean-compile distclean-libtool \
distclean-tags distclean-generic clean-am
-rm -f libtool
distclean: distclean-am
maintainer-clean-am: maintainer-clean-binPROGRAMS \
maintainer-clean-compile maintainer-clean-libtool \
maintainer-clean-tags maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \
maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \
mostlyclean-compile distclean-compile clean-compile \
maintainer-clean-compile mostlyclean-libtool distclean-libtool \
clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \
install-man uninstall-man tags mostlyclean-tags distclean-tags \
clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \
check-local check check-am installcheck-am installcheck install-exec-am \
install-exec install-data-local install-data-am install-data install-am \
install uninstall-am uninstall all-local all-redirect all-am all \
install-strip installdirs mostlyclean-generic distclean-generic \
clean-generic maintainer-clean-generic clean mostlyclean distclean \
maintainer-clean
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
x=$(DESTDIR)$(bindir)/$$file; \
if chown 0:0 $$x && chmod u+s $$x; then :; else \
echo "*"; \
echo "* Failed to install $$x setuid root"; \
echo "*"; \
fi; done
install-exec-hook: install-suid-programs
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
$(CP) $$file $(buildinclude)/$$f; \
fi ; \
done
all-local: install-build-headers
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
.3.cat3:
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
dist-cat1-mans:
@foo='$(man1_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.1) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat3-mans:
@foo='$(man3_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.3) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat5-mans:
@foo='$(man5_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.5) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.8) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
.et.h:
$(COMPILE_ET) $<
.et.c:
$(COMPILE_ET) $<
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
check-local::
@foo='$(CHECK_LOCAL)'; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

60
crypto/heimdal/appl/otp/otp.1 Normal file
View file

@ -0,0 +1,60 @@
.\" $Id: otp.1,v 1.2 2000/11/29 18:18:22 joda Exp $
.\"
.Dd November 17, 1996
.Dt OTP 1
.Os KTH-KRB
.Sh NAME
.Nm otp
.Nd
manages one-time passwords
.Sh SYNOPSIS
.Nm otp
.Op Fl dhlor
.Op Fl f Ar algorithm
.Op Fl u Ar user
.Ar sequence-number
.Ar seed
.Sh DESCRIPTION
The
.Nm
program initializes and updates your current series of one-time
passwords (OTPs).
.Pp
Use this to set a new series of one-time passwords. Only perform this
on the console or over an encrypted link as you will have to supply
your pass-phrase. The other two parameters are
.Ar sequence-number
and
.Ar seed .
.Pp
Options are:
.Bl -tag -width Ds
.It Fl d
To delete a one-time password.
.It Fl f
Choose a different
.Ar algorithm
from the default md5. Pick any of: md4, md5, and sha.
.It Fl h
For getting a help message.
.It Fl l
List the current table of one-time passwords.
.It Fl o
To open (unlock) the otp-entry for a user.
.It Fl r
To renew a one-time password series. This operation can be performed
over an potentially eavesdropped link because you do not supply the
pass-phrase. First you need to supply the current one-time password
and then the new one corresponding to the supplied
.Ar sequence-number
and
.Ar seed .
.It Fl u
To choose a different
.Ar user
to set one-time passwords for. This only works when running
.Nm
as root.
.El
.Sh SEE ALSO
.Xr otpprint 1

366
crypto/heimdal/appl/otp/otp.c Normal file
View file

@ -0,0 +1,366 @@
/*
* Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "otp_locl.h"
#include <getarg.h>
RCSID("$Id: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $");
static int listp;
static int deletep;
static int openp;
static int renewp;
static char* alg_string;
static char *user;
static int version_flag;
static int help_flag;
struct getargs args[] = {
{ "list", 'l', arg_flag, &listp, "list OTP status" },
{ "delete", 'd', arg_flag, &deletep, "delete OTP" },
{ "open", 'o', arg_flag, &openp, "open a locked OTP" },
{ "renew", 'r', arg_flag, &renewp, "securely renew OTP" },
{ "hash", 'f', arg_string, &alg_string,
"hash algorithm (md4, md5, or sha)", "algorithm"},
{ "user", 'u', arg_string, &user,
"user other than current user (root only)", "user" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
static void
usage(int code)
{
arg_printusage(args, num_args, NULL, "[num seed]");
exit(code);
}
/*
* Renew the OTP for a user.
* The pass-phrase is not required (RFC 1938/8.0)
*/
static int
renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
{
OtpContext newctx, *ctx;
char prompt[128];
char pw[64];
void *dbm;
int ret;
newctx.alg = alg;
newctx.user = user;
newctx.n = atoi (argv[0]);
strlcpy (newctx.seed, argv[1], sizeof(newctx.seed));
strlwr(newctx.seed);
snprintf (prompt, sizeof(prompt),
"[ otp-%s %u %s ]",
newctx.alg->name,
newctx.n,
newctx.seed);
if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
otp_parse (newctx.key, pw, alg) == 0) {
ctx = &newctx;
ret = 0;
} else
return 1;
dbm = otp_db_open ();
if (dbm == NULL) {
warnx ("otp_db_open failed");
return 1;
}
otp_put (dbm, ctx);
otp_db_close (dbm);
return ret;
}
/*
* Return 0 if the user could enter the next OTP.
* I would rather have returned !=0 but it's shell-like here around.
*/
static int
verify_user_otp(char *username)
{
OtpContext ctx;
char passwd[OTP_MAX_PASSPHRASE + 1];
char prompt[128], ss[256];
if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) {
warnx("no otp challenge found for %s", username);
return 1;
}
snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0))
return 1;
return otp_verify_user (&ctx, passwd);
}
/*
* Set the OTP for a user
*/
static int
set (int argc, char **argv, OtpAlgorithm *alg, char *user)
{
void *db;
OtpContext ctx;
char pw[OTP_MAX_PASSPHRASE + 1];
int ret;
int i;
ctx.alg = alg;
ctx.user = strdup (user);
if (ctx.user == NULL)
err (1, "out of memory");
ctx.n = atoi (argv[0]);
strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
strlwr(ctx.seed);
do {
if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
return 1;
if (strlen (pw) < OTP_MIN_PASSPHRASE)
printf ("Too short pass-phrase. Use at least %d characters\n",
OTP_MIN_PASSPHRASE);
} while(strlen(pw) < OTP_MIN_PASSPHRASE);
ctx.alg->init (ctx.key, pw, ctx.seed);
for (i = 0; i < ctx.n; ++i)
ctx.alg->next (ctx.key);
db = otp_db_open ();
if(db == NULL) {
free (ctx.user);
err (1, "otp_db_open failed");
}
ret = otp_put (db, &ctx);
otp_db_close (db);
free (ctx.user);
return ret;
}
/*
* Delete otp of user from the database
*/
static int
delete_otp (int argc, char **argv, char *user)
{
void *db;
OtpContext ctx;
int ret;
db = otp_db_open ();
if(db == NULL)
errx (1, "otp_db_open failed");
ctx.user = user;
ret = otp_delete(db, &ctx);
otp_db_close (db);
return ret;
}
/*
* Tell whether the user has an otp
*/
static int
has_an_otp(char *user)
{
void *db;
OtpContext ctx;
int ret;
db = otp_db_open ();
if(db == NULL) {
warnx ("otp_db_open failed");
return 0; /* if no db no otp! */
}
ctx.user = user;
ret = otp_simple_get(db, &ctx);
otp_db_close (db);
return !ret;
}
/*
* Get and print out the otp entry for some user
*/
static void
print_otp_entry_for_name (void *db, char *user)
{
OtpContext ctx;
ctx.user = user;
if (!otp_simple_get(db, &ctx)) {
fprintf(stdout,
"%s\totp-%s %d %s",
ctx.user, ctx.alg->name, ctx.n, ctx.seed);
if (ctx.lock_time)
fprintf(stdout,
"\tlocked since %s",
ctime(&ctx.lock_time));
else
fprintf(stdout, "\n");
}
}
static int
open_otp (int argc, char **argv, char *user)
{
void *db;
OtpContext ctx;
int ret;
db = otp_db_open ();
if (db == NULL)
errx (1, "otp_db_open failed");
ctx.user = user;
ret = otp_simple_get (db, &ctx);
if (ret == 0)
ret = otp_put (db, &ctx);
otp_db_close (db);
return ret;
}
/*
* Print otp entries for one or all users
*/
static int
list_otps (int argc, char **argv, char *user)
{
void *db;
struct passwd *pw;
db = otp_db_open ();
if(db == NULL)
errx (1, "otp_db_open failed");
if (user)
print_otp_entry_for_name(db, user);
else
/* scans all users... so as to get a deterministic order */
while ((pw = getpwent()))
print_otp_entry_for_name(db, pw->pw_name);
otp_db_close (db);
return 0;
}
int
main (int argc, char **argv)
{
int defaultp = 0;
int uid = getuid();
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
int optind = 0;
setprogname (argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(deletep && uid != 0)
errx (1, "Only root can delete OTPs");
if(alg_string) {
alg = otp_find_alg (alg_string);
if (alg == NULL)
errx (1, "Unknown algorithm: %s", alg_string);
}
if (user && uid != 0)
errx (1, "Only root can use `-u'");
argc -= optind;
argv += optind;
if (!(listp || deletep || renewp || openp))
defaultp = 1;
if ( listp + deletep + renewp + defaultp + openp != 1)
usage(1); /* one of -d or -l or -r or none */
if(deletep || openp || listp) {
if(argc != 0)
errx(1, "delete, open, and list requires no arguments\n");
} else {
if(argc != 2)
errx(1, "setup, and renew requires `num', and `seed'");
}
if (listp)
return list_otps (argc, argv, user);
if (user == NULL) {
struct passwd *pwd;
pwd = k_getpwuid(uid);
if (pwd == NULL)
err (1, "You don't exist");
user = pwd->pw_name;
}
/*
* users other that root must provide the next OTP to update the sequence.
* it avoids someone to use a pending session to change an OTP sequence.
* see RFC 1938/8.0.
*/
if (uid != 0 && (defaultp || renewp)) {
if (!has_an_otp(user)) {
errx (1, "Only root can set an initial OTP");
} else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */
if (verify_user_otp(user) != 0) {
errx (1, "User authentification failed");
}
}
}
if (deletep)
return delete_otp (argc, argv, user);
else if (renewp)
return renew (argc, argv, alg, user);
else if (openp)
return open_otp (argc, argv, user);
else
return set (argc, argv, alg, user);
}

43
crypto/heimdal/appl/otp/otp.cat1 Normal file
View file

@ -0,0 +1,43 @@
OTP(1) UNIX Reference Manual OTP(1)
NNAAMMEE
oottpp - manages one-time passwords
SSYYNNOOPPSSIISS
oottpp [--ddhhlloorr] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
DDEESSCCRRIIPPTTIIOONN
The oottpp program initializes and updates your current series of one-time
passwords (OTPs).
Use this to set a new series of one-time passwords. Only perform this on
the console or over an encrypted link as you will have to supply your
pass-phrase. The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
Options are:
--dd To delete a one-time password.
--ff Choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any of:
md4, md5, and sha.
--hh For getting a help message.
--ll List the current table of one-time passwords.
--oo To open (unlock) the otp-entry for a user.
--rr To renew a one-time password series. This operation can be per-
formed over an potentially eavesdropped link because you do not
supply the pass-phrase. First you need to supply the current
one-time password and then the new one corresponding to the sup-
plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d.
--uu To choose a different _u_s_e_r to set one-time passwords for. This
only works when running oottpp as root.
SSEEEE AALLSSOO
otpprint(1)
KTH-KRB November 17, 1996 1

60
crypto/heimdal/appl/otp/otp_locl.h Normal file
View file

@ -0,0 +1,60 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: otp_locl.h,v 1.8 2001/02/15 04:20:51 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <roken.h>
#include <err.h>
#ifdef HAVE_OPENSSL_DES_H
#include <openssl/des.h>
#else
#include <des.h>
#endif
#include <otp.h>

52
crypto/heimdal/appl/otp/otpprint.1 Normal file
View file

@ -0,0 +1,52 @@
.\" $Id: otpprint.1,v 1.4 2001/06/08 20:44:46 assar Exp $
.\"
.Dd November 17, 1996
.Dt OTP 1
.Os KTH-KRB
.Sh NAME
.Nm otpprint
.Nd
print lists of one-time passwords
.Sh SYNOPSIS
.Nm otp
.Op Fl n Ar count
.Op Fl e
.Op Fl h
.Op Fl f Ar algorithm
.Ar sequence-number
.Ar seed
.Sh DESCRIPTION
The
.Nm
program prints lists of OTPs.
.Pp
Use this to print out a series of one-time passwords. You will have
to supply the
.Ar sequence number
and the
.Ar seed
as arguments and then the program will prompt you for your pass-phrase.
.Pp
There are several different print formats. The default is to print
each password with six short english words.
.Pp
Options are:
.Bl -tag -width Ds
.It Fl e
Print the passwords in ``extended'' format. In this format a prefix
that says ``hex:'' or ``word:'' is included.
.It Fl f
To choose a different
.Ar algorithm
from the default md5. Pick any of: md4, md5, and sha.
.It Fl h
Print the passwords in hex.
.It Fl n
Print
.Ar count
one-time passwords, starting at
.Ar sequence-number
and going backwards. The default is 10.
.El
.Sh SEE ALSO
.Xr otp 1

135
crypto/heimdal/appl/otp/otpprint.c Normal file
View file

@ -0,0 +1,135 @@
/*
* Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "otp_locl.h"
#include <getarg.h>
RCSID("$Id: otpprint.c,v 1.14 2001/02/20 01:44:46 assar Exp $");
static int extendedp;
static int count = 10;
static int hexp;
static char* alg_string;
static int version_flag;
static int help_flag;
struct getargs args[] = {
{ "extended", 'e', arg_flag, &extendedp, "print keys in extended format" },
{ "count", 'n', arg_integer, &count, "number of keys to print" },
{ "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" },
{ "hash", 'f', arg_string, &alg_string,
"hash algorithm (md4, md5, or sha)", "algorithm"},
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
static void
usage(int code)
{
arg_printusage(args, num_args, NULL, "num seed");
exit(code);
}
static int
print (int argc,
char **argv,
int count,
OtpAlgorithm *alg,
void (*print_fn)(OtpKey, char *, size_t))
{
char pw[64];
OtpKey key;
int n;
int i;
char *seed;
if (argc != 2)
usage (1);
n = atoi(argv[0]);
seed = argv[1];
if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0))
return 1;
alg->init (key, pw, seed);
for (i = 0; i < n; ++i) {
char s[64];
alg->next (key);
if (i >= n - count) {
(*print_fn)(key, s, sizeof(s));
printf ("%d: %s\n", i + 1, s);
}
}
return 0;
}
int
main (int argc, char **argv)
{
int optind = 0;
void (*fn)(OtpKey, char *, size_t);
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
setprogname (argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(alg_string) {
alg = otp_find_alg (alg_string);
if (alg == NULL)
errx(1, "Unknown algorithm: %s", alg_string);
}
argc -= optind;
argv += optind;
if (hexp) {
if (extendedp)
fn = otp_print_hex_extended;
else
fn = otp_print_hex;
} else {
if (extendedp)
fn = otp_print_stddict_extended;
else
fn = otp_print_stddict;
}
return print (argc, argv, count, alg, fn);
}

36
crypto/heimdal/appl/otp/otpprint.cat1 Normal file
View file

@ -0,0 +1,36 @@
OTP(1) UNIX Reference Manual OTP(1)
NNAAMMEE
oottpppprriinntt - print lists of one-time passwords
SSYYNNOOPPSSIISS
oottpp [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d
DDEESSCCRRIIPPTTIIOONN
The oottpppprriinntt program prints lists of OTPs.
Use this to print out a series of one-time passwords. You will have to
supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program
will prompt you for your pass-phrase.
There are several different print formats. The default is to print each
password with six short english words.
Options are:
--ee Print the passwords in ``extended'' format. In this format a
prefix that says ``hex:'' or ``word:'' is included.
--ff To choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any
of: md4, md5, and sha.
--hh Print the passwords in hex.
--nn Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and
going backwards. The default is 10.
SSEEEE AALLSSOO
otp(1)
KTH-KRB November 17, 1996 1

169
crypto/heimdal/appl/popper/ChangeLog Normal file
View file

@ -0,0 +1,169 @@
2000-12-31 Assar Westerlund <assar@sics.se>
* pop_init.c (pop_init): handle krb5_init_context failure
consistently
* pop_debug.c (doit_v5): handle krb5_init_context failure
consistently
2000-06-10 Assar Westerlund <assar@sics.se>
* pop_init.c (krb4_authenticate): do not exit on failure, just
return
(krb5_authenticate): log errors from krb5_recvauth
2000-04-12 Assar Westerlund <assar@sics.se>
* *.c: replace all erroneous calls to pop_log with POP_FAILURE
with POP_PRIORITY. reported by Janne Johansson <jj@it.kth.se>'
2000-01-27 Assar Westerlund <assar@sics.se>
* pop_debug.c (main): figure out port number
1999-12-20 Assar Westerlund <assar@sics.se>
* pop_init.c (pop_init): use getnameinfo_verified
* pop_debug.c (get_socket): use getaddrinfo
1999-12-03 Johan Danielsson <joda@pdc.kth.se>
* pop_init.c: optionally trace connected addresses to a file
1999-11-02 Assar Westerlund <assar@sics.se>
* pop_debug.c (main): redo the v4/v5 selection for consistency.
-4 -> try only v4 -5 -> try only v5 none, -45 -> try v5, v4
1999-10-16 Johan Danielsson <joda@pdc.kth.se>
* pop_init.c (krb5_authenticate): don't use the principal
associated with the socket for authentication, instead let
krb5_rd_req pick the correct one from the ticket; just check that
it actually was a pop-ticket
1999-08-12 Johan Danielsson <joda@pdc.kth.se>
* pop_init.c (pop_init): don't freehostent if ch == NULL
* pop_dele.c: implement XDELE to delete a range of messages
1999-08-05 Assar Westerlund <assar@sics.se>
* pop_init.c: v6-ify
* pop_debug.c: v6-ify
1999-05-10 Assar Westerlund <assar@sics.se>
* pop_debug.c (doit_v5): call krb5_sendauth with ccache == NULL
1999-04-11 Assar Westerlund <assar@sics.se>
* pop_debug.c (main): use print_version
Thu Apr 8 15:07:11 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* pop_pass.c: remove definition of KRB_VERIFY_USER (moved to
config.h)
Thu Mar 18 12:55:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* pop_pass.c: define KRB_VERIFY_SECURE if not defined
* Makefile.am: include Makefile.am.common
Wed Mar 17 23:36:21 1999 Assar Westerlund <assar@sics.se>
* pop_pass.c (krb4_verify_password): use KRB_VERIFY_SECURE instead
of 1
Tue Mar 16 22:28:52 1999 Assar Westerlund <assar@sics.se>
* pop_pass.c: krb_verify_user_multiple -> krb_verify_user
Sat Mar 13 22:17:29 1999 Assar Westerlund <assar@sics.se>
* pop_parse.c (pop_parse): cast when calling is* to get rid of a
warning
Mon Mar 8 11:50:06 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* pop_init.c: use print_version
Fri Mar 5 15:14:29 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* pop_send.c: fix handling of messages w/o body
Sun Nov 22 10:33:29 1998 Assar Westerlund <assar@sics.se>
* pop_pass.c (pop_pass): try to always log
* Makefile.in (WFLAGS): set
Fri Jul 10 01:14:25 1998 Assar Westerlund <assar@sics.se>
* pop_init.c: s/net_read/pop_net_read/
Tue Jun 2 17:33:54 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* pop_send.c: add missing newlines
Sun May 24 20:59:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* maildir.c (make_path): fix reversed args
Sat May 16 00:02:18 1998 Assar Westerlund <assar@sics.se>
* Makefile.am: link with DBLIB
Sun Apr 26 11:47:58 1998 Assar Westerlund <assar@sics.se>
* pop_pass.c (pop_pass): check return value from changeuser
* pop_dropcopy.c (changeuser): check that `setuid' and `setgid'
succeeded.
* popper.h: changeuser now returns int
Thu Apr 23 00:54:38 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* Add support for maildir spoolfiles.
* popper.h (MsgInfoList): replace `del_flag' and `retr_flag' with
single `flags'
* pop_dropcopy.c: Fix mismatched parenthesis.
Sat Apr 4 15:13:56 1998 Assar Westerlund <assar@sics.se>
* pop_dropcopy.c (pop_dropcopy): first do mkstemp and then fdopen.
Originally from <map@stacken.kth.se>
* popper.h: include <io.h>
Sat Feb 7 10:07:39 1998 Assar Westerlund <assar@sics.se>
* pop_pass.c(krb4_verify_password: Don't use REALM_SZ + 1, just
REALM_SZ
Mon Dec 29 16:37:26 1997 Assar Westerlund <assar@sics.se>
* pop_updt.c (pop_updt): lseek before ftruncating the file. From
<map@stacken.kth.se>
Sat Nov 22 13:46:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
* pop_pass.c: Destroy tickets after verification.
Sun Nov 9 09:11:14 1997 Assar Westerlund <assar@sics.se>
* pop_dropinfo.c: be careful with mails without msg-id, subject,
or from
Wed Oct 29 02:09:24 1997 Assar Westerlund <assar@sics.se>
* pop_pass.c: conditionalize OTP-support
* pop_init.c: conditionalize OTP-support

29
crypto/heimdal/appl/popper/Makefile.am Normal file
View file

@ -0,0 +1,29 @@
# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4)
noinst_PROGRAMS = pop_debug
libexec_PROGRAMS = popper
popper_SOURCES = \
pop_dele.c pop_dropcopy.c pop_dropinfo.c \
pop_get_command.c pop_init.c \
pop_last.c pop_list.c pop_log.c \
pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
pop_rset.c pop_send.c pop_stat.c pop_updt.c \
pop_user.c pop_uidl.c pop_xover.c popper.c \
maildir.c popper.h version.h
EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
popper.README.release README-FIRST README-KRB4
LDADD = \
$(LIB_otp) \
$(LIB_krb5) \
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
$(DBLIB)

623
crypto/heimdal/appl/popper/Makefile.in Normal file
View file

@ -0,0 +1,623 @@
# Makefile.in generated automatically by automake 1.4b from Makefile.am
# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
SHELL = @SHELL@
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ../..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_FLAG =
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
@SET_MAKE@
host_alias = @host_alias@
host_triplet = @host@
AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@
AMDEP = @AMDEP@
AMTAR = @AMTAR@
AS = @AS@
AWK = @AWK@
CANONICAL_HOST = @CANONICAL_HOST@
CATMAN = @CATMAN@
CATMANEXT = @CATMANEXT@
CC = @CC@
CPP = @CPP@
CXX = @CXX@
CXXCPP = @CXXCPP@
DBLIB = @DBLIB@
DEPDIR = @DEPDIR@
DIR_des = @DIR_des@
DIR_roken = @DIR_roken@
DLLTOOL = @DLLTOOL@
EXEEXT = @EXEEXT@
EXTRA_LIB45 = @EXTRA_LIB45@
GROFF = @GROFF@
INCLUDES_roken = @INCLUDES_roken@
INCLUDE_ = @INCLUDE_@
LEX = @LEX@
LIBOBJS = @LIBOBJS@
LIBTOOL = @LIBTOOL@
LIB_ = @LIB_@
LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@
LIB_des = @LIB_des@
LIB_des_appl = @LIB_des_appl@
LIB_kdb = @LIB_kdb@
LIB_otp = @LIB_otp@
LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
RANLIB = @RANLIB@
STRIP = @STRIP@
VERSION = @VERSION@
VOID_RETSIGTYPE = @VOID_RETSIGTYPE@
WFLAGS = @WFLAGS@
WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@
WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@
YACC = @YACC@
dpagaix_CFLAGS = @dpagaix_CFLAGS@
dpagaix_LDADD = @dpagaix_LDADD@
install_sh = @install_sh@
# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $
# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $
# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x
INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4)
AM_CFLAGS = $(WFLAGS)
CP = cp
COMPILE_ET = $(top_builddir)/lib/com_err/compile_et
buildinclude = $(top_builddir)/include
LIB_XauReadAuth = @LIB_XauReadAuth@
LIB_crypt = @LIB_crypt@
LIB_dbm_firstkey = @LIB_dbm_firstkey@
LIB_dbopen = @LIB_dbopen@
LIB_dlopen = @LIB_dlopen@
LIB_dn_expand = @LIB_dn_expand@
LIB_el_init = @LIB_el_init@
LIB_getattr = @LIB_getattr@
LIB_gethostbyname = @LIB_gethostbyname@
LIB_getpwent_r = @LIB_getpwent_r@
LIB_getpwnam_r = @LIB_getpwnam_r@
LIB_getsockopt = @LIB_getsockopt@
LIB_logout = @LIB_logout@
LIB_logwtmp = @LIB_logwtmp@
LIB_odm_initialize = @LIB_odm_initialize@
LIB_pidfile = @LIB_pidfile@
LIB_readline = @LIB_readline@
LIB_res_search = @LIB_res_search@
LIB_setpcred = @LIB_setpcred@
LIB_setsockopt = @LIB_setsockopt@
LIB_socket = @LIB_socket@
LIB_syslog = @LIB_syslog@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@
HESIODLIB = @HESIODLIB@
HESIODINCLUDE = @HESIODINCLUDE@
INCLUDE_hesiod = @INCLUDE_hesiod@
LIB_hesiod = @LIB_hesiod@
INCLUDE_krb4 = @INCLUDE_krb4@
LIB_krb4 = @LIB_krb4@
INCLUDE_openldap = @INCLUDE_openldap@
LIB_openldap = @LIB_openldap@
INCLUDE_readline = @INCLUDE_readline@
LEXLIB = @LEXLIB@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la
@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la
CHECK_LOCAL = $(PROGRAMS)
noinst_PROGRAMS = pop_debug
libexec_PROGRAMS = popper
popper_SOURCES = \
pop_dele.c pop_dropcopy.c pop_dropinfo.c \
pop_get_command.c pop_init.c \
pop_last.c pop_list.c pop_log.c \
pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
pop_rset.c pop_send.c pop_stat.c pop_updt.c \
pop_user.c pop_uidl.c pop_xover.c popper.c \
maildir.c popper.h version.h
EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \
popper.README.release README-FIRST README-KRB4
LDADD = \
$(LIB_otp) \
$(LIB_krb5) \
$(LIB_krb4) \
$(LIB_des) \
$(LIB_roken) \
$(DBLIB)
subdir = appl/popper
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../../include/config.h
CONFIG_CLEAN_FILES =
libexec_PROGRAMS = popper$(EXEEXT)
noinst_PROGRAMS = pop_debug$(EXEEXT)
PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS)
DEFS = @DEFS@ -I. -I$(srcdir) -I../../include
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
X_CFLAGS = @X_CFLAGS@
X_LIBS = @X_LIBS@
X_EXTRA_LIBS = @X_EXTRA_LIBS@
X_PRE_LIBS = @X_PRE_LIBS@
pop_debug_SOURCES = pop_debug.c
pop_debug_OBJECTS = pop_debug.$(OBJEXT)
pop_debug_LDADD = $(LDADD)
@KRB5_FALSE@pop_debug_DEPENDENCIES =
@KRB5_TRUE@pop_debug_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
pop_debug_LDFLAGS =
am_popper_OBJECTS = pop_dele.$(OBJEXT) pop_dropcopy.$(OBJEXT) \
pop_dropinfo.$(OBJEXT) pop_get_command.$(OBJEXT) pop_init.$(OBJEXT) \
pop_last.$(OBJEXT) pop_list.$(OBJEXT) pop_log.$(OBJEXT) \
pop_msg.$(OBJEXT) pop_parse.$(OBJEXT) pop_pass.$(OBJEXT) \
pop_quit.$(OBJEXT) pop_rset.$(OBJEXT) pop_send.$(OBJEXT) \
pop_stat.$(OBJEXT) pop_updt.$(OBJEXT) pop_user.$(OBJEXT) \
pop_uidl.$(OBJEXT) pop_xover.$(OBJEXT) popper.$(OBJEXT) \
maildir.$(OBJEXT)
popper_OBJECTS = $(am_popper_OBJECTS)
popper_LDADD = $(LDADD)
@KRB5_FALSE@popper_DEPENDENCIES =
@KRB5_TRUE@popper_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la
popper_LDFLAGS =
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CFLAGS = @CFLAGS@
CCLD = $(CC)
LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
DIST_SOURCES = pop_debug.c $(popper_SOURCES)
depcomp =
DIST_COMMON = README ChangeLog Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
GZIP_ENV = --best
SOURCES = pop_debug.c $(popper_SOURCES)
OBJECTS = pop_debug.$(OBJEXT) $(am_popper_OBJECTS)
all: all-redirect
.SUFFIXES:
.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common
cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/popper/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
mostlyclean-libexecPROGRAMS:
clean-libexecPROGRAMS:
-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
distclean-libexecPROGRAMS:
maintainer-clean-libexecPROGRAMS:
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libexecdir)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
if test -f $$p; then \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \
$(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \
else :; fi; \
done
uninstall-libexecPROGRAMS:
@$(NORMAL_UNINSTALL)
@list='$(libexec_PROGRAMS)'; for p in $$list; do \
f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \
echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \
rm -f $(DESTDIR)$(libexecdir)/$$f; \
done
mostlyclean-noinstPROGRAMS:
clean-noinstPROGRAMS:
-test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
distclean-noinstPROGRAMS:
maintainer-clean-noinstPROGRAMS:
mostlyclean-compile:
-rm -f *.o core *.core
-rm -f *.$(OBJEXT)
clean-compile:
distclean-compile:
-rm -f *.tab.c
maintainer-clean-compile:
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
distclean-libtool:
maintainer-clean-libtool:
pop_debug$(EXEEXT): $(pop_debug_OBJECTS) $(pop_debug_DEPENDENCIES)
@rm -f pop_debug$(EXEEXT)
$(LINK) $(pop_debug_LDFLAGS) $(pop_debug_OBJECTS) $(pop_debug_LDADD) $(LIBS)
popper$(EXEEXT): $(popper_OBJECTS) $(popper_DEPENDENCIES)
@rm -f popper$(EXEEXT)
$(LINK) $(popper_LDFLAGS) $(popper_OBJECTS) $(popper_LDADD) $(LIBS)
.c.o:
$(COMPILE) -c $<
.c.obj:
$(COMPILE) -c `cygpath -w $<`
.c.lo:
$(LTCOMPILE) -c -o $@ $<
tags: TAGS
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
mkid -fID $$unique $(LISP)
TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
$(TAGS_FILES) $(LISP)
tags=; \
here=`pwd`; \
list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
$(AWK) ' { files[$$0] = 1; } \
END { for (i in files) print i; }'`; \
test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \
|| etags $(ETAGS_ARGS) $$tags $$unique $(LISP)
GTAGS:
here=`CDPATH=: && cd $(top_builddir) && pwd` \
&& cd $(top_srcdir) \
&& gtags -i $$here
mostlyclean-tags:
clean-tags:
distclean-tags:
-rm -f TAGS ID
maintainer-clean-tags:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
if test -d $$d/$$file; then \
cp -pR $$d/$$file $(distdir) \
|| exit 1; \
else \
test -f $(distdir)/$$file \
|| cp -p $$d/$$file $(distdir)/$$file \
|| exit 1; \
fi; \
done
$(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook
info-am:
info: info-am
dvi-am:
dvi: dvi-am
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
installcheck-am:
installcheck: installcheck-am
install-exec-am: install-libexecPROGRAMS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-exec-hook
install-exec: install-exec-am
install-data-am: install-data-local
install-data: install-data-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
install: install-am
uninstall-am: uninstall-libexecPROGRAMS
uninstall: uninstall-am
all-am: Makefile $(PROGRAMS) all-local
all-redirect: all-am
install-strip:
$(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install
installdirs:
$(mkinstalldirs) $(DESTDIR)$(libexecdir)
mostlyclean-generic:
clean-generic:
distclean-generic:
-rm -f Makefile $(CONFIG_CLEAN_FILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
maintainer-clean-generic:
-rm -f Makefile.in
mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-noinstPROGRAMS \
mostlyclean-compile mostlyclean-libtool \
mostlyclean-tags mostlyclean-generic
mostlyclean: mostlyclean-am
clean-am: clean-libexecPROGRAMS clean-noinstPROGRAMS clean-compile \
clean-libtool clean-tags clean-generic mostlyclean-am
clean: clean-am
distclean-am: distclean-libexecPROGRAMS distclean-noinstPROGRAMS \
distclean-compile distclean-libtool distclean-tags \
distclean-generic clean-am
-rm -f libtool
distclean: distclean-am
maintainer-clean-am: maintainer-clean-libexecPROGRAMS \
maintainer-clean-noinstPROGRAMS \
maintainer-clean-compile maintainer-clean-libtool \
maintainer-clean-tags maintainer-clean-generic \
distclean-am
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
maintainer-clean: maintainer-clean-am
.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \
clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \
uninstall-libexecPROGRAMS install-libexecPROGRAMS \
mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \
clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \
mostlyclean-compile distclean-compile clean-compile \
maintainer-clean-compile mostlyclean-libtool distclean-libtool \
clean-libtool maintainer-clean-libtool tags mostlyclean-tags \
distclean-tags clean-tags maintainer-clean-tags distdir info-am info \
dvi-am dvi check-local check check-am installcheck-am installcheck \
install-exec-am install-exec install-data-local install-data-am \
install-data install-am install uninstall-am uninstall all-local \
all-redirect all-am all install-strip installdirs mostlyclean-generic \
distclean-generic clean-generic maintainer-clean-generic clean \
mostlyclean distclean maintainer-clean
install-suid-programs:
@foo='$(bin_SUIDS)'; \
for file in $$foo; do \
x=$(DESTDIR)$(bindir)/$$file; \
if chown 0:0 $$x && chmod u+s $$x; then :; else \
echo "*"; \
echo "* Failed to install $$x setuid root"; \
echo "*"; \
fi; done
install-exec-hook: install-suid-programs
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(CP) $$file $(buildinclude)/$$f"; \
$(CP) $$file $(buildinclude)/$$f; \
fi ; \
done
all-local: install-build-headers
#NROFF_MAN = nroff -man
.1.cat1:
$(NROFF_MAN) $< > $@
.3.cat3:
$(NROFF_MAN) $< > $@
.5.cat5:
$(NROFF_MAN) $< > $@
.8.cat8:
$(NROFF_MAN) $< > $@
dist-cat1-mans:
@foo='$(man1_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.1) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat3-mans:
@foo='$(man3_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.3) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat5-mans:
@foo='$(man5_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.5) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-cat8-mans:
@foo='$(man8_MANS)'; \
bar='$(man_MANS)'; \
for i in $$bar; do \
case $$i in \
*.8) foo="$$foo $$i";; \
esac; done ;\
for i in $$foo; do \
x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \
echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \
$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \
done
dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
.et.h:
$(COMPILE_ET) $<
.et.c:
$(COMPILE_ET) $<
.x.c:
@cmp -s $< $@ 2> /dev/null || cp $< $@
check-local::
@foo='$(CHECK_LOCAL)'; \
if test "$$foo"; then \
failed=0; all=0; \
for i in $$foo; do \
all=`expr $$all + 1`; \
if ./$$i --version > /dev/null 2>&1; then \
echo "PASS: $$i"; \
else \
echo "FAIL: $$i"; \
failed=`expr $$failed + 1`; \
fi; \
done; \
if test "$$failed" -eq 0; then \
banner="All $$all tests passed"; \
else \
banner="$$failed of $$all tests failed"; \
fi; \
dashes=`echo "$$banner" | sed s/./=/g`; \
echo "$$dashes"; \
echo "$$banner"; \
echo "$$dashes"; \
test "$$failed" -eq 0; \
fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

381
crypto/heimdal/appl/popper/README Normal file
View file

@ -0,0 +1,381 @@
@(#)@(#)README 2.6 2.6 4/2/91
The Post Office Protocol Server: Installation Guide
Introduction
The Post Office Protocol server runs on a variety of Unix[1] computers
to manage electronic mail for Macintosh and MS-DOS computers. The
server was developed at the University of California at Berkeley and
conforms fully to the specifications in RFC 1081[2] and RFC 1082[3].
The Berkeley server also has extensions to send electronic mail on
behalf of a client.
This guide explains how to install the POP server on your Unix
computer. It assumes that you are not only familiar with Unix but also
capable of performing Unix system administration.
How to Obtain the Server
The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU
(128.32.136.9, 128.32.206.12). It is in two files in the pub directory:
a compressed tar file popper-version.tar.Z and a Macintosh StuffIt archive
in BinHex format called MacPOP.sit.hqx.
Contents of the Distribution
The distribution contains the following:
+ All of the C source necessary to create the server program.
+ A visual representation of how the POP system works.
+ Reprints of RFC 1081 and RFC 1082.
+ A HyperCard stack POP client implementation using MacTCP.
+ A man page for the popper daemon.
+ This guide.
Compatibility
The Berkeley POP server has been successfully tested on the following
Unix operating systems:
+ Berkeley Systems Distribution 4.3
+ Sun Microsystems Operating System versions 3.5 and 4.0
+ Ultrix version 2.3
The following POP clients operate correctly with the Berkeley POP server:
+ The Berkeley HyperMail HyperCard stack for the Apple Macintosh
(distributed with the server).
+ The Stanford University Macintosh Internet Protocol MacMH program.
+ The Stanford University Personal Computer Internet Protocol MH
program.
+ The mh version 6.0 programs for Unix.
Support
The Berkeley POP server is not officially supported and is without any
warranty, explicit or implied. However, we are interested in your
experiences using the server. Bugs, comments and suggestions should be
sent electronically to netinfo@garnet.Berkeley.EDU.
Operational Characteristics
The POP Transaction Cycle
The Berkeley POP server is a single program (called popper) that is
launched by inetd when it gets a service request on the POP TCP port.
(The official port number specified in RFC 1081 for POP version 3 is
port 110. However, some POP3 clients attempt to contact the server at
port 109, the POP version 2 port. Unless you are running both POP2 and
POP3 servers, you can simply define both ports for use by the POP3
server. This is explained in the installation instructions later on.)
The popper program initializes and verifies that the peer IP address is
registered in the local domain, logging a warning message when a
connection is made to a client whose IP address does not have a
canonical name. For systems using BSD 4.3 bind, it also checks to see
if a cannonical name lookup for the client returns the same peer IP
address, logging a warning message if it does not. The the server
enters the authorization state, during which the client must correctly
identify itself by providing a valid Unix userid and password on the
server's host machine. No other exchanges are allowed during this
state (other than a request to quit.) If authentication fails, a
warning message is logged and the session ends. Once the user is
identified, popper changes its user and group ids to match that of the
user and enters the transaction state. The server makes a temporary
copy of the user's maildrop (ordinarily in /usr/spool/mail) which is
used for all subsequent transactions. These include the bulk of POP
commands to retrieve mail, delete mail, undelete mail, and so forth. A
Berkeley extension also allows the user to submit a mail parcel to the
server who mails it using the sendmail program (this extension is
supported in the HyperMail client distributed with the server). When
the client quits, the server enters the final update state during which
the network connection is terminated and the user's maildrop is updated
with the (possibly) modified temporary maildrop.
Logging
The POP server uses syslog to keep a record of its activities. On
systems with BSD 4.3 syslogging, the server logs (by default) to the
"local0" facility at priority "notice" for all messages except
debugging which is logged at priority "debug". The default log file is
/usr/spool/mqueue/POPlog. These can be changed, if desired. On
systems with 4.2 syslogging all messages are logged to the local log
file, usually /usr/spool/mqueue/syslog.
Problems
If the filesystem which holds the /usr/spool/mail fills up users will
experience difficulties. The filesystem must have enough space to hold
(approximately) two copies of the largest mail box. Popper (v1.81 and
above) is designed to be robust in the face of this problem, but you may
end up with a situation where some of the user's mail is in
/usr/spool/mail/.userid.pop
and some of the mail is in
/usr/spool/mail/userid
If this happens the System Administrator should clear enough disk space
so that the filesystem has at least as much free disk as both mailboxes
hold and probably a little more. Then the user should initiate a POP
session, and do nothing but quit. If the POP session ends without an
error the user can then use POP or another mail program to clean up his/her
mailbox.
Alternatively, the System Administrator can combine the two files (but
popper will do this for you if there is enough disk space).
Debugging
The popper program will log debugging information when the -d parameter
is specified after its invocation in the inetd.conf file. Care should
be exercised in using this option since it generates considerable
output in the syslog file. Alternatively, the "-t <file-name>" option
will place debugging information into file "<file-name>" using fprintf
instead of syslog. (To enable debugging, you must edit the Makefile
to add -DDEBUG to the compiler options.)
For SunOS version 3.5, the popper program is launched by inetd from
/etc/servers. This file does not allow you to specify command line
arguments. Therefore, if you want to enable debugging, you can specify
a shell script in /etc/servers to be launched instead of popper and in
this script call popper with the desired arguments.
Installation
1. Examine this file for the latest information, warnings, etc.
2. Check the Makefile for conformity with your system.
3. Issue the make command in the directory containing the popper
source.
4. Issue the make install command in the directory containing the
popper source to copy the program to /usr/etc.
5. Enable syslogging:
+ For systems with 4.3 syslogging:
Add the following line to the /etc/syslog.conf file:
local0.notice;local0.debug /usr/spool/mqueue/POPlog
Create the empty file /usr/spool/mqueue/POPlog.
Kill and restart the syslogd daemon.
+ For systems with 4.2 syslogging:
Be sure that you are logging messages of priority 7 and higher.
For example:
7/usr/spool/mqueue/syslog
9/dev/null
6. Update /etc/services:
Add the following line to the /etc/services file:
pop 110/tcp
Note: This is the official port number for version 3 of the
Post Office Protocol as defined in RFC 1081. However, some
POP3 clients use port 109, the port number for the previous
version (2) of POP. Therefore you may also want to add the
following line to the /etc/services file:
pop2 109/tcp
For Sun systems running yp, also do the following:
+ Change to the /var/yp directory.
+ Issue the make services command.
7. Update the inetd daemon configuration. Include the second line ONLY if you
are running the server at both ports.
+ On BSD 4.3 and SunOS 4.0 systems, add the following line to the
/etc/inetd.conf file:
pop stream tcp nowait root /usr/etc/popper popper
pop2 stream tcp nowait root /usr/etc/popper popper
+ On Ultrix systems, add the following line to the
/etc/inetd.conf file:
pop stream tcp nowait /usr/etc/popper popper
pop2 stream tcp nowait /usr/etc/popper popper
+ On SunOS 3.5 systems, add the following line to the
/etc/servers file:
pop tcp /usr/etc/popper
pop2 tcp /usr/etc/popper
Kill and restart the inetd daemon.
You can confirm that the POP server is running on Unix by telneting to
port 110 (or 109 if you set it up that way). For example:
%telnet myhost 110
Trying...
Connected to myhost.berkeley.edu.
Escape character is '^]'.
+OK UCB Pop server (version 1.6) at myhost starting.
quit
Connection closed by foreign host.
Release Notes
1.83 Make sure that everything we do as root is non-destructive.
1.82 Make the /usr/spool/mail/.userid.pop file owned by the user rather
than owned by root.
1.81 There were two versions of 1.7 floating around, 1.7b4 and 1.7b5.
The difference is that 1.7b5 attempted to save disk space on
/usr/spool/mail by deleting the users permanent maildrop after
making the temporary copy. Unfortunately, if compiled with
-DDEBUG, this version could easily wipe out a users' mail file.
This is now fixed.
This version also fixes a security hole for systems that have
/usr/spool/mail writeable by all users.
With this version we go to all new SCCS IDs for all files. This
is unfortunate, and we hope it is not too much of a problem.
Thanks to Steve Dorner of UIUC for pointing out the major problem.
1.7 Extensive re-write of the maildrop processing code contributed by
Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the
possibility that the maildrop can be corrupted as the result of
simultaneous access by two or more processes.
Added "pop_dropcopy" module to create a temporary maildrop from
the existing, standard maildrop as root before the setuid and
setgid for the user is done. This allows the temporary maildrop
to be created in a mail spool area that is not world read-writable.
This version does *not* send the sendmail "From " delimiter line
in response to a TOP or RETR command.
Encased all debugging code in #ifdef DEBUG constructs. This code can
be included by specifying the DEGUG compiler flag. Note: You still
need to use the -d or -t option to obtain debugging output.
1.6 Corrects a bug that causes the server to crash on SunOS
4.0 systems.
Uses varargs and vsprintf (if available) in pop_log and
pop_msg. This is enabled by the "HAVE_VSPRINTF"
compiler flag.
For systems with BSD 4.3 bind, performs a cannonical
name lookup and searches the returned address(es) for
the client's address, logging a warning message if it
is not located. This is enabled by the "BIND43"
comiler flag.
Removed all the includes from popper.h and distributed
them throughout the porgrams files, as needed.
Reformatted the source to convert tabs to spaces and
shorten lines for display on 80-column terminals.
1.5 Creates the temporary maildrop with mode "600" and
immediately unlinks it.
Uses client's IP address in lieu of a canonical name if
the latter cannot be obtained.
Added "-t <file-name>" option. The presence of this
option causes debugging output to be placed in the file
"file-name" using fprintf instead of the system log
file using syslog.
Corrected maildrop parsing problem.
1.4 Copies user's mail into a temporary maildrop on which
all subsequent activity is performed.
Added "pop_log" function and replaced "syslog" calls
throughout the code with it.
1.3 Corrected updating of Status: header line.
Added strncasecmp for systems that do not have one.
Used strncasecmp in all appropriate places. This is
enabled by the STRNCASECMP compiler flag.
1.2 Support for version 4.2 syslogging added. This is
enabled by the SYSLOG42 compiler flag.
1.1 Several bugs fixed.
1.0 Original version.
Limitations
+ The POP server copies the user's entire maildrop to /tmp and
then operates on that copy. If the maildrop is particularly
large, or inadequate space is available in /tmp, then the
server will refuse to continue and terminate the connection.
+ Simultaneous modification of a single maildrop can result in
confusing results. For example, manipulating messages in a
maildrop using the Unix /usr/ucb/mail command while a copy of
it is being processed by the POP server can cause the changes
made by one program to be lost when the other terminates. This
problem is being worked on and will be fixed in a later
release.
Credits
The POP server was written by Edward Moy and Austin Shelton with
contributions from Robert Campbell (U.C. Berkeley) and Viktor Dukhovni
(Princeton University). Edward Moy wrote the HyperMail stack and drew
the POP operation diagram. This installation guide was written by
Austin Shelton.
Footnotes
[1] Copyright (c) 1990 Regents of the University of California.
All rights reserved. The Berkeley software License Agreement
specifies the terms and conditions for redistribution. Unix is
a registered trademark of AT&T corporation. HyperCard and
Macintosh are registered trademarks of Apple Corporation.
[2] M. Rose, Post Office Protocol - Version 3. RFC 1081, NIC,
November 1988.
[3] M. Rose, Post Office Protocol - Version 3 Extended Service
Offerings. RFC 1082, NIC, November 1988.

11
crypto/heimdal/appl/popper/README-FIRST Normal file
View file

@ -0,0 +1,11 @@
This kerberized popper was based on popper-1.831beta
which was later announced as "offical" and not beta.
This program is able to talk both the pop3 and the kpop3 protocol.
Please note that the server principal is pop.hostname and not
rcmd.hostname. I.e an additional entry is needed in your mailhub's
/etc/srvtab. Use ksrvutil to add the extra prinicpal.
The server is usually started from inetd and there is already an entry
for that in inetd.conf.changes.

3
crypto/heimdal/appl/popper/README-KRB4 Normal file
View file

@ -0,0 +1,3 @@
Define KERBEROS if you want support for Kerberos V4 style
authentification, then you will be able to start a kerberise pop with
the `-k' flag.

Some files were not shown because too many files have changed in this diff Show more